Merge pull request #9044 from MicrosoftDocs/main

Publish main to live, Friday 10:30AM PDT, 10/27

education/windows/index.yml

@@ -15,148 +15,111 @@ metadata:
   author: paolomatarazzo
   ms.author: paoloma
   manager: aaroncz
-  ms.date: 07/28/2023
+  ms.date: 08/07/2023
 
 highlightedContent:
   items:
-  - title: Get started with Windows 11
+  - title: Get started with Windows 11 SE
     itemType: get-started
-    url: /windows/whats-new/windows-11-overview
+    url: windows-11-se-overview.md
   - title: Windows 11, version 22H2
     itemType: whats-new
     url: /windows/whats-new/whats-new-windows-11-version-22H2
-  - title: Windows 11, version 22H2 group policy settings reference 
-    itemType: download
-    url: https://www.microsoft.com/en-us/download/details.aspx?id=104594
-  - title: Windows release health
-    itemType: whats-new
-    url: /windows/release-health
-  - title: Windows commercial licensing
-    itemType: overview
-    url: /windows/whats-new/windows-licensing
-  - title: Windows 365 documentation
-    itemType: overview
-    url: /windows-365
   - title: Explore all Windows trainings and learning paths for IT pros
     itemType: learn
     url: https://learn.microsoft.com/en-us/training/browse/?products=windows&roles=administrator
-  - title: Enroll Windows client devices in Microsoft Intune
+  - title: Deploy applications to Windows 11 SE with Intune
     itemType: how-to-guide
-    url: /mem/intune/fundamentals/deployment-guide-enrollment-windows
+    url: /education/windows/tutorial-deploy-apps-winse
 
 productDirectory:
   title: Get started
   items:
-
+    - title: Learn how to deploy Windows
-    - title: Hardware security
+      imageSrc: /media/common/i_deploy.svg
-      imageSrc: /media/common/i_usb.svg
       links:
-        - url: /windows/security/hardware-security/tpm/trusted-platform-module-overview
+        - url: /education/windows/tutorial-school-deployment/
-          text: Trusted Platform Module
+          text: "Tutorial: deploy and manage Windows devices in a school"
-        - url: /windows/security/hardware-security/pluton/microsoft-pluton-security-processor
+        - url: /education/windows/tutorial-school-deployment/enroll-autopilot
-          text: Microsoft Pluton
+          text: Enrollment in Intune with Windows Autopilot
-        - url: /windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows
+        - url: use-set-up-school-pcs-app.md
-          text: Windows Defender System Guard
+          text: Deploy devices with Set up School PCs
-        - url: /windows-hardware/design/device-experiences/oem-vbs
+        - url: /windows/deployment
-          text: Virtualization-based security (VBS)
+          text: Learn more about Windows deployment >
-        - url: /windows-hardware/design/device-experiences/oem-highly-secure-11
+    - title: Learn how to secure Windows
-          text: Secured-core PC
+      imageSrc: /media/common/i_security-management.svg
-        - url: /windows/security/hardware-security
-          text: Learn more about hardware security >
-
-    - title: OS security
-      imageSrc: /media/common/i_threat-protection.svg
       links:
-        - url: /windows/security/operating-system-security
+        - url: federated-sign-in.md
-          text: Trusted boot
+          text: Configure federated sign-in for Windows devices
-        - url: /windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center
-          text: Windows security settings
-        - url: 	/windows/security/operating-system-security/data-protection/bitlocker/
-          text: BitLocker
-        - url: /windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines
-          text: Windows security baselines
-        - url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/
-          text: MMicrosoft Defender SmartScreen
-        - url: /windows/security/operating-system-security
-          text: Learn more about OS security >
-
-    - title: Identity protection
-      imageSrc: /media/common/i_identity-protection.svg
-      links:
-        - url: /windows/security/identity-protection/hello-for-business
-          text: Windows Hello for Business
-        - url: /windows/security/identity-protection/credential-guard
-          text: Credential Guard
-        - url: /windows-server/identity/laps/laps-overview
-          text: Windows LAPS (Local Administrator Password Solution)
-        - url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection
-          text: Enhanced phishing protection with SmartScreen
-        - url: /education/windows/federated-sign-in
-          text: Federated sign-in (EDU)
-        - url: /windows/security/identity-protection
-          text: Learn more about identity protection >
-
-    - title: Application security
-      imageSrc: /media/common/i_queries.svg
-      links:
-        - url: /windows/security/application-security/application-control/windows-defender-application-control/
-          text: Windows Defender Application Control (WDAC)
         - url: /windows/security/application-security/application-control/user-account-control
           text: User Account Control (UAC)
-        - url: /windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules
-          text: Microsoft vulnerable driver blocklist
-        - url: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview
-          text: Microsoft Defender Application Guard (MDAG)
-        - url: /windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview
-          text: Windows Sandbox
-        - url: /windows/security/application-security
-          text: Learn more about application security >
-
-    - title: Security foundations
-      imageSrc: /media/common/i_build.svg
-      links:
-        - url: /windows/security/security-foundations/certification/fips-140-validation
-          text: FIPS 140-2 validation
-        - url: /windows/security/security-foundations/certification/windows-platform-common-criteria
-          text: Common Criteria Certifications
-        - url: /windows/security/security-foundations/msft-security-dev-lifecycle
-          text: Microsoft Security Development Lifecycle (SDL)
-        - url: https://www.microsoft.com/msrc/bounty-windows-insider-preview
-          text: Microsoft Windows Insider Preview bounty program
-        - url: https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/
-          text: OneFuzz service
-        - url: /windows/security/security-foundations
-          text: Learn more about security foundations >
-
-    - title: Cloud security
-      imageSrc: /media/common/i_cloud-security.svg
-      links:
         - url: /mem/intune/protect/security-baselines
           text: Security baselines with Intune
         - url: /windows/deployment/windows-autopatch
           text: Windows Autopatch
-        - url: /windows/deployment/windows-autopilot
-          text: Windows Autopilot
         - url: /universal-print
           text: Universal Print
-        - url: /windows/client-management/mdm/remotewipe-csp
+        - url: /windows/security
-          text: Remote wipe
+          text: Learn more about Windows security >
-        - url: /windows/security/cloud-security
+
-          text: Learn more about cloud security >
+    - title: Learn how to manage Windows devices
+      imageSrc: /media/common/i_management.svg
+      links:
+        - url: tutorial-school-deployment/manage-overview.md
+          text: Manage devices with Microsoft Intune
+        - url: tutorial-school-deployment/manage-surface-devices.md
+          text: Management functionalities for Surface devices
+        - url: /education/windows/get-minecraft-for-education
+          text: Get and deploy Minecraft Education
+        - url: /windows/client-management
+          text: Learn more about Windows management >
+
+    - title: Learn how to configure Windows
+      imageSrc: /media/common/i_config-tools.svg
+      links:
+        - url: /education/windows/tutorial-school-deployment/configure-devices-overview
+          text: Configure settings and applications with Microsoft Intune
+        - url: /windows/configuration/set-up-shared-or-guest-pc
+          text: Set up a shared or guest Windows device
+        - url: /education/windows/take-tests-in-windows
+          text: Take tests and assessments in Windows
+        - url: set-up-school-pcs-provisioning-package.md
+          text: Provisioning package settings
+        - url: https://www.youtube.com/watch?v=2ZLup_-PhkA
+          text: "Video: Use the Set up School PCs App"
 
 additionalContent:
   sections:
-    - title: More Windows resources
+    - title: For developers # < 60 chars (optional)
-      items:
+      summary: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here. # < 160 chars (optional)
+    - items:
+        # Card
+        - title: UWP apps for education
+          summary: Learn how to write universal apps for education.
+          url: /windows/uwp/apps-for-education/
+        # Card
+        - title: Take a test API
+          summary: Learn how web applications can use the API to provide a locked down experience for taking tests.
+          url: /windows/uwp/apps-for-education/take-a-test-api
 
-        - title: Windows Server
+        - title: Office dev center
-          links:
+          summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app.
-            - text: Windows Server documentation
+          url: https://developer.microsoft.com/office/
-              url: /windows-server
+
-            - text: What's new in Windows Server 2022?
+        - title: Data Streamer
-              url: /windows-server/get-started/whats-new-in-windows-server-2022
+          summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application.
-            - text: Windows Server blog
+          url: /microsoft-365/education/data-streamer
-              url: https://cloudblogs.microsoft.com/windowsserver/
+    - title: For partners # < 60 chars (optional)
+      summary: Looking for resources available to Microsoft Education partners? Start here. # < 160 chars (optional)
+    - items:
+
+        - title: Microsoft Partner Network
+          summary: Discover the latest news and resources for Microsoft Education products, solutions, licensing and readiness.
+          url: https://partner.microsoft.com/explore/education
+
+        - title: Education Partner community Yammer group
+          summary: Sign in with your Microsoft Partner account and join the Education Partner community private group on Yammer.
+          url: https://www.yammer.com/mepn/
 
         - title: Windows product site and blogs
           links:

windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md

@@ -1,7 +1,7 @@
 ---
 title: Microsoft 365 Apps for enterprise
 description: This article explains how Windows Autopatch manages Microsoft 365 Apps for enterprise updates
-ms.date: 06/23/2023 
+ms.date: 10/27/2023 
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -81,7 +81,15 @@ Windows Autopatch doesn't allow you to pause or roll back an update in the Micro
 
 ## Allow or block Microsoft 365 App updates
 
-For organizations seeking greater control, you can allow or block Microsoft 365 App updates for Windows Autopatch-enrolled devices. When the Microsoft 365 App update setting is set to **Block**, Windows Autopatch doesn't provide Microsoft 365 App updates on your behalf, and your organizations have full control over these updates. For example, you can continue to receive updates from [channels](/deployoffice/overview-update-channels) other than the default [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview).
+> [!IMPORTANT]
+> You must be an Intune Administrator to make changes to the setting.
+
+For organizations seeking greater control, you can allow or block Microsoft 365 App updates for Windows Autopatch-enrolled devices.
+
+| Microsoft 365 App setting | Description |
+| ----- | ----- |
+| **Allow** | When set to **Allow**, Windows Autopatch moves all Autopatch managed devices to the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview) and manages updates automatically. To manage updates manually, set the Microsoft 365 App update setting to **Block**. |
+| **Block** | When set to **Block**, Windows Autopatch doesn't provide Microsoft 365 App updates on your behalf, and your organizations have full control over these updates. You can continue to receive updates from [channels](/deployoffice/overview-update-channels) other than the default [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview). |
 
 **To allow or block Microsoft 365 App updates:**
 

windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md

@@ -1,7 +1,7 @@
 ---
 title: What's new 2023
 description: This article lists the 2023 feature releases and any corresponding Message center post numbers.
-ms.date: 10/19/2023 
+ms.date: 10/27/2023 
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: whats-new
@@ -23,6 +23,12 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 
 ## October 2023
 
+### October feature releases or updates
+
+| Article | Description |
+| ----- | ----- |
+| [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#microsoft-365-apps-for-enterprise-update-controls) | Added more information about the Allow setting in the [Microsoft 365 Apps for enterprise update controls](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#microsoft-365-apps-for-enterprise-update-controls) section |
+
 ## October service release
 
 | Message center post number | Description |

windows/security/identity-protection/hello-for-business/hello-faq.yml

@@ -190,7 +190,7 @@ sections:
           Windows Hello for Business is two-factor authentication based on the observed authentication factors of: *something you have*, *something you know*, and *something that's part of you*. Windows Hello for Business incorporates two of these factors: something you have (the user's private key protected by the device's security module) and something you know (your PIN). With the proper hardware, you can enhance the user experience by introducing biometrics. By using biometrics, you can replace the "something you know" authentication factor with the "something that is part of you" factor, with the assurances that users can fall back to the "something you know factor".
 
           > [!NOTE]
-          > The Windows Hello for Business key meets Azure AD multifactor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. For more information, see [What is a Primary Refresh Token](/azure/active-directory/devices/concept-primary-refresh-token#when-does-a-prt-get-an-mfa-claim).
+          > The Windows Hello for Business key meets Microsoft Entra multifactor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. For more information, see [What is a Primary Refresh Token](/azure/active-directory/devices/concept-primary-refresh-token#when-does-a-prt-get-an-mfa-claim).
       - question: Which is a better or more secure for of authentication, key or certificate?
         answer: |
           Both types of authentication provide the same security; one is not more secure than the other.

windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md

@@ -31,7 +31,7 @@ Microsoft Entra joined devices authenticate to Microsoft Entra ID during sign-in
 
 ## Microsoft Entra join authentication to Active Directory using cloud Kerberos trust
 
-![Microsoft Entra join authentication to Azure AD.](images/howitworks/auth-aadj-cloudtrust-kerb.png)
+![Microsoft Entra join authentication to Active Directory.](images/howitworks/auth-aadj-cloudtrust-kerb.png)
 
 | Phase  | Description  |
 | :----: | :----------- |

windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md

@@ -42,7 +42,7 @@ Hybrid Windows Hello for Business needs two directories:
 - An on-premises Active Directory
 - A Microsoft Entra tenant
 
-The two directories must be synchronized with [Microsoft Entra Connect Sync][AZ-1], which synchronizes user accounts from the on-premises Active Directory to Azure AD.\
+The two directories must be synchronized with [Microsoft Entra Connect Sync][AZ-1], which synchronizes user accounts from the on-premises Active Directory to Microsoft Entra ID.\
 During the Window Hello for Business provisioning process, users register the public portion of their Windows Hello for Business credential with Microsoft Entra ID. *Microsoft Entra Connect Sync* synchronizes the Windows Hello for Business public key to Active Directory.
 
 > [!NOTE]

windows/security/identity-protection/web-sign-in/index.md

@@ -25,7 +25,7 @@ This article describes how to configure Web sign-in and the supported key scenar
 To use web sign-in, the clients must meet the following prerequisites:
 
 - Windows 11, version 22H2 with [5030310][KB-1], or later
-- Must be Microsoft Entra joined
+- Must be [Microsoft Entra joined](/entra/identity/devices/concept-directory-join)
 - Must have Internet connectivity, as the authentication is done over the Internet
 
 [!INCLUDE [federated-sign-in](../../../../includes/licensing/web-sign-in.md)]