diff --git a/windows/security/application-security/application-control/toc.yml b/windows/security/application-security/application-control/toc.yml
index 3a7a1fa706..438d97451c 100644
--- a/windows/security/application-security/application-control/toc.yml
+++ b/windows/security/application-security/application-control/toc.yml
@@ -9,6 +9,8 @@ items:
   items:
   - name: Overview
     href: user-account-control/index.md
+  - name: UAC Architecture
+    href: user-account-control/architecture.md
   - name: How UAC works
     href: user-account-control/how-it-works.md
   - name: UAC settings and configuration
diff --git a/windows/security/application-security/application-control/user-account-control/architecture.md b/windows/security/application-security/application-control/user-account-control/architecture.md
new file mode 100644
index 0000000000..7f33e45173
--- /dev/null
+++ b/windows/security/application-security/application-control/user-account-control/architecture.md
@@ -0,0 +1,129 @@
+---
+title: User Account Control architecture
+description: Learn about the User Account Control (UAC) architecture.
+ms.topic: concept-article
+ms.date: 04/15/2025
+---
+
+# UAC Architecture
+
+The following diagram details the UAC architecture.
+
+:::image type="content" source="images/uac-architecture.gif" alt-text="Diagram that describes the UAC architecture.":::
+
+## User
+
+- **User performs operation requiring privilege**: If the operation changes the file system or registry, Virtualization is called. All other operations call ShellExecute.
+- **ShellExecute**: ShellExecute calls CreateProcess. ShellExecute looks for the `ERROR_ELEVATION_REQUIRED` error from CreateProcess. If it receives the error, ShellExecute calls the Application Information service to attempt to perform the requested task with the elevated prompt.
+- **CreateProcess**: If the application requires elevation, CreateProcess rejects the call with `ERROR_ELEVATION_REQUIRED`.
+
+## System
+
+- **Application Information service**:
+    - A system service that helps start apps that require one or more elevated privileges or user rights to run.
+    - The Application Information service helps start such apps by creating a new process for the application with an administrative user's full access token when elevation is required.
+    - Depending on the configured policies, the user might give consent.
+
+- **Elevating an ActiveX install**:
+    - If ActiveX isn't installed, the system checks the UAC slider level.
+    - If ActiveX is installed, the **User Account Control: Switch to the secure desktop when prompting for elevation** Group Policy setting is checked.
+
+- **Check UAC slider level**: UAC has a slider to select from four levels of notification:
+    - **Always notify** will:
+        - Notify you when programs try to install software or make changes to your computer.
+        - Notify you when you make changes to Windows settings.
+        - Freeze other tasks until you respond.
+        - Recommended if you often install new software or visit unfamiliar websites.
+    - **Notify me only when programs try to make changes to my computer** will:
+        - Notify you when programs try to install software or make changes to your computer.
+        - Not notify you when you make changes to Windows settings.
+        - Freeze other tasks until you respond.
+        - Recommended if you don't often install apps or visit unfamiliar websites.
+    - **Notify me only when programs try to make changes to my computer (do not dim my desktop)** will:
+        - Notify you when programs try to install software or make changes to your computer.
+        - Not notify you when you make changes to Windows settings.
+        - Not freeze other tasks until you respond.
+        - Not recommended. Choose this option only if it takes a long time to dim the desktop on your computer.
+    - **Never notify (Disable UAC prompts)** will:
+        - Not notify you when programs try to install software or make changes to your computer.
+        - Not notify you when you make changes to Windows settings.
+        - Not freeze other tasks until you respond.
+        - Not recommended due to security concerns.
+
+- **Secure desktop enabled**: The **User Account Control: Switch to the secure desktop when prompting for elevation** policy setting is checked:
+    - If the secure desktop is enabled, all elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
+    - If the secure desktop isn't enabled, all elevation requests go to the interactive user's desktop, and the per-user settings for administrators and standard users are used.
+
+- **CreateProcess**:
+    - CreateProcess calls AppCompat, Fusion, and Installer detection to assess if the app requires elevation.
+    - The file is then inspected to determine its requested execution level, which is stored in the application manifest for the file.
+    - CreateProcess fails if the requested execution level specified in the manifest doesn't match the access token and returns an error (ERROR_ELEVATION_REQUIRED) to ShellExecute.
+
+- **AppCompat**:
+    - The AppCompat database stores information in the application compatibility fix entries for an application.
+
+- **Fusion**:
+    - The Fusion database stores information from application manifests that describe the applications.
+    - The manifest schema is updated to add a new requested execution level field.
+
+- **Installer detection**:
+    - Installer detection detects setup files and helps prevent installations from being run without the user's knowledge and consent.
+
+## Kernel
+
+- **Virtualization**: Virtualization technology ensures that noncompliant apps don't silently fail to run or fail in a way that the cause can't be determined. UAC also provides file and registry virtualization and logging for applications that write to protected areas.
+- **File system and registry**: The per-user file and registry virtualization redirects per-computer registry and file write requests to equivalent per-user locations. Read requests are redirected to the virtualized per-user location first and to the per-computer location second.
+
+The slider never turns off UAC completely. If you set it to **Never notify**, it will:
+
+- Keep the UAC service running
+- Cause all elevation request initiated by administrators to be autoapproved without showing a UAC prompt
+- Automatically deny all elevation requests for standard users
+
+> [!IMPORTANT]
+> In order to fully disable UAC, you must disable the policy **User Account Control: Run all administrators in Admin Approval Mode**. Some Universal Windows Platform apps might not work when UAC is disabled.
+
+## Virtualization
+
+Because system administrators in enterprise environments attempt to secure systems, many line-of-business (LOB) applications are designed to use only a standard user access token. As a result, you don't need to replace most apps when UAC is turned on.
+
+Windows includes file and registry virtualization technology for apps that aren't UAC-compliant and that requires an administrator's access token to run correctly. When an administrative app that isn't UAC-compliant attempts to write to a protected folder, such as *Program Files*, UAC gives the app its own virtualized view of the resource it's attempting to change. The virtualized copy is maintained in the user's profile. This strategy creates a separate copy of the virtualized file for each user that runs the noncompliant app.
+
+Most app tasks operate properly by using virtualization features. Although virtualization allows most applications to run, it's a short-term fix and not a long-term solution. App developers should modify their apps to be compliant as soon as possible, rather than relying on file, folder, and registry virtualization.
+
+Virtualization isn't an option in the following scenarios:
+
+- Virtualization doesn't apply to apps that are elevated and run with a full administrative access token
+- Virtualization supports only 32-bit apps. Nonelevated 64-bit apps receive an access denied message when they attempt to acquire a handle (a unique identifier) to a Windows object. Native Windows 64-bit apps are required to be compatible with UAC and to write data into the correct locations
+- Virtualization is disabled if the app includes an app manifest with a requested execution level attribute
+
+## Request execution levels
+
+An app manifest is an XML file that describes and identifies the shared and private side-by-side assemblies that an app should bind to at run time. The app manifest includes entries for UAC app compatibility purposes. Administrative apps that include an entry in the app manifest prompt the user for permission to access the user's access token. Although they lack an entry in the app manifest, most administrative app can run without modification by using app compatibility fixes. App compatibility fixes are database entries that enable applications that aren't UAC-compliant to work properly.
+
+All UAC-compliant apps should have a requested execution level added to the application manifest. If the application requires administrative access to the system, marking the app with a requested execution level of *require administrator* ensures that the system identifies this program as an administrative app, and performs the necessary elevation steps. Requested execution levels specify the privileges required for an app.
+
+## Installer detection technology
+
+Installation programs are apps designed to deploy software. Most installation programs write to system directories and registry keys. These protected system locations are typically writeable only by an administrator in Installer detection technology, which means that standard users don't have sufficient access to install programs. Windows heuristically detects installation programs and requests administrator credentials or approval from the administrator user in order to run with access privileges. Windows also heuristically detects updates and programs that uninstall applications. One of the design goals of UAC is to prevent installations from being run without the user's knowledge and consent because installation programs write to protected areas of the file system and registry.
+
+Installer detection only applies to:
+
+- 32-bit executable files
+- Applications without a requested execution level attribute
+- Interactive processes running as a standard user with UAC enabled
+
+Before a 32-bit process is created, the following attributes are checked to determine whether it's an installer:
+
+- File name includes keywords such as "install," "setup," or "update."
+- Versioning Resource fields contain the following keywords: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.
+- Keywords in the side-by-side manifest are embedded in the executable file.
+- Keywords in specific StringTable entries are linked in the executable file.
+- Key attributes in the resource script data are linked in the executable file.
+- Executable file contains targeted sequences of bytes.
+
+> [!NOTE]
+> The keywords and sequences of bytes were derived from common characteristics observed from various installer technologies.
+
+> [!NOTE]
+> The *User Account Control: Detect application installations and prompt for elevation* policy must be enabled for installer detection to detect installation programs. For more information, see [User Account Control settings list](settings-and-configuration.md#user-account-control-settings-list).
\ No newline at end of file
diff --git a/windows/security/application-security/application-control/user-account-control/how-it-works.md b/windows/security/application-security/application-control/user-account-control/how-it-works.md
index 628efba7cf..0d85a5660e 100644
--- a/windows/security/application-security/application-control/user-account-control/how-it-works.md
+++ b/windows/security/application-security/application-control/user-account-control/how-it-works.md
@@ -2,7 +2,7 @@
 title: How User Account Control works
 description: Learn about User Account Control (UAC) components and how it interacts with the end users.
 ms.topic: concept-article
-ms.date: 03/26/2024
+ms.date: 04/15/2025
 ---
 
 # How User Account Control works
@@ -34,8 +34,8 @@ When a user signs in, the system creates an access token for that user. The acce
 When an administrator logs on, two separate access tokens are created for the user: a *standard user access token* and an *administrator access token*. The standard user access token:
 
 - Contains the same user-specific information as the administrator access token, but the administrative Windows privileges and SIDs are removed
-- It's used to start applications that don't perform administrative tasks (standard user apps)
-- It's used to display the desktop by executing the process *explorer.exe*. Explorer.exe is the parent process from which all other user-initiated processes inherit their access token. As a result, all apps run as a standard user unless a user provides consent or credentials to approve an app to use a full administrative access token
+- Is used to start applications that don't perform administrative tasks (standard user apps)
+- Is used to display the desktop by executing the process *explorer.exe*. Explorer.exe is the parent process from which all other user-initiated processes inherit their access token. As a result, all apps run as a standard user unless a user provides consent or credentials to approve an app to use a full administrative access token
 
 A user that is a member of the Administrators group can sign in, browse the Web, and read e-mail while using a standard user access token. When the administrator needs to perform a task that requires the administrator access token, Windows automatically prompts the user for approval. This prompt is called an *elevation prompt*, and its behavior can be configured via policy or registry.
 
@@ -91,105 +91,8 @@ The elevation process is further secured by directing the prompt to the *secure
 When an executable file requests elevation, the *interactive desktop*, also called the *user desktop*, is switched to the secure desktop. The secure desktop dims the user desktop and displays an elevation prompt that must be responded to before continuing. When the user selects **Yes** or **No**, the desktop switches back to the user desktop.
 
 > [!NOTE]
-> Starting in **Windows Server 2019**, it's not possible to paste the content of the clipboard on the secure desktop. This is the same behavior of the currently supported Windows client OS versions.
+> Starting in **Windows Server 2019**, it's not possible to paste the content of the clipboard on the secure desktop. This behavior is the same as the currently supported Windows client OS versions.
 
 Malware can present an imitation of the secure desktop, but when the **User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode** policy setting is set to **Prompt for consent**, the malware doesn't gain elevation if the user selects **Yes** on the imitation. If the policy setting is set to **Prompt for credentials**, malware imitating the credential prompt might be able to gather the credentials from the user. However, the malware doesn't gain elevated privilege and the system has other protections that mitigate malware from taking control of the user interface even with a harvested password.
 
 While malware could present an imitation of the secure desktop, this issue can't occur unless a user previously installed the malware on the PC. Because processes requiring an administrator access token can't silently install when UAC is enabled, the user must explicitly provide consent by selecting **Yes** or by providing administrator credentials. The specific behavior of the UAC elevation prompt is dependent upon security policies.
-
-## UAC Architecture
-
-The following diagram details the UAC architecture.
-
-:::image type="content" source="images/uac-architecture.gif" alt-text="Diagram that describes the UAC architecture.":::
-
-To better understand each component, review the following tables:
-
-### User
-
-|Component|Description|
-|--- |--- |
-|User performs operation requiring privilege|If the operation changes the file system or registry, Virtualization is called. All other operations call ShellExecute.|
-|ShellExecute|ShellExecute calls CreateProcess. ShellExecute looks for the ERROR_ELEVATION_REQUIRED error from CreateProcess. If it receives the error, ShellExecute calls the Application Information service to attempt to perform the requested task with the elevated prompt.|
-|CreateProcess|If the application requires elevation, CreateProcess rejects the call with ERROR_ELEVATION_REQUIRED.|
-
-### System
-
-|Component|Description|
-|--- |--- |
-|Application Information service|A system service that helps start apps that require one or more elevated privileges or user rights to run, such as local administrative tasks, and apps that require higher integrity levels. The Application Information service helps start such apps by creating a new process for the application with an administrative user's full access token when elevation is required. Depending on the configured policies, the user might give consent.|
-|Elevating an ActiveX install|If ActiveX isn't installed, the system checks the UAC slider level. If ActiveX is installed, the **User Account Control: Switch to the secure desktop when prompting for elevation** Group Policy setting is checked.|
-|Check UAC slider level|UAC has a slider to select from four levels of notification.<ul><li>**Always notify** will:<ul><li>Notify you when programs try to install software or make changes to your computer.</li><li>Notify you when you make changes to Windows settings.</li><li>Freeze other tasks until you respond.</li></ul>Recommended if you often install new software or visit unfamiliar websites.<br></li><li>**Notify me only when programs try to make changes to my computer** will:<ul><li>Notify you when programs try to install software or make changes to your computer.</li><li>Not notify you when you make changes to Windows settings.</li><li>Freeze other tasks until you respond.</li></ul>Recommended if you don't often install apps or visit unfamiliar websites.<br></li><li>**Notify me only when programs try to make changes to my computer (do not dim my desktop)** will:<ul><li>Notify you when programs try to install software or make changes to your computer.</li><li>Not notify you when you make changes to Windows settings.</li><li>Not freeze other tasks until you respond.</li></ul>Not recommended. Choose this only if it takes a long time to dim the desktop on your computer.<br></li><li>**Never notify (Disable UAC prompts)** will:<ul><li>Not notify you when programs try to install software or make changes to your computer.</li><li>Not notify you when you make changes to Windows settings.</li><li>Not freeze other tasks until you respond.</li></ul>Not recommended due to security concerns.|
-|Secure desktop enabled|The **User Account Control: Switch to the secure desktop when prompting for elevation** policy setting is checked: <ul><li>If the secure desktop is enabled, all elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.</li><li>If the secure desktop isn't enabled, all elevation requests go to the interactive user's desktop, and the per-user settings for administrators and standard users are used.|
-|CreateProcess|CreateProcess calls AppCompat, Fusion, and Installer detection to assess if the app requires elevation. The file is then inspected to determine its requested execution level, which is stored in the application manifest for the file. CreateProcess fails if the requested execution level specified in the manifest doesn't match the access token and returns an error (ERROR_ELEVATION_REQUIRED) to ShellExecute.|
-|AppCompat|The AppCompat database stores information in the application compatibility fix entries for an application.|
-|Fusion|The Fusion database stores information from application manifests that describe the applications. The manifest schema is updated to add a new requested execution level field.|
-|Installer detection|Installer detection detects setup files, which helps prevent installations from being run without the user's knowledge and consent.|
-
-### Kernel
-
-|Component|Description|
-|--- |--- |
-|Virtualization|Virtualization technology ensures that noncompliant apps don't silently fail to run or fail in a way that the cause can't be determined. UAC also provides file and registry virtualization and logging for applications that write to protected areas.|
-|File system and registry|The per-user file and registry virtualization redirects per-computer registry and file write requests to equivalent per-user locations. Read requests are redirected to the virtualized per-user location first and to the per-computer location second.|
-
-The slider never turns off UAC completely. If you set it to **Never notify**, it will:
-
-- Keep the UAC service running
-- Cause all elevation request initiated by administrators to be autoapproved without showing a UAC prompt
-- Automatically deny all elevation requests for standard users
-
-> [!IMPORTANT]
-> In order to fully disable UAC you must disable the policy **User Account Control: Run all administrators in Admin Approval Mode**.
-
-> [!WARNING]
-> Some Universal Windows Platform apps may not work when UAC is disabled.
-
-### Virtualization
-
-Because system administrators in enterprise environments attempt to secure systems, many line-of-business (LOB) applications are designed to use only a standard user access token. As a result, you don't need to replace most apps when UAC is turned on.
-
-Windows includes file and registry virtualization technology for apps that aren't UAC-compliant and that requires an administrator's access token to run correctly. When an administrative app that isn't UAC-compliant attempts to write to a protected folder, such as *Program Files*, UAC gives the app its own virtualized view of the resource it's attempting to change. The virtualized copy is maintained in the user's profile. This strategy creates a separate copy of the virtualized file for each user that runs the noncompliant app.
-
-Most app tasks operate properly by using virtualization features. Although virtualization allows most applications to run, it's a short-term fix and not a long-term solution. App developers should modify their apps to be compliant as soon as possible, rather than relying on file, folder, and registry virtualization.
-
-Virtualization isn't an option in the following scenarios:
-
-- Virtualization doesn't apply to apps that are elevated and run with a full administrative access token
-- Virtualization supports only 32-bit apps. Nonelevated 64-bit apps receive an access denied message when they attempt to acquire a handle (a unique identifier) to a Windows object. Native Windows 64-bit apps are required to be compatible with UAC and to write data into the correct locations
-- Virtualization is disabled if the app includes an app manifest with a requested execution level attribute
-
-### Request execution levels
-
-An app manifest is an XML file that describes and identifies the shared and private side-by-side assemblies that an app should bind to at run time. The app manifest includes entries for UAC app compatibility purposes. Administrative apps that include an entry in the app manifest prompt the user for permission to access the user's access token. Although they lack an entry in the app manifest, most administrative app can run without modification by using app compatibility fixes. App compatibility fixes are database entries that enable applications that aren't UAC-compliant to work properly.
-
-All UAC-compliant apps should have a requested execution level added to the application manifest. If the application requires administrative access to the system, marking the app with a requested execution level of *require administrator* ensures that the system identifies this program as an administrative app, and performs the necessary elevation steps. Requested execution levels specify the privileges required for an app.
-
-### Installer detection technology
-
-Installation programs are apps designed to deploy software. Most installation programs write to system directories and registry keys. These protected system locations are typically writeable only by an administrator in Installer detection technology, which means that standard users don't have sufficient access to install programs. Windows heuristically detects installation programs and requests administrator credentials or approval from the administrator user in order to run with access privileges. Windows also heuristically detects updates and programs that uninstall applications. One of the design goals of UAC is to prevent installations from being run without the user's knowledge and consent because installation programs write to protected areas of the file system and registry.
-
-Installer detection only applies to:
-
-- 32-bit executable files
-- Applications without a requested execution level attribute
-- Interactive processes running as a standard user with UAC enabled
-
-Before a 32-bit process is created, the following attributes are checked to determine whether it's an installer:
-
-- The file name includes keywords such as "install," "setup," or "update."
-- Versioning Resource fields contain the following keywords: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.
-- Keywords in the side-by-side manifest are embedded in the executable file.
-- Keywords in specific StringTable entries are linked in the executable file.
-- Key attributes in the resource script data are linked in the executable file.
-- There are targeted sequences of bytes within the executable file.
-
-> [!NOTE]
-> The keywords and sequences of bytes were derived from common characteristics observed from various installer technologies.
-
-> [!NOTE]
-> The *User Account Control: Detect application installations and prompt for elevation* policy must be enabled for installer detection to detect installation programs. For more information, see [User Account Control settings list](settings-and-configuration.md#user-account-control-settings-list).
-
-## Next steps
-
-Learn more about [User Account Control settings and configuration](settings-and-configuration.md).
diff --git a/windows/security/application-security/application-control/user-account-control/index.md b/windows/security/application-security/application-control/user-account-control/index.md
index 1b697ee8ba..67e991df66 100644
--- a/windows/security/application-security/application-control/user-account-control/index.md
+++ b/windows/security/application-security/application-control/user-account-control/index.md
@@ -2,7 +2,7 @@
 title: User Account Control
 description: Learn how User Account Control (UAC) helps to prevent unauthorized changes to Windows devices.
 ms.topic: overview
-ms.date: 03/26/2024
+ms.date: 04/15/2025
 ---
 
 # User Account Control overview
diff --git a/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md b/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md
index 68d64ea7fe..a59379dc67 100644
--- a/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md
+++ b/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md
@@ -1,7 +1,7 @@
 ---
 title: User Account Control settings and configuration
 description: Learn about the User Account Control settings and how to configure them via Intune, CSP, group policy, and registry.
-ms.date: 03/26/2024
+ms.date: 04/15/2025
 ms.topic: how-to
 ---
 
@@ -9,35 +9,74 @@ ms.topic: how-to
 
 ## User Account Control settings list
 
-The following table lists the available settings to configure the UAC behavior, and their default values.
+The following list shows the available settings to configure the UAC behavior, and their default values.
 
-|Setting name| Description|
-|-|-|
-|Admin Approval Mode for the Built-in Administrator account|Controls the behavior of Admin Approval Mode for the built-in Administrator account.<br><br>**Enabled**: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege prompts the user to approve the operation.<br>**Disabled (default)**: The built-in Administrator account runs all applications with full administrative privilege.|
-|Allow UIAccess applications to prompt for elevation without using the secure desktop|Controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.<br><br>**Enabled**: UIA programs, including Remote Assistance, automatically disable the secure desktop for elevation prompts. If you don't disable the **Switch to the secure desktop when prompting for elevation** policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop. This setting allows the remote administrator to provide the appropriate credentials for elevation. This policy setting doesn't change the behavior of the UAC elevation prompt for administrators. If you plan to enable this policy setting, you should also review the effect of the **Behavior of the elevation prompt for standard users** policy setting: if it's' configured as **Automatically deny elevation requests**, elevation requests aren't presented to the user.<br>**Disabled (default)**: The secure desktop can be disabled only by the user of the interactive desktop or by disabling the **Switch to the secure desktop when prompting for elevation** policy setting.|
-|Behavior of the elevation prompt for administrators in Admin Approval Mode|Controls the behavior of the elevation prompt for administrators.<br><br>**Elevate without prompting**: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. **Use this option only in the most constrained environments**.<br>**Prompt for credentials on the secure desktop**: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.<br>**Prompt for consent on the secure desktop**: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.<br>**Prompt for credentials**: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.<br>**Prompt for consent**: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.<br>**Prompt for consent for non-Windows binaries (default)**: When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.|
-|Behavior of the elevation prompt for standard users|Controls the behavior of the elevation prompt for standard users.<br><br>**Prompt for credentials (default)**: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.<br>**Automatically deny elevation requests**: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.<br>**Prompt for credentials on the secure desktop** When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.|
-|Detect application installations and prompt for elevation|Controls the behavior of application installation detection for the computer.<br><br>**Enabled (default)**: When an app installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.<br>**Disabled**: App installation packages aren't detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies, such as Microsoft Intune, should disable this policy setting. In this case, installer detection is unnecessary. |
-|Only elevate executables that are signed and validated|Enforces signature checks for any interactive applications that request elevation of privilege. IT admins can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local devices.<br><br>**Enabled**: Enforces the certificate certification path validation for a given executable file before it's permitted to run.<br>**Disabled (default)**: Doesn't enforce the certificate certification path validation before a given executable file is permitted to run.|
-|Only elevate UIAccess applications that are installed in secure locations|Controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following folders:<br>- `%ProgramFiles%`, including subfolders<br>- `%SystemRoot%\system32\`<br>- `%ProgramFiles(x86)%`, including subfolders<br><br><br>**Enabled (default)**: If an app resides in a secure location in the file system, it runs only with UIAccess integrity.<br>**Disabled**: An app runs with UIAccess integrity even if it doesn't reside in a secure location in the file system.<br><br>**Note:** Windows enforces a digital signature check on any interactive apps that requests to run with a UIAccess integrity level regardless of the state of this setting.|
-|Run all administrators in Admin Approval Mode|Controls the behavior of all UAC policy settings.<br><br>**Enabled (default)**: Admin Approval Mode is enabled. This policy must be enabled and related UAC settings configured. The policy allows the built-in Administrator account and members of the Administrators group to run in Admin Approval Mode.<br>**Disabled**: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, **Windows Security** notifies you that the overall security of the operating system is reduced.|
-|Switch to the secure desktop when prompting for elevation|This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop.<br><br>**Enabled (default)**: All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.<br>**Disabled**: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.|
-|Virtualize File And Registry Write Failures To Per User Locations|Controls whether application write failures are redirected to defined registry and file system locations. This setting mitigates applications that run as administrator and write run-time application data to `%ProgramFiles%`, `%Windir%`, `%Windir%\system32`, or `HKLM\Software`.<br><br>**Enabled (default)**: App write failures are redirected at run time to defined user locations for both the file system and registry.<br>**Disabled**: Apps that write data to protected locations fail.|
+- **Admin Approval Mode for the built-in Administrator account**: Controls the behavior of Admin Approval Mode for the built-in Administrator account.
+    - **Enabled**: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege prompts the user to prove the operation.
+    - **Disabled (default)**: The built-in Administrator account runs all applications with full administrative privilege.
+
+- **Allow UIAccess applications to prompt for elevation without using the secure desktop**: Controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.
+    - **Enabled**: UIA programs, including Remote Assistance, automatically disable the secure desktop for elevation prompts. If you don't disable the **Switch to the secure desktop when prompting for elevation** policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop. This setting allows the remote administrator to provide the appropriate credentials for elevation. This policy setting doesn't change the behavior of the UAC elevation prompt for administrators. If you plan to enable this policy setting, you should also review the effect of the **Behavior of the elevation prompt for standard users** policy setting; if configured as **Automatically deny elevation requests**, elevation requests aren't presented to the user.
+    - **Disabled (default)**: The secure desktop can be disabled only by the user of the interactive desktop or by disabling the **Switch to the secure desktop when prompting for elevation** policy setting.
+
+- **Behavior of the elevation prompt for administrators in Admin Approval Mode**: Controls the behavior of the elevation prompt for administrators.
+    - **Elevate without prompting**: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. **Use this option only in the most constrained environments**.
+    - **Prompt for credentials on the secure desktop**: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.
+    - **Prompt for consent on the secure desktop**: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+    - **Prompt for credentials**: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+    - **Prompt for consent**: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+    - **Prompt for consent for non-Windows binaries (default)**: When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+
+- **Behavior of the elevation prompt for standard users**: Controls the behavior of the elevation prompt for standard users.
+    - **Prompt for credentials (default)**: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+    - **Automatically deny elevation requests**: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user might choose this setting to reduce help desk calls.
+    - **Prompt for credentials on the secure desktop**: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+
+- **Detect application installations and prompt for elevation**: Controls the behavior of application installation detection for the computer.
+    - **Enabled (default)**: When an app installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+    - **Disabled**: App installation packages aren't detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies, such as Microsoft Intune, should disable this policy setting. In this case, installer detection is unnecessary.
+
+- **Only elevate executables that are signed and validated**: Enforces signature checks for any interactive applications that request elevation of privilege. IT admins can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local devices.
+    - **Enabled**: Enforces the certificate certification path validation for a given executable file before it's permitted to run.
+    - **Disabled (default)**: Doesn't enforce the certificate certification path validation before a given executable file is permitted to run.
+
+- **Only elevate UIAccess applications that are installed in secure locations**: Controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system.
+
+    - **Enabled (default)**: If an app resides in a secure location in the file system, it runs only with UIAccess integrity.
+    - **Disabled**: An app runs with UIAccess integrity even if it doesn't reside in a secure location in the file system.
+
+    Secure locations are limited to the following folders:
+    - `%ProgramFiles%`, including subfolders
+    - `%SystemRoot%\system32\`
+    - `%ProgramFiles(x86)%`, including subfolders
+
+    > [!NOTE]
+    > Windows enforces a digital signature check on any interactive apps that request to run with a UIAccess integrity level regardless of the state of this setting.
+
+- **Run all administrators in Admin Approval Mode**: Controls the behavior of all UAC policy settings.
+    - **Enabled (default)**: Admin Approval Mode is enabled. This policy must be enabled and related UAC settings configured. The policy allows the built-in Administrator account and members of the Administrators group to run in Admin Approval Mode.
+    - **Disabled**: Admin Approval Mode and all related UAC policy settings are disabled. **Note:** If this policy setting is disabled, **Windows Security** notifies you that the overall security of the operating system is reduced.
+
+- **Switch to the secure desktop when prompting for elevation**: This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop.
+    - **Enabled (default)**: All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
+    - **Disabled**: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
+
+- **Virtualize File And Registry Write Failures To Per User Locations**: Controls whether application write failures are redirected to defined registry and file system locations. This setting mitigates applications that run as administrator and write run-time application data to `%ProgramFiles%`, `%Windir%`, `%Windir%\system32`, or `HKLM\Software`.
+    - **Enabled (default)**: App write failures are redirected at run time to defined user locations for both the file system and registry.
+    - **Disabled**: Apps that write data to protected locations fail.
 
 ## User Account Control configuration
 
 To configure UAC, you can use:
 
-- Microsoft Intune/MDM
+- Microsoft Intune
+- CSP
 - Group policy
 - Registry
 
 The following instructions provide details how to configure your devices. Select the option that best suits your needs.
 
-
-#### [:::image type="icon" source="../../../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)
-
-### Configure UAC with a Settings catalog policy
+#### [:::image type="icon" source="../../../images/icons/intune.svg"::: **Intune**](#tab/intune)
 
 To configure devices using Microsoft Intune, [create a **Settings catalog** policy][MEM-2], and use the settings listed under the category **`Local Policies Security Options`**:
 
@@ -45,21 +84,23 @@ To configure devices using Microsoft Intune, [create a **Settings catalog** poli
 
 Assign the policy to a security group that contains as members the devices or users that you want to configure.
 
-Alternatively, you can configure devices using a [custom policy][MEM-1] with the [LocalPoliciesSecurityOptions Policy CSP][WIN-1].\
-The policy settings are located under: `./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions`.
+#### [:::image type="icon" source="../../../images/icons/csp.svg"::: **CSP**](#tab/csp)
+
+You can configure devices using the [LocalPoliciesSecurityOptions Policy CSP][WIN-1].
+
+|Setting|CSP Name|
+|--|--|
+| Admin Approval Mode for the built-in Administrator account |  `UserAccountControl_UseAdminApprovalMode`|
+| Allow UIAccess applications to prompt for elevation without using the secure desktop | `UserAccountControl_AllowUIAccessApplicationsToPromptForElevation` |
+| Behavior of the elevation prompt for administrators in Admin Approval Mode |  `UserAccountControl_BehaviorOfTheElevationPromptForAdministrators`|
+| Behavior of the elevation prompt for standard users | `UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers`|
+| Detect application installations and prompt for elevation | `UserAccountControl_DetectApplicationInstallationsAndPromptForElevation`|
+| Only elevate executables that are signed and validated | `UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated`|
+| Only elevate UIAccess applications that are installed in secure locations | `UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations`|
+| Run all administrators in Admin Approval Mode | `UserAccountControl_RunAllAdministratorsInAdminApprovalMode`|
+| Switch to the secure desktop when prompting for elevation | `UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation`|
+| Virtualize file and registry write failures to per-user locations | `UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations`|
 
-|Setting|
-| - |
-| **Setting name**: Admin Approval Mode for the built-in Administrator account<br>**Policy CSP name**: `UserAccountControl_UseAdminApprovalMode`|
-| **Setting name**: Allow UIAccess applications to prompt for elevation without using the secure desktop<br>**Policy CSP name**: `UserAccountControl_AllowUIAccessApplicationsToPromptForElevation`|
-| **Setting name**: Behavior of the elevation prompt for administrators in Admin Approval Mode<br>**Policy CSP name**: `UserAccountControl_BehaviorOfTheElevationPromptForAdministrators`|
-| **Setting name**: Behavior of the elevation prompt for standard users<br>**Policy CSP name**: `UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers`|
-| **Setting name**: Detect application installations and prompt for elevation<br>**Policy CSP name**: `UserAccountControl_DetectApplicationInstallationsAndPromptForElevation`|
-| **Setting name**: Only elevate executables that are signed and validated<br>**Policy CSP name**: `UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated`|
-| **Setting name**: Only elevate UIAccess applications that are installed in secure locations<br>**Policy CSP name**: `UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations`|
-| **Setting name**: Run all administrators in Admin Approval Mode<br>**Policy CSP name**: `UserAccountControl_RunAllAdministratorsInAdminApprovalMode`|
-| **Setting name**: Switch to the secure desktop when prompting for elevation<br>**Policy CSP name**: `UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation`|
-| **Setting name**: Virtualize file and registry write failures to per-user locations<br>**Policy CSP name**: `UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations`|
 
 #### [:::image type="icon" source="../../../images/icons/group-policy.svg" border="false"::: **GPO**](#tab/gpo)
 
diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md
index e5279d14fa..eba85460a3 100644
--- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -2,7 +2,7 @@
 title: Configure the Group Policy settings for Microsoft Defender Application Guard
 description: Learn about the available Group Policy settings for Microsoft Defender Application Guard.
 ms.localizationpriority: medium
-ms.date: 07/11/2024
+ms.date: 04/15/2025
 ms.topic: how-to
 ---
 
diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/faq-md-app-guard.yml b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/faq-md-app-guard.yml
index b539097c6d..44b5520fb7 100644
--- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/faq-md-app-guard.yml
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/faq-md-app-guard.yml
@@ -4,7 +4,7 @@ metadata:
   description: Learn about the commonly asked questions and answers for Microsoft Defender Application Guard.
   ms.localizationpriority: medium
   ms.topic: faq
-  ms.date: 07/11/2024
+  ms.date: 04/15/2025
 title: Frequently asked questions - Microsoft Defender Application Guard
 summary: |
 
diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md
index beefaa14bb..bb5ff36758 100644
--- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md
@@ -1,7 +1,7 @@
 ---
 title: Enable hardware-based isolation for Microsoft Edge
 description: Learn about the Microsoft Defender Application Guard modes (Standalone or Enterprise-managed), and how to install Application Guard in your enterprise.
-ms.date: 07/11/2024
+ms.date: 04/15/2025
 ms.topic: how-to
 ---
 
diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md
index 436c24ff57..b7940c3f12 100644
--- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender Application Guard
 description: Learn about Microsoft Defender Application Guard and how it helps combat malicious content and malware out on the Internet.
-ms.date: 07/11/2024
+ms.date: 04/15/2025
 ms.topic: overview
 ---
 
diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md
index fcf8fe4d0b..6df2f54a3d 100644
--- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md
@@ -3,7 +3,7 @@ title: System requirements for Microsoft Defender Application Guard
 description: Learn about the system requirements for installing and running Microsoft Defender Application Guard.
 ms.topic: overview
 ms.localizationpriority: medium
-ms.date: 07/11/2024
+ms.date: 04/15/2025
 ---
 
 # System requirements for Microsoft Defender Application Guard
diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
index 9fdffea69e..36142f63f9 100644
--- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
@@ -2,7 +2,7 @@
 title: Testing scenarios with Microsoft Defender Application Guard
 description: Suggested testing scenarios for Microsoft Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode.
 ms.localizationpriority: medium
-ms.date: 07/11/2024
+ms.date: 04/15/2025
 ms.topic: article
 ---
 
diff --git a/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md b/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md
index 0e940b9215..bf2f9765dd 100644
--- a/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md
+++ b/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md
@@ -2,7 +2,7 @@
 title: Microsoft Pluton security processor
 description: Learn more about Microsoft Pluton security processor
 ms.topic: article
-ms.date: 07/10/2024
+ms.date: 04/15/2025
 ---
 
 # Microsoft Pluton security processor
@@ -23,19 +23,19 @@ Pluton is built on proven technology used in Xbox and Azure Sphere, and provides
 
 Pluton is built with the goal of providing customers with better end-to-end security experiences. It does so by doing three things:
 
-1. **Zero-trust security and reliability**: Customer security scenarios often span devices and cloud services. Windows PCs and services like Microsoft Entra and Intune need to work harmoniously together to provide frictionless security. Pluton is designed, built and maintained in close collaboration with teams across Microsoft to ensure that customers get both high security and reliability.
-1. **Innovation**: Pluton platform and the functionality it provides is informed by customer feedback and Microsoft’s threat intelligence. As an example, Pluton platforms in 2024 AMD and Intel systems will start to use a Rust-based firmware foundation given the importance of memory safety.
-1. **Continuous improvement**: Pluton platform supports loading new firmware delivered through operating system updates. This functionality is supported alongside the typical mechanism of UEFI capsule updates that update the Pluton firmware that is resident on the system’s SPI flash and loaded during early system boot. The additional support for dynamically loading valid new Pluton firmware through operating system updates facilitates continuous improvements both for bug fixes and new features.
-   
+1. **Zero-trust security and reliability**: Customer security scenarios often span devices and cloud services. Windows PCs and services like Microsoft Entra and Intune need to work harmoniously together to provide frictionless security. Pluton is designed, built, and maintained in close collaboration with teams across Microsoft to ensure that customers get both high security and reliability.
+1. **Innovation**: Pluton platform and the functionality it provides is informed by customer feedback and Microsoft's threat intelligence. As an example, Pluton platforms in 2024 AMD and Intel systems will start to use a Rust-based firmware foundation given the importance of memory safety.
+1. **Continuous improvement**: Pluton platform supports loading new firmware delivered through operating system updates. This functionality is supported alongside the typical mechanism of UEFI capsule updates that update the Pluton firmware that is resident on the system's SPI flash and loaded during early system boot. The additional support for dynamically loading valid new Pluton firmware through operating system updates facilitates continuous improvements both for bug fixes and new features.
+
 ### A practical example: zero-trust security with device-based conditional access policies
 
-An increasingly important zero-trust workflow is conditional access – gating access to resources like Sharepoint documents based on verifying whether requests are coming from a valid, healthy source. Microsoft Intune, for example, supports different workflows for conditional access including [device-based conditional access](/mem/intune/protect/create-conditional-access-intune) which allows organizations to set policies that ensure that managed devices are healthy and compliant before granting access to the organization’s apps and services. 
+An increasingly important zero-trust workflow is conditional access – gating access to resources like Sharepoint documents based on verifying whether requests are coming from a valid, healthy source. Microsoft Intune, for example, supports different workflows for conditional access including [device-based conditional access](/mem/intune/protect/create-conditional-access-intune) which allows organizations to set policies that ensure that managed devices are healthy and compliant before granting access to the organization's apps and services.
 
-To ensure that Intune gets an accurate picture about the device’s health as part of enforcing these policies, ideally it has tamper-resistant logs on the state of the relevant security capabilities. This is where hardware security is critical as any malicious software running on the device could attempt to provide false signals to the service. One of the core benefits of a hardware security technology like the TPM, is that it has a tamper-resistant log of the state of the system. Services can cryptographically validate that logs and the associated system state reported by the TPM truly come from the TPM. 
+To ensure that Intune gets an accurate picture about the device's health as part of enforcing these policies, ideally it has tamper-resistant logs on the state of the relevant security capabilities. This is where hardware security is critical as any malicious software running on the device could attempt to provide false signals to the service. One of the core benefits of a hardware security technology like the TPM, is that it has a tamper-resistant log of the state of the system. Services can cryptographically validate that logs and the associated system state reported by the TPM truly come from the TPM.
 
-For the end-to-end scenario to be truly successful at scale, the hardware-based security is not enough. Since access to enterprise assets is being gated based on security settings that are being reported by the TPM logs, it is critical that these logs are available reliably. Zero-trust security essentially requires high reliability. 
+For the end-to-end scenario to be truly successful at scale, the hardware-based security isn't enough. Since access to enterprise assets is being gated based on security settings that are being reported by the TPM logs, it's critical that these logs are available reliably. Zero-trust security essentially requires high reliability.
 
-With Pluton, when it is configured as the TPM for the system, customers using conditional access get the benefits of Pluton’s security architecture and implementation with the reliability that comes from the tight integration and collaboration between Pluton and other Microsoft components and services.
+With Pluton, when it's configured as the TPM for the system, customers using conditional access get the benefits of Pluton's security architecture and implementation with the reliability that comes from the tight integration and collaboration between Pluton and other Microsoft components and services.
 
 
 ## Microsoft Pluton security architecture overview
diff --git a/windows/security/hardware-security/pluton/pluton-as-tpm.md b/windows/security/hardware-security/pluton/pluton-as-tpm.md
index c73773ce96..e9d6ccde39 100644
--- a/windows/security/hardware-security/pluton/pluton-as-tpm.md
+++ b/windows/security/hardware-security/pluton/pluton-as-tpm.md
@@ -2,7 +2,7 @@
 title: Microsoft Pluton as Trusted Platform Module (TPM 2.0)
 description: Learn more about Microsoft Pluton security processor as Trusted Platform Module (TPM 2.0)
 ms.topic: article
-ms.date: 07/10/2024
+ms.date: 04/15/2025
 ---
 
 # Microsoft Pluton as Trusted Platform Module
diff --git a/windows/security/images/icons/csp.svg b/windows/security/images/icons/csp.svg
new file mode 100644
index 0000000000..6baa611d0f
--- /dev/null
+++ b/windows/security/images/icons/csp.svg
@@ -0,0 +1,10 @@
+<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_461_479)">
+<path d="M9.01098 0.225006C9.67158 0.23262 10.3296 0.30894 10.9743 0.452742C11.2558 0.515517 11.4663 0.750165 11.4982 1.03677L11.6514 2.41094C11.7208 3.04188 12.2535 3.51976 12.8885 3.52043C13.0593 3.5207 13.2281 3.48515 13.3859 3.41535L14.6464 2.86161C14.9086 2.74644 15.215 2.80923 15.4106 3.01826C16.3216 3.99118 17 5.15804 17.3949 6.43103C17.4801 6.70553 17.3821 7.00383 17.1508 7.17436L16.0334 7.99795C15.7146 8.23213 15.5264 8.60401 15.5264 8.99956C15.5264 9.39502 15.7146 9.7669 16.0341 10.0016L17.1524 10.8255C17.3838 10.9959 17.4819 11.2943 17.3967 11.5689C17.002 12.8417 16.3239 14.0084 15.4135 14.9815C15.218 15.1905 14.9119 15.2535 14.6498 15.1385L13.3841 14.5841C13.0219 14.4256 12.6061 14.4488 12.2639 14.6466C11.9217 14.8443 11.694 15.1931 11.6505 15.5859L11.4983 16.96C11.4669 17.2433 11.261 17.4764 10.9836 17.5424C9.68004 17.8525 8.32185 17.8525 7.01823 17.5424C6.74092 17.4764 6.53495 17.2433 6.50356 16.96L6.35162 15.588C6.30699 15.1959 6.07891 14.8482 5.73698 14.6511C5.39506 14.454 4.97988 14.4309 4.61898 14.5885L3.35301 15.143C3.0908 15.258 2.78463 15.195 2.5891 14.9858C1.67816 14.0117 1.00007 12.8435 0.605881 11.5693C0.520975 11.2949 0.619075 10.9967 0.850366 10.8264L1.96936 10.002C2.28809 9.7678 2.47632 9.39592 2.47632 9.00046C2.47632 8.60491 2.28809 8.23303 1.96894 7.99858L0.850645 7.17557C0.619021 7.00511 0.520831 6.70661 0.606034 6.43193C1.00091 5.15894 1.67935 3.99208 2.59032 3.01916C2.78603 2.81013 3.09235 2.74734 3.35452 2.86251L4.61486 3.41615C4.97751 3.57531 5.39442 3.55127 5.73819 3.35043C6.08048 3.15189 6.30836 2.8028 6.35235 2.40988L6.50542 1.03677C6.53739 0.750021 6.74807 0.515292 7.02972 0.452652C7.67529 0.309084 8.334 0.232791 9.01098 0.225006ZM8.99973 6.29996C7.50852 6.29996 6.29973 7.5088 6.29973 9.00001C6.29973 10.4911 7.50852 11.7 8.99973 11.7C10.4909 11.7 11.6997 10.4911 11.6997 9.00001C11.6997 7.5088 10.4909 6.29996 8.99973 6.29996Z" fill="#0883D9"/>
+</g>
+<defs>
+<clipPath id="clip0_461_479">
+<rect width="18" height="18" fill="white"/>
+</clipPath>
+</defs>
+</svg>
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md
index 9548dd1826..2339f06772 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md
@@ -1,7 +1,7 @@
 ---
 title: Account protection in Windows Security
 description: Use the Account protection section to manage security for your account and sign in to Microsoft.
-ms.date: 06/27/2024
+ms.date: 04/15/2025
 ms.topic: how-to
 ---
 
@@ -19,10 +19,8 @@ You can also choose to hide the section from users of the device, if you don't w
 
 You can choose to hide the entire section by using Group Policy. When hidden, this section doesn't appear on the home page of **Windows Security**, and its icon isn't shown on the navigation bar on the side.
 
-You can only configure these settings by using Group Policy.
-
 > [!IMPORTANT]
-> You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+> You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
 
 1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select  **Edit**.
 1. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
@@ -31,6 +29,6 @@ You can only configure these settings by using Group Policy.
 1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
 
 > [!NOTE]
-> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
+> If you hide all sections, then **Windows Security** shows a restricted interface, as in the following screenshot:
 >
 > ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md
index ff0ffba791..0a96bba386 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md
@@ -1,7 +1,7 @@
 ---
 title: App & browser control in Windows Security
 description: Use the App & browser control section to see and configure Windows Defender SmartScreen and Exploit protection settings.
-ms.date: 06/27/2024
+ms.date: 04/15/2025
 ms.topic: how-to
 ---
 
@@ -11,31 +11,27 @@ The **App and browser control** section contains information and settings for Wi
 
 In Windows 10, version 1709 and later, the section also provides configuration options for Exploit protection. You can prevent users from modifying these specific options with Group Policy. IT administrators can get more information at [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection).
 
-You can also choose to hide the section from users of the machine. This option can be useful if you don't want users in your organization to see or have access to user-configured options for the features shown in the section.
+You can also choose to hide the section from users of the machine. This option can be useful if you don't want users in your organization to have access to user-configured options for the features shown in the section.
 
 ## Prevent users from making changes to the Exploit protection area in the App & browser control section
 
-You can prevent users from modifying settings in the Exploit protection area. The settings are either greyed out or don't appear if you enable this setting. Users still have access to other settings in the App & browser control section, such as those settings for Windows Defender SmartScreen, unless those options are separately.
-
-You can only prevent users from modifying Exploit protection settings by using Group Policy.
+You can prevent users from modifying settings in the Exploit protection area. The settings are either grayed out or don't appear if you enable this setting. Users still have access to other settings in the App & browser control section, such as those settings for Windows Defender SmartScreen, unless those options are separately.
 
 > [!IMPORTANT]
-> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
 
 1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
 2. In the **Group Policy Management Editor**, go to **Computer configuration**, select **Policies** and then **Administrative templates**.
 3. Expand the tree to **Windows components > Windows Security > App and browser protection**.
-4. Open the **Prevent users from modifying settings** setting and set it to **Enabled**. Select **OK**.
+4. Select the **Prevent users from modifying settings** setting and set it to **Enabled**. Select **OK**.
 5. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
 ## Hide the App & browser control section
 
-You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side.
-
-This section can be hidden only by using Group Policy.
+You can choose to hide the entire section by using Group Policy. When hidden, this section doesn't appear on the home page of **Windows Security**, and its icon isn't shown on the navigation bar on the side.
 
 > [!IMPORTANT]
-> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
 
 1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
 2. In the **Group Policy Management Editor** go to **Computer configuration**, select **Policies** and then **Administrative templates**.
@@ -44,6 +40,6 @@ This section can be hidden only by using Group Policy.
 5. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
 > [!NOTE]
-> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
+> If you hide all sections, then **Windows Security** shows a restricted interface, as in the following screenshot:
 >
 > ![Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md
index aa892ac49b..74c86a17b1 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md
@@ -1,7 +1,7 @@
 ---
 title: Customize Windows Security contact information in Windows Security
 description: Provide information to your users on how to contact your IT department when a security issue occurs
-ms.date: 06/27/2024
+ms.date: 04/15/2025
 ms.topic: how-to
 ---
 
@@ -33,10 +33,6 @@ There are two stages to using the contact card and customized notifications. Fir
 1. Enable the contact card and the customized notifications by configuring two separate Group Policy settings. They both use the same source of information (explained in Steps 5 and 6). You can enable both, or select one or the other:
 
     1. To enable the contact card, open the **Configure customized contact information** setting and set it to **Enabled**. Select **OK**.
-
-        > [!NOTE]
-        > This can only be done in Group Policy.
-
     1. To enable the customized notifications, open the **Configure customized notifications** setting and set it to **Enabled**. Select **OK**.
 
 1. After you enable the contact card or the customized notifications (or both), you must configure the **Specify contact company name** to **Enabled**. Enter your company or organization's name in the field in the **Options** section. Select **OK**.
@@ -57,4 +53,4 @@ To enable the customized notifications and add the contact information in Intune
 - [Settings for the Windows Security experience profile in Microsoft Intune](/mem/intune/protect/antivirus-security-experience-windows-settings).
 
 > [!IMPORTANT]
-> You must specify the contact company name and at least one contact method - email, phone number, or website URL. If you do not specify the contact name and a contact method the customization will not apply, the contact card will not show, and notifications will not be customized.
+> You must specify the contact company name and at least one contact method - email, phone number, or website URL. If you don't specify the contact name and a contact method, the contact card isn't visible, and notifications aren't customized.
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md
index 652bd443dd..dd6035b515 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md
@@ -1,7 +1,7 @@
 ---
 title: Device & performance health in Windows Security
 description: Use the Device & performance health section to see the status of the machine and note any storage, update, battery, driver, or hardware configuration issues
-ms.date: 06/27/2024
+ms.date: 04/15/2025
 ms.topic: how-to
 ---
 
@@ -10,16 +10,14 @@ ms.topic: how-to
 
 The **Device performance & health** section contains information about hardware, devices, and drivers related to the machine.
 
-This section can be hidden from users of the machine. This option can be useful if you don't want users in your organization to see or have access to user-configured options for the features shown in the section.
+This section can be hidden from users of the machine. This option can be useful if you don't want users in your organization to have access to user-configured options for the features shown in the section.
 
 ## Hide the Device performance & health section
 
-You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side.
-
-This section can be hidden only by using Group Policy.
+You can choose to hide the entire section by using Group Policy. When hidden, this section doesn't appear on the home page of **Windows Security**, and its icon isn't shown on the navigation bar on the side.
 
 > [!IMPORTANT]
-> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
 
 1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
 1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
@@ -28,6 +26,6 @@ This section can be hidden only by using Group Policy.
 1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
 > [!NOTE]
-> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
+> If you hide all sections, then **Windows Security** shows a restricted interface, as in the following screenshot:
 >
 > ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md
index 3323324a97..d544d131d6 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md
@@ -1,7 +1,7 @@
 ---
 title: Device security in Windows Security
 description: Use the Device security section to manage security built into your device, including Virtualization-based security.
-ms.date: 06/27/2024
+ms.date: 04/15/2025
 ms.topic: how-to
 ---
 
@@ -9,14 +9,14 @@ ms.topic: how-to
 
 The **Device security** section contains information and settings for built-in device security.
 
-You can choose to hide the section from users of the machine. This option can be useful if you don't want users in your organization to see or have access to user-configured options for the features shown in the section.
+You can choose to hide the section from users of the machine. This option can be useful if you don't want users in your organization to have access to user-configured options for the features shown in the section.
 
 ## Hide the Device security section
 
-You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side. You can hide the device security section by using Group Policy only.
+You can choose to hide the entire section by using Group Policy. When hidden, this section doesn't appear on the home page of **Windows Security**, and its icon isn't shown on the navigation bar on the side.
 
 > [!IMPORTANT]
-> You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+> You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
 
 1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
 1. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
@@ -25,7 +25,7 @@ You can choose to hide the entire section by using Group Policy. The section won
 1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
 > [!NOTE]
-> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
+> If you hide all sections, then **Windows Security** shows a restricted interface, as in the following screenshot:
 >
 > ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
 
@@ -34,7 +34,7 @@ You can choose to hide the entire section by using Group Policy. The section won
 If you don't want users to be able to select the **Clear TPM** button in **Windows Security**, you can disable it.
 
 > [!IMPORTANT]
-> You must have Windows 10, version 1809 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+> You must have Windows 10, version 1809 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
 
 1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
 1. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md
index 9c92b794d3..8ae4c94933 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md
@@ -1,7 +1,7 @@
 ---
 title: Family options in Windows Security
 description: Learn how to hide the Family options section of Windows Security for enterprise environments. Family options aren't intended for business environments.
-ms.date: 06/27/2024
+ms.date: 04/15/2025
 ms.topic: how-to
 ---
 
@@ -15,12 +15,10 @@ This section can be hidden from users of the machine. This option can be useful
 
 ## Hide the Family options section
 
-You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side.
-
-This section can be hidden only by using Group Policy.
+You can choose to hide the entire section by using Group Policy. When hidden, this section doesn't appear on the home page of **Windows Security**, and its icon isn't shown on the navigation bar on the side.
 
 > [!IMPORTANT]
-> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
 
 1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
 1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
@@ -29,6 +27,6 @@ This section can be hidden only by using Group Policy.
 1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
 > [!NOTE]
-> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
+> If you hide all sections, then **Windows Security** shows a restricted interface, as in the following screenshot:
 >
 > ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md
index e6e8967d86..d6f5978647 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md
@@ -1,7 +1,7 @@
 ---
 title: Firewall and network protection in Windows Security
 description: Use the Firewall & network protection section to see the status of and make changes to firewalls and network connections for the machine.
-ms.date: 06/27/2024
+ms.date: 04/15/2025
 ms.topic: how-to
 ---
 
@@ -9,16 +9,14 @@ ms.topic: how-to
 
 The **Firewall & network protection** section contains information about the firewalls and network connections used by the machine, including the status of Windows Firewall and any other non-Microsoft firewalls. IT administrators and IT pros can get configuration guidance from the [Windows Firewall with Advanced Security documentation library](../../network-security/windows-firewall/index.md).
 
-This section can be hidden from users of the machine. This information is useful if you don't want users in your organization to see or have access to user-configured options for the features shown in the section.
+This section can be hidden from users of the machine. This information is useful if you don't want users in your organization to have access to user-configured options for the features shown in the section.
 
 ## Hide the Firewall & network protection section
 
-You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side.
-
-This section can be hidden only by using Group Policy.
+You can choose to hide the entire section by using Group Policy. When hidden, this section doesn't appear on the home page of **Windows Security**, and its icon isn't shown on the navigation bar on the side.
 
 > [!IMPORTANT]
-> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
 
 1. On your Group Policy management machine, open the Group Policy Management Console. Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
 1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
@@ -27,6 +25,6 @@ This section can be hidden only by using Group Policy.
 1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
 > [!NOTE]
-> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
+> If you hide all sections, then **Windows Security** shows a restricted interface, as in the following screenshot:
 >
 > ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md
index 86e41f335e..1a80e41ba3 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md
@@ -1,7 +1,7 @@
 ---
 title: Hide notifications from Windows Security
 description: Prevent Windows Security notifications from appearing on user endpoints
-ms.date: 06/27/2024
+ms.date: 04/15/2025
 ms.topic: how-to
 ---
 
@@ -9,7 +9,7 @@ ms.topic: how-to
 
 **Windows Security** is used by many Windows security features to provide notifications about the health and security of the machine. These include notifications about firewalls, antivirus products, Windows Defender SmartScreen, and others.
 
-In some cases, it may not be appropriate to show these notifications, for example, if you want to hide regular status updates, or if you want to hide all notifications to the users in your organization.
+In some cases, it might not be appropriate to show these notifications, for example, if you want to hide regular status updates, or if you want to hide all notifications to the users in your organization.
 
 There are two levels to hiding notifications:
 
@@ -18,16 +18,12 @@ There are two levels to hiding notifications:
 
 If you set **Hide all notifications** to **Enabled**, changing the **Hide non-critical notifications** setting has no effect.
 
-You can only use Group Policy to change these settings.
-
 ## Use Group Policy to hide noncritical notifications
 
 You can hide notifications that describe regular events related to the health and security of the machine. These notifications are the ones that don't require an action from the machine's user. It can be useful to hide these notifications if you find they're too numerous or you have other status reporting on a larger scale (such as Windows Update for Business reports or Microsoft Configuration Manager reporting).
 
-These notifications can be hidden only by using Group Policy.
-
 > [!IMPORTANT]
-> You must have Windows 10, version 1903 or higher. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+> You must have Windows 10, version 1903 or higher. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
 
 1. Download the latest [Administrative Templates (.admx) for Windows 10, v2004](https://www.microsoft.com/download/101445).
 1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
@@ -38,20 +34,14 @@ These notifications can be hidden only by using Group Policy.
 
 ## Use Group Policy to hide all notifications
 
-You can hide all notifications that are sourced from **Windows Security**. This option may be useful if you don't want users of the machines from inadvertently modifying settings, running antivirus scans, or otherwise performing security-related actions without your input.
-
-These notifications can be hidden only by using Group Policy.
+You can hide all notifications that are sourced from **Windows Security**. This option might be useful if you don't want users of the machines from inadvertently modifying settings, running antivirus scans, or otherwise performing security-related actions without your input.
 
 > [!IMPORTANT]
-> You must have Windows 10, version 1903 or higher. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+> You must have Windows 10, version 1903 or higher. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
 
 1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
 1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
-1. Expand the tree to **Windows components > Windows Security > Notifications**. For Windows 10 version 1803 and below, the path would be **Windows components > Windows Defender Security Center > Notifications**.
-
-    > [!NOTE]
-    > For Windows 10 version 2004 and above the path would be **Windows components > Windows Security > Notifications**.
-
+1. Expand the tree to **Windows components > Windows Security > Notifications**.
 1. Open the **Hide all notifications** setting and set it to **Enabled**. Select **OK**.
 1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
@@ -72,49 +62,49 @@ These notifications can be hidden only by using Group Policy.
 
 ## Notifications
 
-| Purpose | Notification text | Toast Identifier | Critical? |Notification Toggle|
-|---------|------------------|-------------|-----------|---------|
-| Network isolation | Your IT administrator has caused Windows Defender to disconnect your device. Contact IT help desk. | SENSE_ISOLATION | Yes |Firewall and network protection notification|
-| Network isolation customized | _Company name_ has caused Windows Defender to disconnect your device. Contact IT help desk _phone number_, _email address_, _url_. | SENSE_ISOLATION_CUSTOM (body) | Yes |Firewall and network protection notification|
-| Restricted access | Your IT administrator has caused Windows Defender to limit actions on this device. Some apps may not function as expected. Contact IT help desk. | SENSE_PROCESS_RESTRICTION | Yes |Firewall and network protection notification|
-| Restricted access customized | _Company_ has caused Windows Defender to limit actions on this device. Some apps may not function as expected. Contact IT help desk. | SENSE_PROCESS_RESTRICTION_CUSTOM (body) | Yes |Firewall and network protection notification|
-| HVCI, driver compat check fails (upon trying to enable) | There may be an incompatibility on your device. | HVCI_ENABLE_FAILURE | Yes |Firewall and network protection notification|
-| HVCI, reboot needed to enable | The recent change to your protection settings requires a restart of your device. | HVCI_ENABLE_SUCCESS | Yes |Firewall and network protection notification|
-| Item skipped in scan, due to exclusion setting, or network scanning disabled by admin | The Microsoft Defender Antivirus scan skipped an item due to exclusion or network scanning settings. | ITEM_SKIPPED | Yes |Virus & threat protection notification|
-| Remediation failure | Microsoft Defender Antivirus couldn't completely resolve potential threats. | CLEAN_FAILED | Yes |Virus & threat protection notification|
-| Follow-up action (restart & scan) | Microsoft Defender Antivirus found _threat_ in _file name_. Restart and scan your device. Restart and scan | MANUALSTEPS_REQUIRED | Yes |Virus & threat protection notification|
-| Follow-up action (restart) | Microsoft Defender Antivirus found _threat_ in _file_. Restart your device. | WDAV_REBOOT | Yes |Virus & threat protection notification|
-| Follow-up action (Full scan) | Microsoft Defender Antivirus found _threat_ in _file_. Run a full scan of your device. | FULLSCAN_REQUIRED | Yes |Virus & threat protection notification|
-| Sample submission prompt | Review files that Windows Defender will send to Microsoft. Sending this information can improve how Microsoft Defender Antivirus helps protect your device. | SAMPLE_SUBMISSION_REQUIRED | Yes |Virus & threat protection notification|
-| OS support ending warning | Support for your version of Windows is ending. When this support ends, Microsoft Defender Antivirus won't be supported, and your device might be at risk. | SUPPORT_ENDING | Yes |Virus & threat protection notification|
-| OS support ended, device at risk | Support for your version of Windows has ended. Microsoft Defender Antivirus is no longer supported, and your device might be at risk. | SUPPORT_ENDED _and_ SUPPORT_ENDED_NO_DEFENDER | Yes |Virus & threat protection notification|
-| Summary notification, items found | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. Your device was scanned _n_ times. | RECAP_FOUND_THREATS_SCANNED | No |Virus & threat protection notification|
-| Summary notification, items found, no scan count | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. | RECAP_FOUND_THREATS | No |Virus & threat protection notification|
-| Summary notification, **no** items found, scans performed | Microsoft Defender Antivirus didn't find any threats since your last summary. Your device was scanned _n_ times. | RECAP_NO THREATS_SCANNED | No |Virus & threat protection notification|
-| Summary notification, **no** items found, no scans | Microsoft Defender Antivirus didn't find any threats since your last summary. | RECAP_NO_THREATS | No |Virus & threat protection notification|
-| Scan finished, manual, threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_, and took action against threats. | RECENT_SCAN_FOUND_THREATS | No |Virus & threat protection notification|
-| Scan finished, manual, **no** threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_. No threats were found. | RECENT_SCAN_NO_THREATS | No |Virus & threat protection notification|
-| Threat found | Microsoft Defender Antivirus found threats. Get details. | CRITICAL | No |Virus & threat protection notification|
-| LPS on notification | Microsoft Defender Antivirus is periodically scanning your device. You're also using another antivirus program for active protection. | PERIODIC_SCANNING_ON | No |Virus & threat protection notification|
-| Long running BaFS | Your IT administrator  requires a security scan of this item. The scan could take up to _n_ seconds. | BAFS | No |Firewall and network protection notification|
-| Long running BaFS customized | _Company_ requires a security scan of this item. The scan could take up to _n_ seconds. | BAFS_DETECTED_CUSTOM (body) | No |Firewall and network protection notification|
-| Sense detection | This application was removed because it was blocked by your IT security settings | WDAV_SENSE_DETECTED | No |Firewall and network protection notification|
-| Sense detection customized | This application was removed because it was blocked by your IT security settings | WDAV_SENSE_DETECTED_CUSTOM (body) | No |Firewall and network protection notification|
-| Ransomware specific detection | Microsoft Defender Antivirus has detected threats, which may include ransomware. | WDAV_RANSOMWARE_DETECTED | No |Virus & threat protection notification|
-| ASR (HIPS) block | Your IT administrator caused Windows Defender Security Center to block this action. Contact your IT help desk. | HIPS_ASR_BLOCKED | No |Firewall and network protection notification|
-| ASR (HIPS) block customized | _Company_ caused Windows Defender Security Center to block this action. Contact your IT help desk. | HIPS_ASR_BLOCKED_CUSTOM (body) | No |Firewall and network protection notification|
-| CFA (FolderGuard) block | Controlled folder access blocked _process_ from making changes to the folder _path_ | FOLDERGUARD_BLOCKED | No |Firewall and network protection notification|
-| Network protect (HIPS) network block customized | _Company_ caused Windows Defender Security Center to block this network connection. Contact your IT help desk. | HIPS_NETWORK_BLOCKED_CUSTOM (body) | No |Firewall and network protection notification|
-| Network protection (HIPS) network block | Your IT administrator caused Windows Defender Security Center to block this network connection. Contact your IT help desk. | HIPS_NETWORK_BLOCKED | No |Firewall and network protection notification|
-| PUA detection, not blocked | Your settings cause the detection of any app that might perform unwanted actions on your computer. | PUA_DETECTED | No |Firewall and network protection notification|
-| PUA notification | Your IT settings caused Microsoft Defender Antivirus to block an app that may potentially perform unwanted actions on your device. | PUA_BLOCKED | No |Firewall and network protection notification|
-| PUA notification, customized | _Company_ caused Microsoft Defender Antivirus to block an app that may potentially perform unwanted actions on your device. | PUA_BLOCKED_CUSTOM (body) | No |Firewall and network protection notification|
-| Network isolation ended |  |  | No |Firewall and network protection notification|
-| Network isolation ended, customized |  |  | No |Firewall and network protection notification|
-| Restricted access ended |  |  | No |Firewall and network protection notification|
-| Restricted access ended, customized |  |  | No |Firewall and network protection notification|
-| Dynamic lock on, but bluetooth off |  |  | No |Account protection notification|
-| Dynamic lock on, bluetooth on, but device unpaired |  |  | No |Account protection notification|
-| Dynamic lock on, bluetooth on, but unable to detect device |  |  | No |Account protection notification|
-| NoPa or federated no hello |  |  | No |Account protection notification|
-| NoPa or federated hello broken |  |  | No |Account protection notification|
+| Purpose                                                                               | Notification text                                                                                                                                           | Toast Identifier                              | Critical? | Notification Toggle                          |
+|---------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------|-----------|----------------------------------------------|
+| Network isolation                                                                     | Your IT administrator has caused Windows Defender to disconnect your device. Contact IT help desk.                                                          | SENSE_ISOLATION                               | Yes       | Firewall and network protection notification |
+| Network isolation customized                                                          | _Company name_ has caused Windows Defender to disconnect your device. Contact IT help desk _phone number_, _email address_, _url_.                          | SENSE_ISOLATION_CUSTOM (body)                 | Yes       | Firewall and network protection notification |
+| Restricted access                                                                     | Your IT administrator has caused Windows Defender to limit actions on this device. Some apps may not function as expected. Contact IT help desk.            | SENSE_PROCESS_RESTRICTION                     | Yes       | Firewall and network protection notification |
+| Restricted access customized                                                          | _Company_ has caused Windows Defender to limit actions on this device. Some apps may not function as expected. Contact IT help desk.                        | SENSE_PROCESS_RESTRICTION_CUSTOM (body)       | Yes       | Firewall and network protection notification |
+| HVCI, driver compat check fails (upon trying to enable)                               | There may be an incompatibility on your device.                                                                                                             | HVCI_ENABLE_FAILURE                           | Yes       | Firewall and network protection notification |
+| HVCI, reboot needed to enable                                                         | The recent change to your protection settings requires a restart of your device.                                                                            | HVCI_ENABLE_SUCCESS                           | Yes       | Firewall and network protection notification |
+| Item skipped in scan, due to exclusion setting, or network scanning disabled by admin | The Microsoft Defender Antivirus scan skipped an item due to exclusion or network scanning settings.                                                        | ITEM_SKIPPED                                  | Yes       | Virus & threat protection notification       |
+| Remediation failure                                                                   | Microsoft Defender Antivirus couldn't completely resolve potential threats.                                                                                 | CLEAN_FAILED                                  | Yes       | Virus & threat protection notification       |
+| Follow-up action (restart & scan)                                                     | Microsoft Defender Antivirus found _threat_ in _file name_. Restart and scan your device. Restart and scan                                                  | MANUALSTEPS_REQUIRED                          | Yes       | Virus & threat protection notification       |
+| Follow-up action (restart)                                                            | Microsoft Defender Antivirus found _threat_ in _file_. Restart your device.                                                                                 | WDAV_REBOOT                                   | Yes       | Virus & threat protection notification       |
+| Follow-up action (Full scan)                                                          | Microsoft Defender Antivirus found _threat_ in _file_. Run a full scan of your device.                                                                      | FULLSCAN_REQUIRED                             | Yes       | Virus & threat protection notification       |
+| Sample submission prompt                                                              | Review files that Windows Defender will send to Microsoft. Sending this information can improve how Microsoft Defender Antivirus helps protect your device. | SAMPLE_SUBMISSION_REQUIRED                    | Yes       | Virus & threat protection notification       |
+| OS support ending warning                                                             | Support for your version of Windows is ending. When this support ends, Microsoft Defender Antivirus won't be supported, and your device might be at risk.   | SUPPORT_ENDING                                | Yes       | Virus & threat protection notification       |
+| OS support ended, device at risk                                                      | Support for your version of Windows has ended. Microsoft Defender Antivirus is no longer supported, and your device might be at risk.                       | SUPPORT_ENDED _and_ SUPPORT_ENDED_NO_DEFENDER | Yes       | Virus & threat protection notification       |
+| Summary notification, items found                                                     | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. Your device was scanned _n_ times.                            | RECAP_FOUND_THREATS_SCANNED                   | No        | Virus & threat protection notification       |
+| Summary notification, items found, no scan count                                      | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary.                                                               | RECAP_FOUND_THREATS                           | No        | Virus & threat protection notification       |
+| Summary notification, **no** items found, scans performed                             | Microsoft Defender Antivirus didn't find any threats since your last summary. Your device was scanned _n_ times.                                            | RECAP_NO THREATS_SCANNED                      | No        | Virus & threat protection notification       |
+| Summary notification, **no** items found, no scans                                    | Microsoft Defender Antivirus didn't find any threats since your last summary.                                                                               | RECAP_NO_THREATS                              | No        | Virus & threat protection notification       |
+| Scan finished, manual, threats found                                                  | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_, and took action against threats.                                                 | RECENT_SCAN_FOUND_THREATS                     | No        | Virus & threat protection notification       |
+| Scan finished, manual, **no** threats found                                           | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_. No threats were found.                                                           | RECENT_SCAN_NO_THREATS                        | No        | Virus & threat protection notification       |
+| Threat found                                                                          | Microsoft Defender Antivirus found threats. Get details.                                                                                                    | CRITICAL                                      | No        | Virus & threat protection notification       |
+| LPS on notification                                                                   | Microsoft Defender Antivirus is periodically scanning your device. You're also using another antivirus program for active protection.                       | PERIODIC_SCANNING_ON                          | No        | Virus & threat protection notification       |
+| Long running BaFS                                                                     | Your IT administrator  requires a security scan of this item. The scan could take up to _n_ seconds.                                                        | BAFS                                          | No        | Firewall and network protection notification |
+| Long running BaFS customized                                                          | _Company_ requires a security scan of this item. The scan could take up to _n_ seconds.                                                                     | BAFS_DETECTED_CUSTOM (body)                   | No        | Firewall and network protection notification |
+| Sense detection                                                                       | This application was removed because it was blocked by your IT security settings                                                                            | WDAV_SENSE_DETECTED                           | No        | Firewall and network protection notification |
+| Sense detection customized                                                            | This application was removed because it was blocked by your IT security settings                                                                            | WDAV_SENSE_DETECTED_CUSTOM (body)             | No        | Firewall and network protection notification |
+| Ransomware specific detection                                                         | Microsoft Defender Antivirus has detected threats, which may include ransomware.                                                                            | WDAV_RANSOMWARE_DETECTED                      | No        | Virus & threat protection notification       |
+| ASR (HIPS) block                                                                      | Your IT administrator caused Windows Defender Security Center to block this action. Contact your IT help desk.                                              | HIPS_ASR_BLOCKED                              | No        | Firewall and network protection notification |
+| ASR (HIPS) block customized                                                           | _Company_ caused Windows Defender Security Center to block this action. Contact your IT help desk.                                                          | HIPS_ASR_BLOCKED_CUSTOM (body)                | No        | Firewall and network protection notification |
+| CFA (FolderGuard) block                                                               | Controlled folder access blocked _process_ from making changes to the folder _path_                                                                         | FOLDERGUARD_BLOCKED                           | No        | Firewall and network protection notification |
+| Network protect (HIPS) network block customized                                       | _Company_ caused Windows Defender Security Center to block this network connection. Contact your IT help desk.                                              | HIPS_NETWORK_BLOCKED_CUSTOM (body)            | No        | Firewall and network protection notification |
+| Network protection (HIPS) network block                                               | Your IT administrator caused Windows Defender Security Center to block this network connection. Contact your IT help desk.                                  | HIPS_NETWORK_BLOCKED                          | No        | Firewall and network protection notification |
+| PUA detection, not blocked                                                            | Your settings cause the detection of any app that might perform unwanted actions on your computer.                                                          | PUA_DETECTED                                  | No        | Firewall and network protection notification |
+| PUA notification                                                                      | Your IT settings caused Microsoft Defender Antivirus to block an app that may potentially perform unwanted actions on your device.                          | PUA_BLOCKED                                   | No        | Firewall and network protection notification |
+| PUA notification, customized                                                          | _Company_ caused Microsoft Defender Antivirus to block an app that may potentially perform unwanted actions on your device.                                 | PUA_BLOCKED_CUSTOM (body)                     | No        | Firewall and network protection notification |
+| Network isolation ended                                                               |                                                                                                                                                             |                                               | No        | Firewall and network protection notification |
+| Network isolation ended, customized                                                   |                                                                                                                                                             |                                               | No        | Firewall and network protection notification |
+| Restricted access ended                                                               |                                                                                                                                                             |                                               | No        | Firewall and network protection notification |
+| Restricted access ended, customized                                                   |                                                                                                                                                             |                                               | No        | Firewall and network protection notification |
+| Dynamic lock on, but bluetooth off                                                    |                                                                                                                                                             |                                               | No        | Account protection notification              |
+| Dynamic lock on, bluetooth on, but device unpaired                                    |                                                                                                                                                             |                                               | No        | Account protection notification              |
+| Dynamic lock on, bluetooth on, but unable to detect device                            |                                                                                                                                                             |                                               | No        | Account protection notification              |
+| NoPa or federated no hello                                                            |                                                                                                                                                             |                                               | No        | Account protection notification              |
+| NoPa or federated hello broken                                                        |                                                                                                                                                             |                                               | No        | Account protection notification              |
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md
index 0bba1cf21b..76c977685e 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md
@@ -1,13 +1,13 @@
 ---
 title: Virus and threat protection in Windows Security
 description: Use the Virus & threat protection section to see and configure Microsoft Defender Antivirus, Controlled folder access, and 3rd-party antivirus products.
-ms.date: 06/27/2024
+ms.date: 04/15/2025
 ms.topic: how-to
 ---
 
 # Virus and threat protection
 
-The **Virus & threat protection** section contains information and settings for antivirus protection from Microsoft Defender Antivirus and third-party antivirus products. These settings include Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions if there's a ransomware attack.
+The **Virus & threat protection** section contains information and settings for antivirus protection from Microsoft Defender Antivirus and non-Microsoft antivirus products. These settings include Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions if there's a ransomware attack.
 
 IT administrators and IT pros can get more configuration information from these articles:
 
@@ -22,12 +22,10 @@ You can hide the **Virus & threat protection** section or the **Ransomware prote
 
 ## Hide the Virus & threat protection section
 
-You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side.
-
-This section can be hidden only by using Group Policy.
+You can choose to hide the entire section by using Group Policy. When hidden, this section doesn't appear on the home page of **Windows Security**, and its icon isn't shown on the navigation bar on the side.
 
 > [!IMPORTANT]
-> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
 
 1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object (GPO) you want to configure and select **Edit**.
 1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
@@ -36,18 +34,16 @@ This section can be hidden only by using Group Policy.
 1. [Deploy](/windows/win32/srvnodes/group-policy) the updated GPO as you normally do.
 
 > [!NOTE]
-> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
+> If you hide all sections, then **Windows Security** shows a restricted interface, as in the following screenshot:
 >
 > ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
 
 ## Hide the Ransomware protection area
 
-You can choose to hide the **Ransomware protection** area by using Group Policy. The area won't appear on the **Virus & threat protection** section of **Windows Security**.
-
-This area can be hidden only by using Group Policy.
+You can choose to hide the **Ransomware protection** area by using Group Policy. When hidden, this area doesn't appear on the **Virus & threat protection** section of **Windows Security**.
 
 > [!IMPORTANT]
-> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
 
 1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and select **Edit**.
 1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md
index 0fdbcab450..2776cff04a 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Security
 description: Windows Security brings together common Windows security features into one place.
-ms.date: 06/27/2024
+ms.date: 04/15/2025
 ms.topic: article
 ---
 
@@ -15,7 +15,7 @@ This article describes **Windows Security** settings, and provides information o
 ![Screenshot of the Windows Security showing that the device is protected and five icons for each of the features.](images/security-center-home.png)
 
 > [!NOTE]
-> **Windows Security** is a client interface on Windows 10, version 1703 and later. It is not the Microsoft Defender Security Center web portal console that is used to review and manage [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/).
+> **Windows Security** is a client interface on Windows 10, version 1703 and later. It isn't the Microsoft Defender Security Center web portal console that is used to review and manage [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/).
 
 You can't uninstall **Windows Security**, but you can do one of the following actions:
 
@@ -34,7 +34,7 @@ For more information about each section, options for configuring the sections, a
 - [Family options](wdsc-family-options.md), which include access to parental controls along with tips and information for keeping kids safe online.
 
 > [!NOTE]
-> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
+> If you hide all sections, then **Windows Security** shows a restricted interface, as in the following screenshot:
 >
 > ![Windows Security with all sections hidden by group policy.](images/wdsc-all-hide.png)
 
@@ -53,27 +53,18 @@ For more information about each section, options for configuring the sections, a
     ![Screenshot of Windows Settings showing the different areas available in the Windows Security.](images/settings-windows-defender-security-center-areas.png)
 
 > [!NOTE]
-> Settings configured with management tools, such as group policy, Microsoft Intune, or Microsoft Configuration Manager, will generally take precedence over the settings in the Windows Security.
+> Settings configured with management tools, such as group policy, Microsoft Intune, or Microsoft Configuration Manager, take precedence over the settings in the Windows Security.
 
 ## How Windows Security works with Windows security features
 
 > [!IMPORTANT]
 > **Microsoft Defender Antivirus** and **Windows Security** use similarly named services for specific purposes.
 >
-> The **Windows Security** uses the Windows Security Service (*SecurityHealthService* or *Windows Security Health Service*), which in turn utilizes the Windows Security Center Service (*wscsvc*). This service makes sure that **Windows Security** provides the most up-to-date information about the protection status on the endpoint. This information includes protection offered by third-party antivirus products, Windows Defender Firewall, third-party firewalls, and other security protection.
+> The **Windows Security** uses the Windows Security Service (*SecurityHealthService* or *Windows Security Health Service*), which in turn utilizes the Windows Security Center Service (*wscsvc*). This service makes sure that **Windows Security** provides the most up-to-date information about the protection status on the endpoint. This information includes protection offered by third-party antivirus products, Windows Firewall, third-party firewalls, and other security protection.
 >
-> These services don't affect the state of Microsoft Defender Antivirus. Disabling or modifying these services won't disable Microsoft Defender Antivirus. It will lead to a lowered protection state on the endpoint, even if you're using a third-party antivirus product.
+> These services don't affect the state of Microsoft Defender Antivirus. Disabling or modifying these services doesn't disable Microsoft Defender Antivirus. It leads to a lowered protection state on the endpoint, even if you're using a third-party antivirus product.
 >
-> Microsoft Defender Antivirus will be [disabled automatically when a third-party antivirus product is installed and kept up to date](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility).
->
-> Disabling the Windows Security Center Service won't disable Microsoft Defender Antivirus or [Windows Defender Firewall](../../network-security/windows-firewall/index.md).
-
-> [!WARNING]
-> If you disable the Windows Security Center Service, or configure its associated group policy settings to prevent it from starting or running, **Windows Security** may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
->
-> It may also prevent Microsoft Defender Antivirus from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
->
-> This will significantly lower the protection of your device and could lead to malware infection.
+> Microsoft Defender Antivirus is [disabled automatically when a third-party antivirus product is installed and kept up to date](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility).
 
 **Windows Security** operates as a separate app or process from each of the individual features, and displays notifications through the Action Center.
 
@@ -82,6 +73,11 @@ It acts as a collector or single place to see the status and perform some config
 If you disable any of the individual features, it prevents that feature from reporting its status in **Windows Security**. For example, if you disable a feature through group policy or other management tools, such as Microsoft Configuration Manager, **Windows Security** itself still runs and shows status for the other security features.
 
 > [!IMPORTANT]
-> If you individually disable any of the services, it won't disable the other services or **Windows Security** itself.
+> If you individually disable any of the services, it doesn't disable the other services or **Windows Security** itself.
 
 For example, [using a third-party antivirus disables Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility). However, **Windows Security** still runs, shows its icon in the taskbar, and displays information about the other features, such as Windows Defender SmartScreen and Windows Firewall.
+
+> [!WARNING]
+> Disabling the Windows Security Center Service doesn't disable Microsoft Defender Antivirus or [Windows Firewall](../../network-security/windows-firewall/index.md). If you disable the Windows Security Center Service, or configure its associated group policy settings to prevent it from starting or running, **Windows Security** might display stale or inaccurate information about any antivirus or firewall products installed on the device.
+>
+> It may also prevent Microsoft Defender Antivirus from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you might have previously installed. This will significantly lower the protection of your device and could lead to malware infection.
diff --git a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md
index 9824baf8c1..8f0c028a0f 100644
--- a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md
@@ -1,7 +1,7 @@
 ---
 title: Available Microsoft Defender SmartScreen settings
 description: A list of all available settings for Microsoft Defender SmartScreen using Group Policy and mobile device management (MDM) settings.
-ms.date: 10/10/2024
+ms.date: 04/15/2025
 ms.topic: reference
 ---
 
@@ -42,16 +42,16 @@ By default, Microsoft Defender SmartScreen lets users bypass warnings. Unfortuna
 
 To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen Group Policy and MDM settings.
 
-|Group Policy setting|Recommendation|
-|--- |--- |
-|Administrative Templates > Windows Components > Microsoft Edge > Configure Windows Defender SmartScreen|**Enable.**  Turns on Microsoft Defender SmartScreen.|
-|Administrative Templates > Windows Components > Microsoft Edge > Prevent bypassing Windows Defender SmartScreen prompts for sites|**Enable.**  Stops users from ignoring warning messages and continuing to a potentially malicious website.|
-|Administrative Templates > Windows Components > Explorer > Configure Windows Defender SmartScreen|**Enable with the Warn and prevent bypass option.**  Stops users from ignoring warning messages about malicious files downloaded from the Internet.|
+| Group Policy setting | Recommendation |
+|--|--|
+| Administrative Templates > Windows Components > Microsoft Edge > Configure Windows Defender SmartScreen | **Enable.**  Turns on Microsoft Defender SmartScreen. |
+| Administrative Templates > Windows Components > Microsoft Edge > Prevent bypassing Windows Defender SmartScreen prompts for sites | **Enable.**  Stops users from ignoring warning messages and continuing to a potentially malicious website. |
+| Administrative Templates > Windows Components > Explorer > Configure Windows Defender SmartScreen | **Enable with the Warn and prevent bypass option.**  Stops users from ignoring warning messages about malicious files downloaded from the Internet. |
 
-|MDM setting|Recommendation|
-|--- |--- |
-|Browser/AllowSmartScreen|**1.**  Turns on Microsoft Defender SmartScreen.|
-|Browser/PreventSmartScreenPromptOverride|**1.**  Stops users from ignoring warning messages and continuing to a potentially malicious website.|
-|Browser/PreventSmartScreenPromptOverrideForFiles|**1.**  Stops users from ignoring warning messages and continuing to download potentially malicious files.|
-|SmartScreen/EnableSmartScreenInShell|**1.**  Turns on Microsoft Defender SmartScreen in Windows.<br/><br/>Requires at least Windows 10, version 1703.|
-|SmartScreen/PreventOverrideForFilesInShell|**1.**  Stops users from ignoring warning messages about malicious files downloaded from the Internet.<br/><br/>Requires at least Windows 10, version 1703.|
+| MDM setting | Recommendation |
+|--|--|
+| Browser/AllowSmartScreen | **1.**  Turns on Microsoft Defender SmartScreen. |
+| Browser/PreventSmartScreenPromptOverride | **1.**  Stops users from ignoring warning messages and continuing to a potentially malicious website. |
+| Browser/PreventSmartScreenPromptOverrideForFiles | **1.**  Stops users from ignoring warning messages and continuing to download potentially malicious files. |
+| SmartScreen/EnableSmartScreenInShell | **1.**  Turns on Microsoft Defender SmartScreen in Windows.<br/><br/>Requires at least Windows 10, version 1703. |
+| SmartScreen/PreventOverrideForFilesInShell | **1.**  Stops users from ignoring warning messages about malicious files downloaded from the Internet.<br/><br/>Requires at least Windows 10, version 1703. |
diff --git a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
index 595cb143ba..98f195ba06 100644
--- a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
@@ -1,7 +1,7 @@
 ---
 title: Enhanced Phishing Protection in Microsoft Defender SmartScreen
 description: Learn how Enhanced Phishing Protection for Microsoft Defender SmartScreen helps protect Microsoft school or work passwords against phishing and unsafe usage on sites and apps.
-ms.date: 07/10/2024
+ms.date: 04/15/2025
 ms.topic: article
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11, version 22H2</a>
@@ -19,7 +19,7 @@ If a user signs into Windows using a password, Enhanced Phishing Protection work
 - If users type their work or school password into a website or app that SmartScreen finds suspicious, Enhanced Phishing Protection can automatically collect information from that website or app to help identify security threats. For example, the content displayed, sounds played, and application memory.
 
 > [!NOTE]
-> When a user signs in to a device using a Windows Hello for Business PIN or biometric, Enhanced Phishing Protection does not alert the user or send events to [Microsoft Defender for Endpoint (MDE)](/microsoft-365/security/defender-endpoint/).
+> When a user signs in to a device using a Windows Hello for Business PIN or biometric, Enhanced Phishing Protection doesn't alert the user or send events to [Microsoft Defender for Endpoint (MDE)](/microsoft-365/security/defender-endpoint/).
 
 ## Benefits of Enhanced Phishing Protection in Microsoft Defender SmartScreen
 
@@ -37,7 +37,7 @@ Enhanced Phishing Protection provides robust phishing protections for work or sc
 
 ## Configure Enhanced Phishing Protection for your organization
 
-Enhanced Phishing Protection can be configured via Microsoft Intune, Group Policy Objects (GPO) or Configuration Service Providers (CSP) with an MDM service. These settings are available to configure your devices using either Microsoft Intune, GPO, or CSP.
+Enhanced Phishing Protection can be configured via Microsoft Intune, Group Policy Objects (GPO), or Configuration Service Providers (CSP) with an MDM service. These settings are available to configure your devices using either Microsoft Intune, GPO, or CSP.
 
 | Setting | Description |
 |--|--|
@@ -65,17 +65,7 @@ To configure devices using Microsoft Intune, create a [**Settings catalog** poli
 
 Assign the policy to a security group that contains as members the devices or users that you want to configure.
 
-#### [:::image type="icon" source="../../../images/icons/group-policy.svg"::: **GPO**](#tab/gpo)
-
-Enhanced Phishing Protection can be configured using the following group policy settings found under **Administrative Templates > Windows Components > Windows Defender SmartScreen > Enhanced Phishing Protection**:
-
-- Automatic Data Collection
-- Service Enabled
-- Notify Malicious
-- Notify Password Reuse
-- Notify Unsafe App
-
-#### [:::image type="icon" source="../../../images/icons/gear.svg"::: **CSP**](#tab/csp)
+#### [:::image type="icon" source="../../../images/icons/csp.svg"::: **CSP**](#tab/csp)
 
 Enhanced Phishing Protection can be configured using the [WebThreatDefense CSP][WIN-1].
 
@@ -87,11 +77,21 @@ Enhanced Phishing Protection can be configured using the [WebThreatDefense CSP][
 | **NotifyUnsafeApp**         | `./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/NotifyUnsafeApp`         | Integer   |
 | **ServiceEnabled**          | `./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/ServiceEnabled`          | Integer   |
 
+#### [:::image type="icon" source="../../../images/icons/group-policy.svg"::: **GPO**](#tab/gpo)
+
+Enhanced Phishing Protection can be configured using the following group policy settings found under **Administrative Templates > Windows Components > Windows Defender SmartScreen > Enhanced Phishing Protection**:
+
+- Automatic Data Collection
+- Service Enabled
+- Notify Malicious
+- Notify Password Reuse
+- Notify Unsafe App
+
 ---
 
 ### Recommended settings for your organization
 
-By default, Enhanced Phishing Protection is deployed in audit mode, preventing notifications to the users for any protection scenarios. In audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends diagnostic data through Microsoft Defender. Users aren't warned if they enter their work or school password into a phishing site, if they reuse their password, or if they unsafely store their password in applications. Because of this possibility, it's recommended that you configure Enhanced Phishing Protection to warn users during all protection scenarios.
+By default, Enhanced Phishing Protection is deployed in audit mode, preventing notifications to the users for any protection scenarios. In audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends diagnostic data through Microsoft Defender. Users aren't warned if they enter their work or school password into a phishing site, if they reuse their password, or if they unsafely store their password in applications. Because of this possibility, we recommend that you configure Enhanced Phishing Protection to warn users during all protection scenarios.
 
 | Setting                   | Default Value                                                                                              | Recommendation                                                                                                                                                                                                        |
 |---------------------------|------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -113,6 +113,16 @@ To better help you protect your organization, we recommend turning on and using
 | Notify Password Reuse     | **Enabled**       |
 | Notify Unsafe App         | **Enabled**       |
 
+#### [:::image type="icon" source="../../../images/icons/csp.svg"::: **CSP**](#tab/csp)
+
+| MDM setting             | Recommended value |
+|-------------------------|-------------------|
+| AutomaticDataCollection | **1**             |
+| ServiceEnabled          | **1**             |
+| NotifyMalicious         | **1**             |
+| NotifyPasswordReuse     | **1**             |
+| NotifyUnsafeApp         | **1**             |
+
 #### [:::image type="icon" source="../../../images/icons/group-policy.svg"::: **GPO**](#tab/gpo)
 
 | Group Policy setting      | Recommended value |
@@ -123,16 +133,6 @@ To better help you protect your organization, we recommend turning on and using
 | Notify Password Reuse     | **Enabled**       |
 | Notify Unsafe App         | **Enabled**       |
 
-#### [:::image type="icon" source="../../../images/icons/gear.svg"::: **CSP**](#tab/csp)
-
-| MDM setting             | Recommended value |
-|-------------------------|-------------------|
-| AutomaticDataCollection | **1**             |
-| ServiceEnabled          | **1**             |
-| NotifyMalicious         | **1**             |
-| NotifyPasswordReuse     | **1**             |
-| NotifyUnsafeApp         | **1**             |
-
 ---
 
 ## Related articles
diff --git a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md
index 909ccb5dd2..4bb1d5a225 100644
--- a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender SmartScreen overview
 description: Learn how Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.
-ms.date: 07/10/2024
+ms.date: 04/15/2025
 ms.topic: overview
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
@@ -35,7 +35,7 @@ Microsoft Defender SmartScreen provide an early warning system against websites
 - **Blocking URLs associated with potentially unwanted applications:** In Microsoft Edge (based on Chromium), SmartScreen blocks URLs associated with potentially unwanted applications, or PUAs. For more information on blocking URLs associated with PUAs, see [Detect and block potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).
 
 > [!IMPORTANT]
-> SmartScreen protects against malicious files from the internet. It does not protect against malicious files on internal locations or network shares, such as shared folders with UNC paths or SMB/CIFS shares.
+> SmartScreen protects against malicious files from the internet. It doesn't protect against malicious files on internal locations or network shares, such as shared folders with UNC paths or SMB/CIFS shares.
 
 [!INCLUDE [microsoft-defender-smartscreen](../../../../../includes/licensing/microsoft-defender-smartscreen.md)]