From 39ef4bc9a1053b5e036bbae7465a94dcd782f707 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 25 Aug 2020 16:57:10 +0500
Subject: [PATCH 01/33] Update microsoft-defender-atp-mac.md

---
 .../microsoft-defender-atp-mac.md                    | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index 62d68dcdee..3f296b7a24 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -67,6 +67,18 @@ Beta versions of macOS are not supported. macOS Sierra (10.12) support ended on
 
 After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
 
+### Licensing requirements
+
+Microsoft Defender Advanced Threat Protection for Mac requires one of the following Microsoft Volume Licensing offers:
+
+- Microsoft 365 E5 (M365 E5)
+- Microsoft 365 E5 Security
+- Microsoft 365 A5 (M365 A5)
+
+> [!NOTE]
+> Eligible Licensed Users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.
+> Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
+
 ### Network connections
 
 The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them.

From 4607899d82de69af92819cff09dd4bfd77c71cdb Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 25 Aug 2020 21:16:09 +0500
Subject: [PATCH 02/33] Update linux-install-manually.md

---
 .../linux-install-manually.md                      | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
index 1746f4fcb3..b756561136 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
@@ -48,6 +48,12 @@ In order to preview new features and provide early feedback, it is recommended t
 
 ### RHEL and variants (CentOS and Oracle Linux)
 
+- Install `yum-utils` if it isn't installed yet:
+
+    ```bash
+    sudo yum install yum-utils
+    ```
+
 - Note your distribution and version, and identify the closest entry for it under `https://packages.microsoft.com/config/`.
 
     In the below commands, replace *[distro]* and *[version]* with the information you've identified:
@@ -71,12 +77,6 @@ In order to preview new features and provide early feedback, it is recommended t
     sudo rpm --import http://packages.microsoft.com/keys/microsoft.asc
     ```
 
-- Install `yum-utils` if it isn't installed yet:
-
-    ```bash
-    sudo yum install yum-utils
-    ```
-
 - Download and make usable all the metadata for the currently enabled yum repositories:
 
     ```bash
@@ -328,4 +328,4 @@ When upgrading your operating system to a new major version, you must first unin
 
 ## Uninstallation
 
-See [Uninstall](linux-resources.md#uninstall) for details on how to remove Microsoft Defender ATP for Linux from client devices.
\ No newline at end of file
+See [Uninstall](linux-resources.md#uninstall) for details on how to remove Microsoft Defender ATP for Linux from client devices.

From cee429d94e43e66837ff4b4d710461b3cba52f21 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 26 Aug 2020 12:11:52 +0500
Subject: [PATCH 03/33] Update
 windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../microsoft-defender-atp/microsoft-defender-atp-mac.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index 3f296b7a24..6526e63f1a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -76,7 +76,7 @@ Microsoft Defender Advanced Threat Protection for Mac requires one of the follow
 - Microsoft 365 A5 (M365 A5)
 
 > [!NOTE]
-> Eligible Licensed Users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.
+> Eligible licensed users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.
 > Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
 
 ### Network connections

From 994a5681699589c5b76f7b6d7c21c46d5ebc037e Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 16 Sep 2020 16:01:26 +0500
Subject: [PATCH 04/33] Update vpn-conditional-access.md

---
 .../identity-protection/vpn/vpn-conditional-access.md         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md
index df414d1e79..c368ed6c90 100644
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md
@@ -72,8 +72,8 @@ Two client-side configuration service providers are leveraged for VPN device com
    - Provisions the Health Attestation Certificate received from the HAS
    - Upon request, forwards the Health Attestation Certificate (received from HAS) and related runtime information to the MDM server for verification
    
->[!NOTE]
->Currently, it is required that certificates be issued from an on-premises CA, and that SSO be enabled in the user’s VPN profile. This will enable the user to obtain Kerberos tickets in order to access resources on-premises. Kerberos currently does not support the use of Azure AD certificates.
+> [!NOTE]
+> Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. 
 
 ## Client connection flow
 The VPN client side connection flow works as follows:

From dcc2f076ea41901eeb50b5da199f212975afb5db Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Fri, 25 Sep 2020 19:45:23 +0530
Subject: [PATCH 05/33] addedm update links of 1903 , 1909 and 2004

as per the user report #8354 , so I added update links of  1903,1909 and 2004
---
 windows/client-management/troubleshoot-stop-errors.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md
index 7eabdf0411..0ed8e1db70 100644
--- a/windows/client-management/troubleshoot-stop-errors.md
+++ b/windows/client-management/troubleshoot-stop-errors.md
@@ -43,7 +43,9 @@ To troubleshoot Stop error messages, follow these general steps:
 2. As a best practice, we recommend that you do the following:
 
     a. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system:
-    
+   - [Windows 10, version 2004](https://support.microsoft.com/help/4555932)  
+   - [Windows 10, version 1909](https://support.microsoft.com/help/4529964)
+   - [Windows 10, version 1903](https://support.microsoft.com/help/4498140)
    - [Windows 10, version 1809](https://support.microsoft.com/help/4464619)
    - [Windows 10, version 1803](https://support.microsoft.com/help/4099479)
    - [Windows 10, version 1709](https://support.microsoft.com/help/4043454)

From fe887186cd821dda6759aa04fd584a526df5f364 Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Mon, 28 Sep 2020 09:27:17 +0200
Subject: [PATCH 06/33] Update account-lockout-threshold.md

Added note.
---
 .../security-policy-settings/account-lockout-threshold.md      | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
index 3db828212a..20f886d1ec 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
@@ -87,6 +87,9 @@ For more information about Windows security baseline recommendations for account
 
 This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
 
+> [!NOTE]
+> A lockout threshold policy will apply to both local member computer users and Domain Users, in order to allow mitigation of issues as described under "Vulnerability". The Built-In Administrator account however, whilst a highly privileged account, has a different risk profile and is excluded from this policy. This ensures there is no scenario where an administrator cannot logon to remediate an issue. As an administrator, there are additional mitigation strategies available, such as a strong password. See also [Appendix D: Securing Built-In Administrator Accounts in Active Directory](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/appendix-d--securing-built-in-administrator-accounts-in-active-directory).
+
 ### Vulnerability
 
 Brute force password attacks can use automated methods to try millions of password combinations for any user account. The effectiveness of such attacks can be almost eliminated if you limit the number of failed sign-in attempts that can be performed.

From 37fa946455d231fd9c80946dbec8819b3f9088d7 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Mon, 28 Sep 2020 14:15:30 +0530
Subject: [PATCH 07/33] fixed missing  text

as per the user report #8370 , so i added the word  **Password**
---
 .../security-policy-settings/minimum-password-length.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
index 35eaa8ac76..60d1136acd 100644
--- a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
+++ b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
@@ -76,7 +76,7 @@ Types of password attacks include dictionary attacks (which attempt to use commo
 
 ### Countermeasure
 
-Configure the **** policy setting to a value of 8 or more. If the number of characters is set to 0, no password will be required.
+Configure the **Password** policy setting to a value of 8 or more. If the number of characters is set to 0, no password will be required.
 
 In most environments, we recommend an eight-character password because it is long enough to provide adequate security, but not too difficult for users to easily remember. This configuration provides adequate defense against a brute force attack. Using the [Password must meet complexity requirements](password-must-meet-complexity-requirements.md) policy setting in addition to the **Minimum password length** setting helps reduce the possibility of a dictionary attack.
 

From 4cae659e0a5849ab535c4c3fc559a987f1b4a7a4 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Mon, 28 Sep 2020 18:10:53 +0530
Subject: [PATCH 08/33] Update
 windows/security/threat-protection/security-policy-settings/minimum-password-length.md

accepted

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../security-policy-settings/minimum-password-length.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
index 60d1136acd..74ed307f82 100644
--- a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
+++ b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
@@ -76,7 +76,7 @@ Types of password attacks include dictionary attacks (which attempt to use commo
 
 ### Countermeasure
 
-Configure the **Password** policy setting to a value of 8 or more. If the number of characters is set to 0, no password will be required.
+Configure the **Minimum password length** policy setting to a value of 8 or more. If the number of characters is set to 0, no password will be required.
 
 In most environments, we recommend an eight-character password because it is long enough to provide adequate security, but not too difficult for users to easily remember. This configuration provides adequate defense against a brute force attack. Using the [Password must meet complexity requirements](password-must-meet-complexity-requirements.md) policy setting in addition to the **Minimum password length** setting helps reduce the possibility of a dictionary attack.
 

From 2ad5f1b2418209f0e2e5c02010a041cffb54a2e8 Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Wed, 30 Sep 2020 17:07:15 +0200
Subject: [PATCH 09/33] Update
 windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../security-policy-settings/account-lockout-threshold.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
index 20f886d1ec..55f3b22031 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
@@ -88,7 +88,7 @@ For more information about Windows security baseline recommendations for account
 This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
 
 > [!NOTE]
-> A lockout threshold policy will apply to both local member computer users and Domain Users, in order to allow mitigation of issues as described under "Vulnerability". The Built-In Administrator account however, whilst a highly privileged account, has a different risk profile and is excluded from this policy. This ensures there is no scenario where an administrator cannot logon to remediate an issue. As an administrator, there are additional mitigation strategies available, such as a strong password. See also [Appendix D: Securing Built-In Administrator Accounts in Active Directory](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/appendix-d--securing-built-in-administrator-accounts-in-active-directory).
+> A lockout threshold policy will apply to both local member computer users and domain users, in order to allow mitigation of issues as described under "Vulnerability". The built-in Administrator account, however, whilst a highly privileged account, has a different risk profile and is excluded from this policy. This ensures there is no scenario where an administrator cannot sign in to remediate an issue. As an administrator, there are additional mitigation strategies available, such as a strong password. See also [Appendix D: Securing Built-In Administrator Accounts in Active Directory](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/appendix-d--securing-built-in-administrator-accounts-in-active-directory).
 
 ### Vulnerability
 

From a0591322a45cf907c9f98cbc062e15cc6e151d29 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Wed, 30 Sep 2020 22:15:34 +0500
Subject: [PATCH 10/33] Link Update

Updated a link to the correct source.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/7972
---
 .../create-wip-policy-using-intune-azure.md                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index 73946540c5..b3788ff49e 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -622,7 +622,7 @@ You can restrict which files are protected by WIP when they are downloaded from
 
 - [What is Azure Rights Management?](https://docs.microsoft.com/information-protection/understand-explore/what-is-azure-rms)
 
-- [Create and deploy Windows Information Protection (WIP) app protection policy with Intune and MAM](https://docs.microsoft.com/intune/deploy-use/create-windows-information-protection-policy-with-intune)
+- [Create and deploy Windows Information Protection (WIP) app protection policy with Intune and MAM](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/overview-create-wip-policy)
 
 - [Intune MAM Without Enrollment](https://blogs.technet.microsoft.com/configmgrdogs/2016/02/04/intune-mam-without-enrollment/)
 

From 01259a7dbf009d8215b7900348e9554b6e4a83de Mon Sep 17 00:00:00 2001
From: Caroline Gitonga <v-cagito@microsoft.com>
Date: Wed, 30 Sep 2020 22:46:32 +0300
Subject: [PATCH 11/33] Add spclient.wg.spotify.com

Add spclient.wg.spotify.com to Windows Family and Home
---
 .../privacy/windows-endpoints-1909-non-enterprise-editions.md   | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
index d0d7ff467f..7b104bdcb0 100644
--- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
@@ -95,6 +95,7 @@ The following methodology was used to derive the network endpoints:
 |wdcp.microsoft.com|HTTPS|Used for Windows Defender when Cloud-based Protection is enabled
 |activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows
 |adl.windows.com|HTTP|Used for compatibility database updates for Windows
+|spclient.wg.spotify.com|TLSV1.2|Used for Spotify Live Tile
 
 ## Windows 10 Pro
 
@@ -159,6 +160,7 @@ The following methodology was used to derive the network endpoints:
 |windows.policies.live.net|HTTP|OneDrive
 |activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows
 |adl.windows.com|HTTP|Used for compatibility database updates for Windows
+|spclient.wg.spotify.com|TLSV1.2|Used for Spotify Live Tile
 
 ## Windows 10 Education
 

From 7f317ac2b550b65c4a1ff39f21883e05ffdeb636 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Thu, 1 Oct 2020 15:37:44 +0500
Subject: [PATCH 12/33] Update
 windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../create-wip-policy-using-intune-azure.md                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index b3788ff49e..fa3972ea0e 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -622,7 +622,7 @@ You can restrict which files are protected by WIP when they are downloaded from
 
 - [What is Azure Rights Management?](https://docs.microsoft.com/information-protection/understand-explore/what-is-azure-rms)
 
-- [Create and deploy Windows Information Protection (WIP) app protection policy with Intune and MAM](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/overview-create-wip-policy)
+- [Create a Windows Information Protection (WIP) protection policy using Microsoft Intune](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/overview-create-wip-policy)
 
 - [Intune MAM Without Enrollment](https://blogs.technet.microsoft.com/configmgrdogs/2016/02/04/intune-mam-without-enrollment/)
 

From c7650732e8652a74e98bc0656137e2156decafdc Mon Sep 17 00:00:00 2001
From: brbrahm <43386070+brbrahm@users.noreply.github.com>
Date: Thu, 1 Oct 2020 10:30:10 -0700
Subject: [PATCH 13/33] Minor fixes to WDAC vs AppLocker

Clarify wording in WDAC system requirements, remove 'legacy' reference, and add back AppLocker recommendation for not enforcing DLLs and drivers
---
 .../wdac-and-applocker-overview.md                           | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
index f076b612e7..9bde7a0cc3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
@@ -44,7 +44,7 @@ Note that prior to Windows 10, version 1709, Windows Defender Application Contro
 
 ### WDAC System Requirements
 
-WDAC policies can only be created on devices running Windows 10 build 1903+ on any SKU, pre-1903 Windows 10 Enterprise, or Windows Server 2016 and above.
+WDAC policies can be created on any client edition of Windows 10 build 1903+ or on Windows Server 2016 and above.
 
 WDAC policies can be applied to devices running any edition of Windows 10 or Windows Server 2016 and above via a Mobile Device Management (MDM) solution like Intune, a management interface like Configuration Manager, or a script host like PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 Enterprise edition or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10.
 
@@ -65,12 +65,13 @@ AppLocker policies can be deployed using Group Policy or MDM.
 
 ## Choose when to use WDAC or AppLocker
 
-Generally, it is recommended that customers who are able to implement application control using WDAC rather than AppLocker do so. WDAC is undergoing continual improvements and will be getting added support from Microsoft management platforms. AppLocker is a legacy technology which will continue to receive security fixes but will not undergo new feature improvements.
+Generally, it is recommended that customers who are able to implement application control using WDAC rather than AppLocker do so. WDAC is undergoing continual improvements and will be getting added support from Microsoft management platforms. Although AppLocker will continue to receive security fixes, it will not undergo new feature improvements.
 
 In some cases, however, AppLocker may be the more appropriate technology for your organization. AppLocker is best when:
 
 - You have a mixed Windows operating system (OS) environment and need to apply the same policy controls to Windows 10 and earlier versions of the OS.
 - You need to apply different policies for different users or groups on shared computers.
+- You do not want to enforce application control on application files such as DLLs or drivers.
 
 AppLocker can also be deployed as a complement to WDAC to add user- or group-specific rules for shared device scenarios where it is important to prevent some users from running specific apps.
 As a best practice, you should enforce WDAC at the most restrictive level possible for your organization, and then you can use AppLocker to further fine-tune the restrictions.

From 97663ee37bbe6264fe7f79253e68ee5379ec00a6 Mon Sep 17 00:00:00 2001
From: brbrahm <43386070+brbrahm@users.noreply.github.com>
Date: Thu, 1 Oct 2020 10:35:14 -0700
Subject: [PATCH 14/33] Add link to WDAC feature availability

---
 .../wdac-and-applocker-overview.md                              | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
index 9bde7a0cc3..9fe4c819a1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
@@ -48,6 +48,8 @@ WDAC policies can be created on any client edition of Windows 10 build 1903+ or
 
 WDAC policies can be applied to devices running any edition of Windows 10 or Windows Server 2016 and above via a Mobile Device Management (MDM) solution like Intune, a management interface like Configuration Manager, or a script host like PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 Enterprise edition or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10.
 
+For more information on which individual WDAC features are available on which WDAC builds, see [WDAC feature availability](feature-availability.md).
+
 ## AppLocker
 
 AppLocker was introduced with Windows 7 and allows organizations to control which applications are allowed to run on their Windows clients. AppLocker helps to prevent end users from running unapproved software on their computers, but it does not meet the servicing criteria for being a security feature.

From 919bd754123d66a41ec0207e99cac043c9daf48e Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 6 Oct 2020 15:05:42 -0700
Subject: [PATCH 15/33] Applied "> [!NOTE]"

---
 .../account-lockout-threshold.md                      | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
index 55f3b22031..ab09ef2ca5 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
@@ -77,8 +77,11 @@ None. Changes to this policy setting become effective without a computer restart
 ### <a href="" id="bkmk-impleconsiderations"></a>Implementation considerations
 
 Implementation of this policy setting is dependent on your operational environment. You should consider threat vectors, deployed operating systems, and deployed apps, for example:
+
 -   The likelihood of an account theft or a DoS attack is based on the security design for your systems and environment. You should set the account lockout threshold in consideration of the known and perceived risk of those threats.
+
 -   When negotiating encryption types between clients, servers, and domain controllers, the Kerberos protocol can automatically retry account sign-in attempts that count toward the threshold limits that you set in this policy setting. In environments where different versions of the operating system are deployed, encryption type negotiation increases.
+
 -   Not all apps that are used in your environment effectively manage how many times a user can attempt to sign-in. For instance, if a connection drops repeatedly when a user is running the app, all subsequent failed sign-in attempts count toward the account lockout threshold.
 
 For more information about Windows security baseline recommendations for account lockout, see [Configuring Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/). 
@@ -95,17 +98,23 @@ This section describes how an attacker might exploit a feature or its configurat
 Brute force password attacks can use automated methods to try millions of password combinations for any user account. The effectiveness of such attacks can be almost eliminated if you limit the number of failed sign-in attempts that can be performed.
 However, a DoS attack could be performed on a domain that has an account lockout threshold configured. An attacker could programmatically attempt a series of password attacks against all users in the organization. If the number of attempts is greater than the account lockout threshold, the attacker might be able to lock every account without needing any special privileges or being authenticated in the network.
 
-> **Note:** Offline password attacks are not countered by this policy setting.
+> [!NOTE]
+> Offline password attacks are not countered by this policy setting.
+
  
 ### <a href="" id="bkmk-countermeasure"></a>Countermeasure
 
 Because vulnerabilities can exist when this value is configured and when it is not configured, two distinct countermeasures are defined. Organizations should weigh the choice between the two, based on their identified threats and the risks that they want to mitigate. The two countermeasure options are:
+
 -   Configure the **Account lockout threshold** setting to 0. This configuration ensures that accounts will not be locked, and it will prevent a DoS attack that intentionally attempts to lock accounts. This configuration also helps reduce Help Desk calls because users cannot accidentally lock themselves out of their accounts. Because it does not prevent a brute force attack, this configuration should be chosen only if both of the following criteria are explicitly met:
+
     -   The password policy setting requires all users to have complex passwords of 8 or more characters.
     -   A robust audit mechanism is in place to alert administrators when a series of failed sign-ins occur in the environment.
+    
 -   Configure the **Account lockout threshold** policy setting to a sufficiently high value to provide users with the ability to accidentally mistype their password several times before the account is locked, but ensure that a brute force password attack still locks the account.
 
     [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend configuring a threshold of 10 invalid sign-in attempts, which prevents accidental account lockouts and reduces the number of Help Desk calls, but does not prevent a DoS attack.
+    
     Using this type of policy must be accompanied by a process to unlock locked accounts. It must be possible to implement this policy whenever it is needed to help mitigate massive lockouts caused by an attack on your systems.
 
 ### Potential impact

From dcbeadfeada3227c4d52dd24ad616f2ed1b5247c Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 6 Oct 2020 16:54:13 -0700
Subject: [PATCH 16/33] Added image border and spacing

---
 .../vpn/vpn-conditional-access.md             | 22 ++++++++++++++-----
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md
index c368ed6c90..fc09e68a62 100644
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md
@@ -48,25 +48,29 @@ The following client-side components are also required:
 - Trusted Platform Module (TPM)
 
 ## VPN device compliance 
+
 At this time, the Azure AD certificates issued to users do not contain a CRL Distribution Point (CDP) and are not suitable for Key Distribution Centers (KDCs) to issue Kerberos tokens. For users to gain access to on-premises resources such as files on a network share, client authentication certificates must be deployed to the Windows profiles of the users, and their VPNv2 profiles must contain the &lt;SSO&gt; section.
 
 Server-side infrastructure requirements to support VPN device compliance include:
 
-- The VPN server should be configured for certificate authentication
-- The VPN server should trust the tenant-specific Azure AD CA
-- For client access using Kerberos/NTLM, a domain-trusted certificate is deployed to the client device and is configured to be used for single sign-on (SSO)
+- The VPN server should be configured for certificate authentication.
+- The VPN server should trust the tenant-specific Azure AD CA.
+- For client access using Kerberos/NTLM, a domain-trusted certificate is deployed to the client device and is configured to be used for single sign-on (SSO).
    
 After the server side is set up, VPN admins can add the policy settings for conditional access to the VPN profile using the VPNv2 DeviceCompliance node.
 
 Two client-side configuration service providers are leveraged for VPN device compliance.
 
-- VPNv2 CSP DeviceCompliance settings
+- VPNv2 CSP DeviceCompliance settings:
+
    - **Enabled**: enables the Device Compliance flow from the client. If marked as **true**, the VPN client attempts to communicate with Azure AD to get a certificate to use for authentication. The VPN should be set up to use certificate authentication and the VPN server must trust the server returned by Azure AD.
    - **Sso**: entries under SSO should be used to direct the VPN client to use a certificate other than the VPN authentication certificate when accessing resources that require Kerberos authentication.
    - **Sso/Enabled**: if this field is set to **true**, the VPN client looks for a separate certificate for Kerberos authentication.
    - **Sso/IssuerHash**: hashes for the VPN client to look for the correct certificate for Kerberos authentication.
    - **Sso/Eku**: comma-separated list of Enhanced Key Usage (EKU) extensions for the VPN client to look for the correct certificate for Kerberos authentication.
+   
 - HealthAttestation CSP (not a requirement) - functions performed by the HealthAttestation CSP include:
+
    - Collects TPM data used to verify health states
    - Forwards the data to the Health Attestation Service (HAS)
    - Provisions the Health Attestation Certificate received from the HAS
@@ -76,16 +80,22 @@ Two client-side configuration service providers are leveraged for VPN device com
 > Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. 
 
 ## Client connection flow
+
 The VPN client side connection flow works as follows:
 
-![Device compliance workflow when VPN client attempts to connect](images/vpn-device-compliance.png)
+> [!div class="mx-imgBorder"]
+> ![Device compliance workflow when VPN client attempts to connect](images/vpn-device-compliance.png)
  
 When a VPNv2 Profile is configured with \<DeviceCompliance> \<Enabled>true<\/Enabled> the VPN client uses this connection flow:
 
 1.	 The VPN client calls into Windows 10’s Azure AD Token Broker, identifying itself as a VPN client.
+
 2.	 The Azure AD Token Broker authenticates to Azure AD and provides it with information about the device trying to connect. The Azure AD Server checks if the device is in compliance with the policies.
-3.	 If compliant, Azure AD requests a short-lived certificate
+
+3.	 If compliant, Azure AD requests a short-lived certificate.
+
 4.	 Azure AD pushes down a short-lived certificate to the Certificate Store via the Token Broker. The Token Broker then returns control back over to the VPN client for further connection  processing.
+
 5. The VPN client uses the Azure AD-issued certificate to authenticate with the VPN server.
 
 ## Configure conditional access

From e25ba0b403693a4cc75a650ade5a2cc5d715aabf Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 6 Oct 2020 18:11:23 -0700
Subject: [PATCH 17/33] m365solution-scenario

---
 .../manage-atp-post-migration-configuration-manager.md        | 4 +++-
 .../manage-atp-post-migration-group-policy-objects.md         | 4 +++-
 .../manage-atp-post-migration-intune.md                       | 4 +++-
 .../manage-atp-post-migration-other-tools.md                  | 4 +++-
 .../microsoft-defender-atp/manage-atp-post-migration.md       | 4 +++-
 .../mcafee-to-microsoft-defender-onboard.md                   | 1 +
 .../mcafee-to-microsoft-defender-prepare.md                   | 1 +
 .../mcafee-to-microsoft-defender-setup.md                     | 3 ++-
 .../microsoft-defender-atp/migration-guides.md                | 1 +
 9 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md
index 6d04ee080e..c086033e55 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md
@@ -14,7 +14,9 @@ author: denisebmsft
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- M365-security-compliance
+- m365solution-scenario
 ms.topic: article
 ms.date: 09/22/2020
 ms.reviewer: chventou
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md
index 016d29c822..512edb5f3c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md
@@ -14,7 +14,9 @@ author: denisebmsft
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- M365-security-compliance
+- m365solution-scenario
 ms.topic: article
 ms.date: 09/22/2020
 ms.reviewer: chventou
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
index eeefc94bfd..eb630aad88 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
@@ -14,7 +14,9 @@ author: denisebmsft
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- M365-security-compliance
+- m365solution-scenario
 ms.topic: article
 ms.date: 09/22/2020
 ms.reviewer: chventou
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md
index 4eb3a79282..111459747f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md
@@ -14,7 +14,9 @@ author: denisebmsft
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- M365-security-compliance
+- m365solution-scenario
 ms.topic: article
 ms.date: 09/22/2020
 ms.reviewer: chventou
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
index 417f5267d3..246b542364 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
@@ -14,7 +14,9 @@ author: denisebmsft
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- M365-security-compliance
+- m365solution-scenario
 ms.topic: conceptual
 ms.date: 09/22/2020
 ms.reviewer: chventou
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
index 3422d29ce9..d38a5977e8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
@@ -17,6 +17,7 @@ audience: ITPro
 ms.collection: 
 - M365-security-compliance 
 - m365solution-McAfeemigrate
+- m365solution-scenario
 ms.custom: migrationguides
 ms.topic: article
 ms.date: 09/24/2020
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index a22a3a83d5..fe973d1a59 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -17,6 +17,7 @@ audience: ITPro
 ms.collection: 
 - M365-security-compliance 
 - m365solution-mcafeemigrate
+- m365solution-scenario
 ms.topic: article
 ms.custom: migrationguides
 ms.date: 09/22/2020
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 7e0da8d519..8813e53523 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -16,7 +16,8 @@ manager: dansimp
 audience: ITPro
 ms.collection: 
 - M365-security-compliance
-- m365solution-mcafeemigrate 
+- m365solution-mcafeemigrate
+- m365solution-scenario 
 ms.topic: article
 ms.custom: migrationguides
 ms.date: 09/22/2020
diff --git a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
index 193a2a1360..308308a4d0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
@@ -11,6 +11,7 @@ ms.prod: w10
 ms.localizationpriority: medium
 ms.collection: 
 - M365-security-compliance
+- m365solution-scenario
 ms.custom: migrationguides
 ms.reviewer: chriggs, depicker, yongrhee
 f1.keywords: NOCSH 

From 45967fe5b7eb7b85f088b21f92259a6db5bb402a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 6 Oct 2020 18:14:02 -0700
Subject: [PATCH 18/33] m365solution-scenario

---
 .../onboarding-endpoint-configuration-manager.md               | 3 ++-
 .../microsoft-defender-atp/onboarding-endpoint-manager.md      | 3 ++-
 .../threat-protection/microsoft-defender-atp/onboarding.md     | 3 ++-
 .../microsoft-defender-atp/prepare-deployment.md               | 3 ++-
 .../microsoft-defender-atp/production-deployment.md            | 3 ++-
 5 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md
index d839dabec7..c09d936fcd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md
@@ -14,7 +14,8 @@ manager: dansimp
 audience: ITPro
 ms.collection: 
 - M365-security-compliance
-- m365solution-endpointprotect  
+- m365solution-endpointprotect
+- m365solution-scenario 
 ms.topic: article
 ---
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
index 31593b47cc..76f2c2c7e7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
@@ -14,7 +14,8 @@ manager: dansimp
 audience: ITPro
 ms.collection: 
 - M365-security-compliance
-- m365solution-endpointprotect  
+- m365solution-endpointprotect
+- m365solution-scenario 
 ms.topic: article
 ---
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
index feeca610db..6ac048cf9d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
@@ -14,7 +14,8 @@ manager: dansimp
 audience: ITPro
 ms.collection: 
 - M365-security-compliance
-- m365solution-endpointprotect  
+- m365solution-endpointprotect
+- m365solution-scenario  
 ms.topic: article
 ---
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
index 1217b7de99..9e4e98ffb5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
@@ -15,7 +15,8 @@ manager: dansimp
 audience: ITPro
 ms.collection: 
 - M365-security-compliance
-- m365solution-endpointprotect 
+- m365solution-endpointprotect
+- m365solution-scenario 
 ms.topic: article 
 ---
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
index 6e8ce89f59..4a974f0e24 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
@@ -15,7 +15,8 @@ manager: dansimp
 audience: ITPro
 ms.collection: 
 - M365-security-compliance
-- m365solution-endpointprotect 
+- m365solution-endpointprotect
+- m365solution-scenario 
 ms.topic: article 
 ---
 

From a58d7d00f1351e174404c6f38853505fb11386a0 Mon Sep 17 00:00:00 2001
From: schmurky <maccruz@microsoft.com>
Date: Wed, 7 Oct 2020 19:48:46 +0800
Subject: [PATCH 19/33] Update passive

---
 .../microsoft-defender-antivirus-compatibility.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index 74c6ee2735..be374197ff 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -77,7 +77,7 @@ The following table summarizes the functionality and features that are available
 |Automatic disabled mode  |No |Yes |No |No |No |
 
 - In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself).
-- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections which are shared with the Microsoft Defender ATP service.
+- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections which are shared with the Microsoft Defender ATP service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
 - When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) (currently in private preview) is turned on, Microsoft Defender Antivirus is not used as the primary antivirus solution, but can still detect and remediate malicious items.
 - In Automatic disabled mode, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated.
 

From 9021c8114720e4caa426776c5cc45b68dbd798ef Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Wed, 7 Oct 2020 19:42:32 +0530
Subject: [PATCH 20/33] removed invalid path , added correct path

  while reading this article, i found an invalid registry path, so I removed the path and added the correct path and added a screenshot.
---
 .../microsoft-defender-atp/enable-network-protection.md     | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
index a6090f9ae7..2d96393904 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
@@ -33,12 +33,14 @@ Check if network protection has been enabled on a local device by using Registry
 
 1. Select the **Start** button in the task bar and type **regedit** to open Registry editor
 1. Choose **HKEY_LOCAL_MACHINE** from the side menu
-1. Navigate through the nested menus to **SOFTWARE** > **Policies** > **Microsoft** > **Windows Defender** > **Policy Manager**
+1. Navigate through the nested menus to **SOFTWARE** > **Policies** > **Microsoft** > **Windows Defender** > **Windows Defender Exploit Guard** > **Network Protection**
 1. Select **EnableNetworkProtection** to see the current state of network protection on the device
 
     * 0, or **Off**
     * 1, or **On**
     * 2, or **Audit** mode
+    
+    ![networkprotection](https://user-images.githubusercontent.com/3296790/95341270-b738b280-08d3-11eb-84a0-16abb140c9fd.PNG)
 
 ## Enable network protection
 
@@ -107,7 +109,7 @@ Confirm network protection is enabled on a local computer by using Registry edit
 
 1. Select **Start** and type **regedit** to open **Registry Editor**.
 
-2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection
+2. Navigate to **HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection**
 
 3. Select **EnableNetworkProtection** and confirm the value:
    * 0=Off

From f6be1fd70afde097ac197fce2eaeaadded20ce8a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 7 Oct 2020 10:53:22 -0700
Subject: [PATCH 21/33] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 ...-baselines-microsoft-defender-antivirus.md | 29 ++-----------------
 1 file changed, 2 insertions(+), 27 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index d1cb0e3d28..69288217fe 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -74,39 +74,14 @@ All our updates contain:
 - serviceability improvements
 - integration improvements (Cloud, Microsoft 365 Defender)  
 <br/>
-<details>
-<summary> September-2020 (Platform: 4.18.2009.x | Engine: 1.1.17500.4)</summary>
-
-&ensp;Security intelligence update version: **1.323.2254.0**  
-&ensp;Released: **October 6, 2020**  
-&ensp;Platform: **4.18.2009.x**  
-&ensp;Engine: **1.1.17500.4**  
-&ensp;Support phase: **Security and Critical Updates**
-    
-### What's new
-
-- Admin permissions are required to restore files in quarantine
-- XML formatted events are now supported
-- CSP support for ignoring exclusion merge
-- New management interfaces for: <br/>
-   - UDP Inspection
-   - Network Protection on Server 2019
-   - IP Address exclusions for Network Protection
-- Improved visibility into TPM measurements 
-- Improved Office VBA module scanning
-
-### Known Issues
-No known issues  
-<br/>
-</details>
 
 
 <details>
-<summary> September-2020 (Platform: 4.18.2009.X | Engine: 1.1.17500.4)</summary>
+<summary> September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4)</summary>
 
 &ensp;Security intelligence update version: **1.325.10.0**  
 &ensp;Released: **October 01, 2020**  
-&ensp;Platform: **4.18.2009.X**  
+&ensp;Platform: **4.18.2009.7**  
 &ensp;Engine: **1.1.17500.4**  
 &ensp;Support phase: **Security and Critical Updates**
     

From 69b918851e2664befcaf0155b5a43b0a75d41336 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greglin@microsoft.com>
Date: Wed, 7 Oct 2020 15:29:34 -0700
Subject: [PATCH 22/33] new procedure for drivers

---
 windows/deployment/upgrade/quick-fixes.md | 61 ++++++++++++++++++++++-
 1 file changed, 60 insertions(+), 1 deletion(-)

diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md
index fa2817f19b..c4a602aacd 100644
--- a/windows/deployment/upgrade/quick-fixes.md
+++ b/windows/deployment/upgrade/quick-fixes.md
@@ -38,6 +38,7 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
 <li>Check the system drive for errors and attempt repairs. <a href="#repair-the-system-drive" data-raw-source="[More information](#repair-the-system-drive)">More information</a>.</li>
 <li>Run the Windows Update troubleshooter. <a href="#windows-update-troubleshooter" data-raw-source="[More information](#windows-update-troubleshooter)">More information</a>.</li>
 <li>Attempt to restore and repair system files. <a href="#repair-system-files" data-raw-source="[More information](#repair-system-files)">More information</a>.</li>
+<li>Check for unsigned drivers and update or uninstall them. <a href="#repair-system-files" data-raw-source="[More information](#remove-unsigned-drivers)">More information</a>.</li>
 <li>Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. <a href="#update-windows" data-raw-source="[More information](#update-windows)">More information</a>.</li>
 <li>Temporarily uninstall non-Microsoft antivirus software.
   <a href="#uninstall-non-microsoft-antivirus-software" data-raw-source="[More information](#uninstall-non-microsoft-antivirus-software)">More information</a>.</li>
@@ -152,9 +153,67 @@ To check and repair system files:
 
     ```
     > [!NOTE] 
-    > It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image). 
+    > It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image) and [Use the System File Checker tool](https://support.microsoft.com/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system).
 
 
+### Remove unsigned drivers
+
+Drivers that are not properly signed can block the upgrade process. To check your system for unsigned drivers:
+
+1. Click **Start**.
+2. Type **command**.
+3. Right-click **Command Prompt** and then left-click **Run as administrator**.
+4. If you are prompted by UAC, click **Yes**.
+5. Type **sigverif** and press ENTER. 
+6. The File Signature Verification tool will open. Click **Start**.
+7. After the scanning process is complete, click **Advanced**, and then click **View Log**.
+8. Locate drivers in the log file that are unsigned and remove or update them using Device Manager.  For more information, see [Using Device Manager to uninstall devices and driver packages](https://docs.microsoft.com/windows-hardware/drivers/install/using-device-manager-to-uninstall-devices-and-driver-packages).
+
+>[!NOTE]
+>If a file is corrupted, it might display as unsigned. Be sure to [repair the system drive](#repair-the-system-drive) and [repair system files](#repair-system-files) before attempting to replace unsigned drivers.
+
+#### Optional: Use sigcheck
+
+[Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. 
+
+To use sigcheck:
+
+1. Download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**.
+2. Click **Start**.
+2. Type **command**.
+3. Right-click **Command Prompt** and then left-click **Run as administrator**.
+4. If you are prompted by UAC, click **Yes**.
+5. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**.
+6. Next, generate a list of drivers using driverquery.exe. To do this, type **driverquery /v > c:\sigcheck\drivers.txt** and press ENTER. See the following example:
+
+    ```cmd
+    C:\Sigcheck>Driverquery /v > C:\sigcheck\drivers.txt
+
+    ```
+7. Open the drivers.txt file and locate the problem driver that was reported by sigverif in the procedure above. Copy the path to the driver.
+8. To check the driver, type **sigcheck64 -u -e \<driver path\>** and press ENTER.  See the following example:
+
+    ```
+    C:\Sigcheck>sigcheck64.exe -i c:\windows\system32\DolbyMATEnc.dll
+    
+    Sigcheck v2.80 - File version and signature viewer
+    Copyright (C) 2004-2020 Mark Russinovich
+    Sysinternals - www.sysinternals.com
+    
+    c:\windows\system32\DolbyMATEnc.dll:
+            Verified:       Unsigned
+            Link date:      6:43 PM 9/20/2028
+            Publisher:      n/a
+            Company:        Microsoft Corporation
+            Description:    Dolby MAT Encoder DLL
+            Product:        Microsoft« Windows« Operating System
+            Prod version:   10.0.18362.1
+            File version:   10.0.18362.1 (WinBuild.160101.0800)
+            MachineType:    64-bit
+
+    ```
+In addition to unsigned drivers, drivers might be signed with an invalid certificate, requring the driver to be updated or removed so that Windows upgrade can continue.
+
 ### Update Windows
 
 You should ensure that all important updates are installed before attempting to upgrade. This includes updates to hardware drivers on your computer.

From a979898513556b30d2ff01c437794b1307fc117c Mon Sep 17 00:00:00 2001
From: greg-lindsay <greglin@microsoft.com>
Date: Wed, 7 Oct 2020 15:41:27 -0700
Subject: [PATCH 23/33] typo and add graphic

---
 windows/deployment/images/sigverif.png    | Bin 0 -> 38498 bytes
 windows/deployment/upgrade/quick-fixes.md |   9 ++++++---
 2 files changed, 6 insertions(+), 3 deletions(-)
 create mode 100644 windows/deployment/images/sigverif.png

diff --git a/windows/deployment/images/sigverif.png b/windows/deployment/images/sigverif.png
new file mode 100644
index 0000000000000000000000000000000000000000..0ed0c2fd0c452ba73af39bdfa1ef0494fee155c8
GIT binary patch
literal 38498
zcmc%xdpy(qA3u(Frj$d8a+*WYkxS(;hpik^$+1G_P$;nwbDB9^m7Hy)oJ~l$9F{Pa
zQ$<GD61FlXhRMt@j4}I8U7yeU`u+a;{{H&?;pS$y=j-))KJSmm{c*oPUeD*mTU(kP
z*eA1Z+qP{7u3j;*-L`GVz_xAMKM3y;eDdT8|EJ*Bc9^Z1(Y7jr+%Lf&yF4#hT-vs+
z8YQxEcemj0y^pTkhHcv>b$sh*`&HXx^V_z)<XknmbTib2$ulqYF%KTyI~tR~f|j~B
z^gjHj%w;ApI>$R3V<YM96s;?qdLUKujrf}rN#7(tdmX-<DOR7LEIX**P>wy+dhD1y
z<6iT*ymu2X?lJB{(miftE1YRy1qqeQ?cuY{D|(2^h|NQhAtp&jBw$r|AR~m<)4bv-
z7O*ks${T#n-yG$ye{kKLbQRsG=dX<J*<?iVFwx>h!b;J@#|E9tDRvy^HO*4IXSs5U
zbhp|U=~Rt*jm>e5J)7N8YZ`wBHk}x>scF5B>21j|44v#!1f*HhcV9gGD_p|=?ph&#
zgUAp63Fg!J*9A8fH|jJi*7I5!G{m`F)hZ?AqAr!PUprKM34A%-(7CZ~bC$SSu}~7l
zE%|fr@SE>Y_pK_Q<W0W6rqvml+kCXWFIrC;W1{B~X8xLON*7|QMJ=lRcksv|#v|$}
z(vP$n>!-!m7!SRk=7hk*)1lk=zrehb4gh}vaA<3N;)^z2AjjkS-9b`<3k=H$=MH3B
z1G)k;*RQ><xrpDnisCPTPw~gV8$!Q_8&wfn`5b=amuG2qU81-uH+jPPkutji<YV!f
zm)B!)G>_Yb<+`-T8+`y?>SAovYU~%l#z(+!ECtWnD}6xcz!>34-siA7h;y+X0+v3b
zI&hbIIt%ISm3txhmH#CrLc{bZpEnw{8p59&HQb;?t@{BYS)54L*yu)1RMEy9Yg2s-
zLt!Pr%SSe$CpRR~GKKO1@{OcN!znXOki23&C-{w0l!sn$vC_AcY4Hb6PFL6=E$qBl
zL0I|AZLAFf%V1;0kH6B^%C+ZTTdN%9p8c~r(5bP)dE3>KPKOEmKE^o3I<)yQd=x!j
zb8U>|_4{>?S|*8n_<RxV|G43&U(`B9jKAo**&XW_!GMU3ZcOO_BH21o>@l54n$8PX
z{<7<zkW6@Q3}JYVDgl4)Z6LUJR}9{$qWWr5@A#=fl+=u27IMVvVJyuf<yY&P4qx@p
z@<I*-R~r9guRn-N^*%gvc5BSA`xA)4+w;jHKR-Sd5>qe;o&Wif<|4LwX0GakrIzpA
z4(B6lLQ=#l%O?wBuDdH`>Q%@$_WuRnr}gjHr$Q(M=x0sC;a&9_H2U^x|D;AuqkkA;
zr+oJYU0GHfC?EON5F!H^Z=gpT_5SY(=&dKzcNh-BGu}t8n~f9`jPgRtz~znoO8wRP
z$)^5(dwn?{uAUtDJ)z&%&8_`S-28&sNZ5R(Joh2ad1kN@VAeR0W{sb_;2|S&r=VeE
zr>oWzgvE*f?~A@^@Samw9_#=06ZgFs>Bsv%R1A`wX&6!QUH-7cK{#=I*LTs_&o@fp
zg0=sd;xK!AKJS_9>TX_Ga|3f{y$)VIh({7zU6{cNn8jc!C=IM_dJWeeNG!2t|DTKI
z8|XVh>qPz<IBIpP42)q>gX+tIE6xlE02)z=)|<=g*x}E=VEH%mQ8-ZhS@!<{{3+fL
zF#jW;zm^}hD$O5voz{qmr+~1*Wi%{G+<TR6TgvA3D-AfDXo-?(m5`u}OM3r_)Yfb{
z;U7Gs=ID`gV;NCv89{AF(1{e#+xVn>`HI%r$!XBcrBYh3Smy;P;ewcI+UCLV=1%u#
z+?rPQkDC95{3*UzD15~;YQ=L|=nxI$J-qVRVxpM>3VtR-A)hYjFnSw!M89QhCnw9m
zw3Ox$??16AU~p{z>etPr|HgGufWUb$`@C4|YGP}tY{$IQM$?@Zrn`CRSZ~QQ8IhX>
z9TBQl65gGQ$4ejl7jc6&0ph>%H@$doP^%x?E7wZ_$G0$^wKOiRwhq5XEjHo}s7%@Z
zCrAc(!6lyj+5BHR5fgyxJscYr@6LGQKCSW5tNNti3KJZ?F!-SN(#aqHOCkmMaHVy~
z<4EhWJ)X$S`v2k>67qpDe^wR+wB|d7oDmH3d`vLn{qT%3a|Z=jhLjWshwdomIaxgb
zMb4alH^<>mwCOYxY5n?3hObx{jKRhW`WAV%LPA7bMDk<#L_VkXCK$Up-2f@*kZ?;b
zEu0;9a+jMHGh*gG|CP^8AXTm=WPcNod~v-ve-{`2Y>2Eu-`vbk8l<z?!UZE~Kk~y?
z_o2-Z68WJO`Rjh06PyfKR1Z0hCG<P~3tsY`$JcQ8WbpDL%Z^X%4~~fC<UHfD6w$z&
zrLFveHAZ014)#MM=DE?yA7WjjZ>)1(yG)c4gH~bn@Uv#L667F^g}XZjZN6MiUr(os
z{Q(M(2O>SzWX>hiszOSMa<|?Zm)`rJi;&y59BzQJ#<b6NpafHC<G7wFBL>Z~E&^D0
zz{_vRKHU6QP&u9D@P8Shfp~b8UFRW#9}&@th9^!+C?DuDGC(wCT7&Ut_X5@$G(S?(
zr=Xz!8wFZ1@)VK$!b>jX%)sfR1YENAF}=_pf1}d!iyF^{CWX#na>acQeR9uo6=^be
z-^p-L?{>+7RQX96jcQtH-M+$fw5LJznXne;#8ITC!5cM$sCTbOmL)FDZ-f|r&XoCK
zyhDc-XrRuW1&o+sHwRS>=B`C)4-L0*cK#`6{yApp)6g#$kXCl3N<t_-yTx0`Q-7s>
zZO9Eg`Qv#{*s+r?!nSe{x-6LmwJ>rfyT+GJTrSI=G$81MD$Mq2RTYz5xEn9umo$MO
zWbMjH7@qFEo=Xc0Xzq(zWH-N8jZ%ooCBNhZBXV)U%aQ+94&T+)BLc9I&-9QgnhN)1
zz|p0JiUu=}vNErHve|uq)~_?a3emKlM9bk;O0eOy@8BpsRsW@-UwVYSj6ihpPoK)V
z<CQ_=rFV29y0Pj0;eHqcgXv|r!F(9<dzTGZtC>@|k~2)0PxBrt1o+=1t$*Z^H6<DZ
zyk9^Cnw)zv5R>G{Ice0a;oG>QM#(T|Ew3nXIn<E0Cas^v%*10opm`zH-=L2IdSSvr
zhV){hYh^ix-nC2wTdg##JR5R}ZG&>^1l0&btcwKSiC>7)C4epe6_gd^slGb?Fn(m;
z^3is2)ti?+4z!!e6ORo%l{}6t{zpOeN)DZJxU@v1ZUr@^zMBP)eh>2dxWLvydor@^
zp-&y6;64F8Yln=Ql|HR~4J(6hu$>tz&m0pb4gRIDKOdiN;Cka9mTjs3{_$Be!Wc=E
zhy0Zwr*U!sKOVBVIyF}{emI)@qM@t00-;dQGO@-WlE-mC+-4d5D#}xQCK1hYtk)P=
zXB9_2octpND2Oid_1c4tGW^J1Eo2j{!R+OX+9)`gW?PWXuX?ulE4Hfj<fX`#mmAaW
zaP<P0TzZA@%-zC}69fKeb98G%6{f<a8^*{FLodBu4t~a+&LwVy`#G=A==~2GZDh^6
z@B?Kn<^_>G61F1~+%o)UqqDJzvnN2xFB+fh7@Pezj682UtM&9PF5K{HY5jyW?(STN
z@AT5D^MoC=3Z15A7`1kVju_|C(Q0zRRS^a0?#nV`xkIh9YiPn@Oav|x0t-j=qVUK{
zgFk7$@Eq?hs2j!HK@lxvj)b?Il6Abz&zUh>Elt<%#qg`I4$J57o~^z3a`|n?811^)
zd=69SR5E5`U~R<4P=U9RY?d4KoTn>F0`m;6GG16SG+R5ExzYxs3|KM0OxV&;K_9#L
zZ!IxbST#UY$Q3ED(X`dq(b;Bls*g|-HviKv1}#n8TVe9+NDpr$_<tYMMfWYA20cQw
z1wx;W%Djbl|4UIpfkm0gOU{tP2i8jt&t3n&@@qi9R50~FMWa1=`X6C>ir+2tAH5Yq
ziHQEk!iXtI%l%gh4Agc1Ya&9O9$EiKcjg;@zWR^q|MdU(|I>q!IpW?)f2?u<%DQy#
zZ)=9zwomJiN0Yu-p!(a3PV6`_@W+5VZF`pe+wZ1`yt4lH%I%Wge+;Jj-$oXHI)L5(
zf4|vWLVbS3%KQ&?KLAx@N}laPj%3fZxy?#6MV%(kPmPVle*SL07|r0$&-K#siJqYw
zY<T{!y0Y*J`b60a#<~MNk}pNaO%T8F*fy?o`qXp;dw<krA<GJ#rjh_2%(Yv@NPy0;
z29cYwa9VmsZQj;aGoN$Kh_}ndwifgSx6E7r(MI7UR$Ikogy-ewl!McYTG=bq8<=U9
zxd7pbNI0oA>Eyu6jOPh!O_JX8HUwS*wKZe@Ife~`E#m{0&_86OOj$a=#{yToSKAuv
z#r#a#XY*x74Vof2n`3Q-1Ys`(e;!0coR1RkWvKSaR+VAas(5K7OQS9NA@V-RT;q@s
zkJ;pWY4S?|CpP39iKv<9Nqdh~D31^>sT<b>vEio}Y_zK<r>@L^3@dauqw^FQEms-W
zl0m4J76Z%?#5%~uy{m+gL*S7J_I$OrnQ_hDSzcBsAB({>MSuw$sDU1RGrutuZ4aF_
zkS@a(us-Xe6frMd+OinK*_0XX_cb!GIaYz~$q{b~`2rtZhuaeesq1^l`b{h`5(k#c
zKM#HvZZ*mMJlqC0*T;;Q|A96(Dz&6qY~`-bRiifiJyDQ2vu(VsO@HHa-c)T+w~%A`
z(W;ZATCv;CH>!%NfZs4GpaG*@)LOCeFlSzMofwWAnnAAPI|y~zRKd_+rr=^EV7SjI
z;$m*DK4!3;p~h(9WILRm^7wIz#abAS^zmEd=T-*f-H1~C0yIMs;o+i;e2E$7g{ABk
z<duSJXGppYgb|z_zm|+^jV17Z7~YR${nT27oKWDkWZ^@|DEu)p1>HRYW{b>(&S_vw
zxe($)JbA8oiz;&&m93pTjgepI=8@J_V$@d*)D9rd&;mrrCvpdcBJY&~{hfn)&(pVM
zpi9o7!2Qs)#V;@eHBUn0LZp*3-};6Nrw#febpMwQt?R7HA&prydjLpiP4CysGOuFa
zQO}%O*J8F1%JEoTa=4HFnf%0KljREmgkRzCjR(AR*`p+bFc3p9uc~_-AV`n=Z~j7}
zaK4in0ELh7V%+l#QLR5SVx!lrsVysqP(gj8<KNgfrxrZJd;$~<@UVcXCRwdE$8yFQ
z_8S-(2qC}IS;^G;;KD0|<qA@OX!;rY2s9iy4+_4}y}GD}n%ZX-mS>Oh(e!gfpeosW
z%IW{~{D?SX#_;>A0$zJrepHW7(p%F+hcaFE{Z92Ct0JN6JE6S0EjsDsciNlhT#I0_
z&>_816^#3WZV7(%BkO59;khfSn)_8hvZ5RI_vu^#U;vCeGt44y62{w4?8;)3fZcWZ
z%9rn{+3<1Uv|v;vG*f{y-mLvDf&ioIE*N0YiH94O@4T<q3BDzU&Kbe6-K!%pl@CGK
z&ukpepjVFMa$=yQYSJcZN_t>nIKQeGUDS^zKmBhs>lYgV18Sh@dQ$KH|AQM65Unlr
zDTM_b`Ga0734RJfZ(bG9>;GbBb#NvZ;u_`7&||=@4A8wWv>ra54(AZ@dz5dV`szjf
zMZX_XMa~U%N&gqOA~t9;A`LGF$S{1v{yn2gHo&F($!93XcB|BKx=F4dAb`%ssJpK7
zms-~f-Y#6){LXL~$X~lisRAxINb{h1|7I1t|NEi*wDa_lQee|&0F%vDZf^?FN1Z3j
z8-fu;`?o=a8}x>sbq0k5%6r1$dvj?n^g(xsL4G&cKXDQc9yc6FWC*oo%W5U-q1R){
zw%!4t@7bKxg5Now*ZP2Bm54vGnPt8CEjelj8lGg`^`2Ss^_~JKd^|rb7P<%{aq%wr
zaeq<rB;W*GG}0D;TaKmT@OpV1M|#-+8$^cQfFtRz2WRuiRMa~pu?F}H4!L^CkUT#8
zfkcJp63W1bWa*_3^VmJW+RIauWS>y6Jc-v0gkZ6=zUC(|FW)v1&cmdMZ3~R1P%)pX
z^DcCSl_RgIWQT}ud=XWrIO;xc3&h#H)+Bil-X?1Ped{iPhIR4+=B3v*Ib(KGfS6A+
zZGKMnQ*mdm14v;OEmM>Q#En>Pd`ZL!ju;S(&#B)WA(x9a*P!b7FmK^L0cd6Ph&SXn
zi`R+qgYtRypw(sg4DG3Ku0&BX3^EeVJT1z<ew{vihn|a%nghLN-ILBrUudJdU5X%N
zjG8t1=iy=bi+bQm;#??(Bhwm-%d3w%JDNt->0c#qKhZXOG)if>*33q}Tt1xXvS&-9
zos#QbOYA`M@#Du%-O@LL9dH@XwHi~XIz(<bJusoLRdqTCUs<P}4flLEd~QMVW)JvX
zN^?6f|C6(mTJYa%A?+i^0u4(kzf_?5gkKXL3E0mmn;OE8b56K65!^%LVW4M?4VD|I
zLHXIGG~+D~5TJEppk1Pj!098e-^@4K_%MQRa{hUouqHV-sn^AL{Quejr0CP^qQ0^~
zQQQ1i)h9k{-2PrX0RDw|$(BJG@^4qw%^iY&V+Sg+f%z;R_aKTM07?cNiL4?|WwY|h
zI|L>qz|*=kKaKvPK&^6FGn(5Gx_5i?8}a6L8cxt0x;IR%)9beE%kWXj8Tth9-t<+d
zO(}RES+X!A)F8vSAaXxBoZloRSW}9=%BFG@e|~cW!h3d<+uY*!B{n9Kr2*O%E(fD>
z{fZ$Qg$M2cWSpl#6U)c>!JIY~XEG&{8cb-<3gSR5K|+TBuQz+G`IeYLx`h#hF{!r%
z%wsTdY`p@*dIZMU(6e?l9}%%<hGRghHXU&XkX6v5H1gt4pldb9A$P5br4vOP=hnev
zz-BqnlC_V0>p!Q%JU{`cFso^pE4pN5WR%EWCAQilsj!Z*^<V7>mG1~2(9pUW-E}h)
z$<J*Tv>ryCd3U2yX&SdS?)d_CY(jG>8vgS#zv{*I@+-aUYPfYocS5A*t_cEvd_`=D
z>FVCppbn&mI@3vpRY0~}&-eF>kLdtAfRmH`lZ_W)>pyz|rDm9?OZG;*vDM}3TpH0z
zdQWOb9^Xbc+(|8el#Q9B;`W)LOdrsfwMyuLAE%%->qo4bB0n_+Pxk1Uk=dP`=)b_6
zP(Zt%rGcL7Ke*}lKGZDE$KMMmdKcycqOQ~73jJd;I)CE%-F1Seafh~Q98pmnylH(k
zs@f{5i@xSX_`rR?CriI(t_%hq1I`CAFn1NE&QvW2M#xj{!jcEj<e|{WOE~1n!g&;<
zhrJ$04&XaIE5g64p6Y9=A=2mSfOS(nxrb>@G)5M&hK+UrS>0YmGZylrFtaUUgr<BX
zRaWE;o~=0wCN5+WDpD6U_WsT=gMOjAygOY{)qcF=t;=^`KMZf613gKGL33&bLb41|
zn5BVG&T`Ph*c<d=M8r481hShPUyct7e)psj_BwlE$jYD<LWYgk4M(6A*bV_LAlGMW
zxx^*<gFbM#E~|anV9Kys=ZyiG7R5zOUhkdHME!Rr=+I`3?Y}3IyP>%8H$rL@)btVg
zV)L22N$)B#jY~|}w8CTU(C2N5J{6eLbYcZ!Zdfh<=^=MxP(-L9Hd00e=@Q%2@s_&6
z=qC|==2w;=oO$`tfb|ATgI3ZU{huZB;<S@UutN9B@UoT=yD5!T&;~YBQxMa2qW3K4
zMp?<Z_QMP}X+hYkdsSuh>Dpxul`b-atFM}rVdc|9ua}S;w*Tf3ZB=8j^kb~gaE&fm
z_>|)`gjbe_u^^GPW?$#t<_zG7213u0gJOZWsp{pR>%axQ+1whkk3l`8Q>Zq9JOc-_
z8wduivW)$?dgSd0)V<QiPolIevR_|5u!fMu=;8%M(B_xnRrn~kyz{K5=UFA!BK*#H
zcR&w=1XKqq^xq(bD*c&B7U+W{gu#Rilx&b<yXRcz7z~-I-;=O15PF#$q?2EdCy}c^
zua3#ofvUzv!t$IKm%%IkdGJUb5_|(^nL-A_sJS6iFwkgzQ5zoSotMV?6}n-@il1aJ
zbs|dh8SjZrV(8WPz66+dek*EW6OP0$4QRP+bxsomUA{ED>Z8@FicaK-cB>S8>_Z|Y
zY*9LRy(<8y0ZJNuI1+q^tkruGntz+q&_NoB5S9Aw{?eZ>{w|DI@Fx6<AaFDJaQVet
zJ=X^q;uKrGy(yS~d@~DVD1C3F4Ii|)Ru`$q8m}_|*^f<E3uEtxp`}<g@xO3}3rC2X
zz-*Fwt|NT|!5u&tWug(ygp?Y3*ap37y=VPHfIh1v6dgj9J(NhEDr$~$<iEoQHgqKa
zsg!DbWj{c8hirKLubI<tmNb?=i^lyG$tkN)0_akr9<K*=!54Yy<pKtbV1OLCp3c~p
zAff81M(2fG#zI~VVwsl@rM0ci2X#WPGfaIWD_(NL4~*W^uSCo@C@gF!w5AIY*Pe{v
z-&OqJE8Hz=(I&3ZA4HCv#xo4Y4I>r}?*`bROH_S{%d12eP9H*j>LvRnr$39+(aEh_
zb6^3wodwm7)UbO?h>R?2By*vKjnSs>FdxjKoF;ySzvi^pjUncO1ZpM_s)MaU%PN~U
z%CDIX-EI^G@cmOu*#6W*<QNu?yl1P4?d<8`6|K@qgG^2Pk1S?5i9Pa(rffx*VZ}q+
zIKygN%rokgk=V`~1FZejSu`vqACH{h&$(9Bp)tN2APv{EkFau*ZK1mu{=aX4hmZ3z
zjx|MuV!)cM?Cwi0yBV&pADuT4<bUWH;)V=pay=5WEdP;+o2#oz6<-Y9%II}>*6ETH
z10jOe+sLAm@kF4pIPgkzqEUp9b?M20=qB~8QH{ziiP*=i*S$NiDb->u>WqfnTcDo;
z)h@MsRAPOK`M4({G}M*cGkUU|aVeOa?MIy&jgvB3i*zz0G@do{vTPhFu7b*esCy02
zI=}QhkS<Y9M905{3Ubh#X8HpcBIy)nY<*4I?RwowzX7~5rWoW(gEeyGesDGIFzjjE
zNaSz^2C>l~tfaAXt7t{tgi|EE4?XJ45=rQ+x^{IVK$sPRlkf+MABNoM;K|Ya4A0+g
z=UN2v>Km6`GiD=j>cZ~^*D%V|jpD<Jz<0iRu+>oM9u%HlOTQy^r}D<7rR+&|3t#SY
zm{KQG3XLVrkk7ODU#4jIfH|OyLJsUcb(0oJ2%_Unh2g;8$Q5-`-dJ0`dl>z}V!7=8
zAy-&a)cTc}@+*1b1M$nbW?<?I`*ak2FS)S+$)uNJ>NgJecvY?ee}pQ0$ifFK0<#H-
z`_!?mn@U3^j9m6_@q4rMVD37EX#f^UsJDrws8R9iV^R>P!e3vA=l2Cgp7B)hBRow8
zqFSiuiHJ5bo8tDy^>`kg3>}56_qhMab|su|mhzlpI_I!+8J2%;yL@=9pmjY8w2{o`
z@k3YhsXTyK)J_wG8YnCO%7WTv@Qk^>TU8g%!1Lw$XxPT%VGSH$entG_=)17?-2QAm
zYyxDW4(XlOx>+CDwDgQWiHFE_ID%3(2S5qUya?l5*eC~#!m-v;0THVdK8MeqFX3;B
z0XFA3yW^v{`TV6Z4L-wFebg^s^44Dg;5rLk#cpV};&^(}FEoAGmwhsR?I)+t&GTI4
z54vHIb;-sre9m`0dM4Pvxu4y#towIm3HfzBS@O1=%cy^>y<f!lh7nqidv$P><*9`u
z3`fr?pFFT&y=WjnX@YjKphZ~;1AgUp>bdH-l88=M6CbndxZ&8J#T%|foIwnhQ=@CN
z59TYE11sN<+Z~rrcMLo_F#Y5K(2t&5drLu!ZiGvPG9~M<e-CpuiLOi>Ko;Le_MbS6
zF<o*@it>|XxsR?NW<;^<-C72&it<>d`T-}09FliTd0k(#U0)O1oNlw{Q~AsDvHU50
zu~F_yy+VtMM8JVEm*!E>Ny~l9H$!3?G;VuLY3je1&oE7GX&616v<Ne@RwKa_8jba;
zHR%EeTuL{@)HkTT?_tq@go-{nkD8nxO8Ql&d!A*|3#-zv6y%}ii2?gvjf7L5Zx!ZT
zEO8>}pCWil6qxpWqHs0mfU@;^K8d+gPKl|pO{5dH58eCfhg~SaF6W<1KQ_HtW~y!`
zUsLL%#s%iP_nub9ocdVSd=PrYmvAc{xsWneO(;axVSDpD!oKvbvFr*q`QUJdPHS;E
zJ*1^be^Ao9VBh6AdT_Jz9cbh|D0RwV$kgySn0R6!14R9uplu9?QR7N?mr?F=n0vFJ
z2~;674bzje!w6f8@VgD0Q<%YH8XXeF7u~E&F~Y&6#?RLYwaXT@H)J(SBjU>I)w<HF
zD|N5HUfzp8Rg3C`N`CYSqO$tvg_RQ&*<BJOxm#h77w~d_CHyT>&ER5KUINCvX6ks%
zbu;kPB{%o$Y~@;<!Z%r73cVD1E=d#P!;^y~4@OvJmox1=Y5Dx0Vus<%tORTRj9^zQ
zVO!Z7YyDdd0Z}I}fAbrCrFbqQ#H6TYMBm5N3afUiadhJ6V%p>(TIaG>zWPAF`z7@e
zbbz3STt}IaJINHkx;T(`4E`pXGeUo`unOV1Rf2rUZ<lqqxIP1PbZX0jucIKLRYB4y
z!HNR}E51T0i1|qxnHK4)k0_lbeeaN3>xA!rT&3*HZj?|qxYI}wx0gp9Da<YWQb|k%
z#(7eX3J1s@x>WaItsu`$+Uw8{ZBY~7I_7gIPrXHx6d+@hvwjlrDHm!>IYtQx>lTW3
zG|4t{F13BWZhp6Gbm6qJ+K%kv3ZyI7aKQOhvQB@<9->hh`{r}(t}c3~;~I6A>+qqE
zmKTrNH@nQ{-wdC}|1GmV(^7ChjLJb54btj|r_@`gW^xZNS9kJvok5dn^wLr8`AxCz
zz9t^0!;~=xs`6LM6<_o(uy&Q86o?jB`q!P$8-h!R)tx^OKd3#SyQu!<EZz2@znuME
zOQuZDi4vK^uEYacz<(qmJ^K9?>00j}6fteqQ=ExqtCxL?Ms~r)Qb*2opK4X=J0}{S
z>^Py+Q(1LcVmM_=m8h5;D=DVg5!f^U2bl+&Ok`V^$a^=V1Ud%Vu^zzRF-?d{eP|?%
zlMt}PgIW-5^hBheDJSB1z(YDB^@nOZ8W2#*4(^5e9`Dc;{pd^@z+SoU4Fwl={xhXm
zr2unr_o6p^nXDd;m8{oHwSVdEr?VZU-JvO@)d}~x^5_usN)<<`QR=Mc4kvE+0w8Kt
zAs-bvJkw_y)`QPwZ9b_FPsyN>q8%}@jhN^Z*=I%(ri+FHPaRayujZ~n0Z(Qld=TJW
zxXD^Dz39N><VZ>oL1Izgbi4A%&~dtEB8;IDW?7UH@*3s>Q+_R>GWxn9<sQ&2?S8E@
z5(b(IOzmihdzh$NXYtB8tOQHGO(8L8w1{s&zrJZVA5Ct4l#TD&s$lOu+`#u*DbHo$
zmk>u-Y2xxLYuD6e(K?REQ-c!hH4NThPgh-o6r+<aJT{2!gc9mxgnbjsDnlc>U!HJR
zBHTIIry!K7uKD-8Z}M)7*L{}nDsbYo0qxY4@FbNI_vVof6K`_gPz(nWDK+7g5mHd|
z&`h7+vK~u^fKCidxci?rk_RWnArkCq0^1}a$ofvI=(1w(<4*4ZEq|nDtx}7G5>_E-
zc>UDSkd%oNEH4>i(S6A`Rpc%qqP8x7=w)V+gM4)G>6q*F1_1=cugZ0CN?kbh#9HNZ
z`W+xESlOuCgjT`_-#XKWDlyaE15PI0_flQz8qbsrqh9A?D@CvC4>ZMYZ7bleZsoyh
zLHqUh%%X&v%M#zUMHdFAai#;=%_kPU`xr$Uw4y6yCmHqvmOab35RYsUX4>2|aa8)}
zsR`7@M0@CP&(T7%(ci|epe=Q#cA6~`7O&1`|IFSW@-4GN&jrRKC09Dd!3ZHAE$hP{
z{duO>R)uc$m0PTM?i5^li5g*NVheGZ)J|5?2%r=q&62p{bV2iWXeusE*StMf#=Y`x
zh5NZYkH*Wwm49`y6~vw5%k#V@w0G+<P3kH7%7rZ^oeafqRFYHDrN4uQi%?#pMSJ~y
z@eUbNRCQp+wDy$#U_SmV;NK;0J>DdwG)=sGe@4rcV)IGut1EIIA*Ge>LK3#+Ov#|C
z%Si}*&J9qzE-Cx9WAv?Ojzt4zN!roDDwaN}x0WE1ig=rnCpoX-hbiG1qpHMHU#L?4
zgTNu3$Ag+L9cBGYBB4#GA(_oAW?ZW5@u4ZLrWLkE%NO~rO`8ePtz--9j%D72AUaJY
zyR`PM1W){h4iJZw*F5mKw9Af?GAvm{3ZRlS+e_I_X_GPt1XNA$2v_}+YPWK=QX?Ar
zZa?msI0D3hG<KYeiBuSU{ww!Jm#Mzl@ecPhb<PQWzW(A93dZRwj-bjz>_XK#ifGV5
zZ>sUuPSLP}q~QF*P=V;1JnxrOs@TWNH~m*~u|;;Y6Xfzzx5Slm+*L(VB1K2>J=LzZ
zwfXc&VbSwkw_Y8^I`z*_9n9Ms5~}I9k|4<(mC-^GEd9(r<qADf+~D+ntyJULgCnU!
z0|eV#1|$%U3|=Bjj2avAt(8Nz_PJ6hPX%N*Dy=cFPxT#7Y%xi@gF-|5*pCw`@k8Y4
z0E3BIRB+PrgT>i8V~ShnvK`{Q(2oNqmJ({Iq9zYC(?havp@S;AYv(SO$i3ES$8}t-
zQmWHbWvY@oJqv@6Fg_(krv23R#dSgrxwsK-v$IOas&TxaZRw2IGCx7FVaG|TE#Fpj
z2NXw#s%g0tSdxG8)4z&bJC5Jqd)b*)GD7e40xx1+223CeL!=O8a`caNoO3Ze4wQZm
zF5_qO`ewCO-GRNnJ}j|?xE99#3ZLf{5uI=Ai-M<hZd0Wh)Afi_+#irH2tW?FANyYE
ziL7R{G>>%I<(Rgc@Vn*8`$<noa1+a-$(vyjOp;ZQJGkRU^b#o-Z-6XSK6@}{(jNbG
zx~O9vXSw?a6g4q4@q_F9rikT};h3CCb`l?dsAchl-H?Ep4A3Xv16Ea&H%gaJpVMYq
zN9AySZw}TAKjS7$$a^35O0`e(Nc%2+KW!SFn4Kv-4h@RX(R1s`b2~UevhtT4YtgTi
z*dZI?#n3xRo>7TCaWS+=UV<j0)Q}3hnR4SMP}FOsl&0LA4Ld1nQzh|SZ!#b-)d$El
zt6(1Otm-IgG54P%Z+usGJG(Zh5j-ZkwSgIc*s?6qVbBo0A>*48+85{nxu0)SPPL;&
zu97y6v}(|mK9o`0b?a}4`bbmH^cg2LnN=<ySySzLd}VgPZh`5M<qLik=ZL!f;;dWG
z_%Y&9iJPWFO06o@41<Hf#0cpy1qfcX2Vx_U<uXALJKiCxwbe2HDPqS)7q|PH>YLoA
zD1GijE@(?VoV^@-9a@Xs++!@yX?pd9!gaX;n=Z0DW`}n}(~X|jTsU2qEQ5kXy!1rD
zrS(K~+UvgrCNnfAd@5B*%4IhwDgrJh2X=SZT_1<6Yk}KKflmi)f2Z>L--1-05j+0R
znZ%yU`~4NzN<_4|&!NeKO6}!w{#Se_URMTG*esR-a4C~YQ<}v3Bkil+`!C*M`)ak@
z7w&r`AF|*>>ob$=+OMe)4Rn(MC@(fT95{wWUh;+N3-;YKlZncCzN}8zwMg!e!N1Hs
zCP=En`tXKT(Qmn?ddG(FkO*)3#tFicFBNo0!vM5ZU%L*|0D8eu);0%5js5AZzN{4n
zd8WG<Z}ZwBK%&ymJ=?sxE=@A$A_~ah1ScvNkx<wP38hK}wq>9yy)Zd*(jKPXQrUc@
zdrj()t9PG?<9ZoVf2;HVL!q^FvBMtimtL9L9&i0}VE?CK3J?8YU{&`u)>Kw(q4%8p
zr(wK-(F2%?%aBCKRjoE;O^15-sgK69G-tG7!X3x`x3LejPGWpex}HmvCN1&rLka=P
z*t*J3vYPa3o0*ZUrHpS);tx07q_^rMXsb?sFYrB=EZpVe(;adfndc=un<;i1Tm2&T
zn3#k+)vU2vic#7pj5CE4PT961$<>_)^uJy7(B>%Br<+wKmv3`NCq5d`(%kd(N=bOi
zXCVH8yWF>#ac`XEgwdOvBW8gyLk2E0_rEda;=dPH`MfgXaT@**SWkfUqE4jShJyE%
zNA2RjY_MlNHMeKU2T)N>asFxdGk#sgy2~vx<d~Q1;}(+WPp=kgso8j7CkxM>le2v&
z@%-Vr3U&a%#zc$!&vk@v(kF4le3Kz=@!9eBgwGo{)5hVCE$d+un_>u8@><{BSjY8)
zB@j@k*l!l4Z5e{M#%J9i#d;n?yN)`vBnEsbJ5usK#RCH!9Zr3Hn+;5OI}_S|p-L;e
zKKF~CxckYHgU&NI3wH`vU&ajjr+LU5yGUGJ9+p#jYpe3^hj$-xWO`bxn*8jTm5qlM
zUU8Q_rBBSZbufM7qA={TH$y#e>1_5Dyc2ct(w0UD{aO8|$sb;g{g;@YWiETM^qWtN
z-x^mOkJ*o6YTjQYT=1}mI>k{OX6o~%Z|ZFOm7M*cB+g(+3GZA1o23c7!6<C{v{w^0
z)`8NYNTiZlIv=)+PdR0<4}lHluA3nwy?!-bpf^$VE7xj`dm$jfb5n9+1+?mr_m*~x
z3wlmF^F@3}?$!gC%klSQ`oaPUNkz6?Qy)4QbcT!Wj_~pO>itZ;hl<qfx-BWO99jO^
zA+B2F5hWR!`>O67Y1a@`$e&=ds=)FDRz<`yPI*Jt!FtL0MkZk?w0FiMc&FM#Yls{<
z(|7I9sS2IFg2MSzVJ784oS!t~Vh5I+LLnhrI!hC3OkTQnV}{}^Qf>%r-re5#6z!9j
zEsvPsme^+%{E32N(AxNWIJ2_ll}r{+wLgL0?6>$3cj{}UYGLQEuNZj7aA%f7NrP$X
z1Lu<X+B%x7e)bvZRBW)TT5wrkzVF&k!`~FMFcPTLsR17|J#ia(Zfc^z1c`mBnPwR{
zmm}#3pYvhleD&sEuVC(0>NCIFk=ZdUZPN?<<(Z|>uJ;<qG4(!6f7N>D`8`y*e_T1%
z)aC5uDC9M0teo_akAl({<xVA%=_}*6trM^mKbUx0H0+NP6BAgWW6|%;VYM(Y9YKif
z{0dX*>&vMAMbS5Lf!)lqG;#I&aZy(D5D<0hgXW&pWbDdWtc>uZv<GF${#oQg^8n#m
zQz+zmgoMNKWsA7}%=&U&PsL&xd*Dk4S=oR%oP3b^{Z!G%bMWq<RHS3#+0lSLzRjk!
z@|IetZMA!Ri}<6dLuGkIKaGZu9Vx7U`_Y>^rXe>?JnF>8EN~}D!G$bcgy@s<HSv3X
zX2~c@Ci%T&>=m7>=|`T+e;e+MNTO>h?E<>>UV3OBbe81b`Ow#|;N8PdveAN5QE!Y3
z>%d)swf#N{Xt5ti&AHzi$=NOl^~T>+V`kz0tG?s86hqP0G3z05XL(}+<y7mDkY9Fv
zf^5PrQ5-r<Lrf`N>F-It?gy3XPG;<OggVx07xu~*|9GuO-xXJJnK<eEV89fzsMLJ;
z%CC3M0YDkmdUwmx2+U5UkH*wVpfBygK|_;r`@1CUAU&LLsS5sw<bbWkuNRm|Pstf)
z*Ic1weho&`OM|FH_fzlD-Mld=G1Suw_{{#`%;Gm!{|ZQ<h)+oEK1$}A_B=7{_^_`0
zc4sOi>0VjP-=gkRqLCa=2@v6D#{B9Vn595bZ3SWhwr2#odgQ5r@mm!g(}5pNtj+P*
zf2-Se0l&Y6lq!8vB~}8MFZ}e05=xCJZp5;ULUp=QV;RP$Yce<qx*mV#-ut+qG=DG1
zQg|XY=4+T`Yo!Y99c4&{F&DVxbN1zr3&==6yqH4v>nZHs+IqDxs>yc`^0)!M<9a$`
z)Y~|-4&y-JYMaGlQBfSRMTOr6Sg=d#Dsjj=m2#}_y=-2<@(NNZMzSP0d7p_k{sFxy
zt<_9#=u}7CDg4#klH38~M=Dd*(_;RZvlrtG!NUHvb*jsKQhjo66NY5G#hoI%g_V@@
z2H~eERCRKZAT2~c+G!%?rpzHly}i|m!I--5_@#8Qe>G)F(1NFqDR?JSrH<Np`T8Wb
zHTM}^fh8Z1pq!+`j}M)cE_9+CPP>oki)-mT(Gfs>7MgTv&RkYG5o@x9kgc9IGWVU<
z`7(Dwe62_8RK4O*DmgNJd|10Ix#<grNY*YC_A5W&-yuiDhs$>dG%58MxAZXt{r7(q
z{5h*&j&n8VA_s8sjD(iOtF*roJMF4{H9HiWOP9Ivl?ER5@v!74oo8oaw2vL389PmW
zJJL>~DU#yiZvhJbVdj0`eS7>bDfr!6vhD(@8&dtIUByg!fTAI5;~%x6hG0k1w64F}
z>XMhioV7~3RrNnfAF`G7J^BMu#xd@mdUT^W7-G;~v8^sS(^^w~EoGAA3y&B7d8|Le
zeh4;Q-!M3*$-mr2<;Zkaa*PY@&pA`hCImWOx6Nf!32QH}7`w1FJU?bmh3|h(@h&1v
z>Ub}T9sB2qSRVxxmEf2`i4zFtmWaFjZg#}9+U+Rf!*N5wcahU@A7k$#UlmWdAKn4^
z<eGn6t($VC8)erJUW-LDN}o~h_M|-NJX4tPmJ<?EYI;GdD&WS2vR)=~sX5pvIw<aw
zV#jp7Owv_Kap-X(R>iR1B71jMYm$xH0$U?Yb{_FRgQhsZj1^70K&Kd7k2y;Up7V<j
ze045K+gtAC*p3<H(ZbG3q;a&Sy5^!YQsr{vin#^vv2l`@q=ZF8T-`N|fO27f3#N?P
z1r1yM<eX{j%3pgvz7#%+Y)SNoGIVDu4vZZrsM0jA#zrK|P<#|lPC>veA{=XeGrwF!
zi?y{OV&r>p-}2!u{Q<%E1zM&_qCaB9_3Oaf)_VO@`PAv6WMM(u1pmcwNGxRl2WE~e
zPFwjGjhHy@y78J6@NFfN0wi~sXlq>t(~nse4s(^-oD=NFE8^b9+$mQ?0F)_(ac8}i
za8mf{6gOv;W4c4|k{|Tz)x8q&$gpI2UV+KKNoTMn<~zaLZ(}KjiX<O186RN`M~i%n
z0!wiLK$*Ga5q`0fPrpAVOzTe6&zYD7YHFt<ol>}0bD??hwe(tfU_83N1)oIH7ymJg
zY{A~}O^%=cDs?p(J9kA$+#y*Nm!1|Z%NVbKNffab%w6wP^|J09=uU3zD<2*v1FlW{
zk+)uBfxJ~4kN7b&Kg0dh9Px^ug7z=UN<7JBy8zA!5+E3TT&Uo4CS9w<J+(e}B{ulW
zt*n?OZo{=|(vj1TT_&HZe_0T@?M)GMcI#zl-Mss_f+8`Lp*^9c><x2u8}JJ3O3wV;
zV0P*Ad$Y8O>x5-oKAo#^=HH_8+f4#iM@{0C`u)w#4ly*b+R@kvp>QX6U-SKs_gEy|
z06cG$3z0zkF*}*Jd>__RbW-}Kfkd6h$mxk-M&i=t0RuN5KeunWpY=@i+TUM2S2$&e
z1r13x-ht?wKT4m#8RFmXl;=qqcQh0Kgnw?QApBk&>+<U=2_N2244zm#7FBFfxb@_Q
z@7%iY1#X=3TfIGf7W#ujD-G!r&!5h|DP2sgR?;|_UG(Z;?vNH~<!|#UB!V(-=PE8?
z8lB<@_HaC=HCQkIpcf%}jsZ{9)=miY^_$qENoX)w7Y!VS%5$v68V3%xGK8Yy{up=p
zt=_lVSYG*nKM8w2{zALXa?P3YZ6(<o#<AKiLn*_`z1sJgs$aTwr-m$RzJ?T@odO*T
zJ#3t*vZoGHI-IbI#d0!yF0~&53Qzx2)pd?rO!D~Qp<PJAf;uWAUwCIw^|a#yGibwe
zxC2>82xz80{P#iBl$>aRms^6e6<gr;Vb#W!%CkN%XQx%tgQYx~C2L1+#3MCR$0DI-
zCYYlWM@_)=8|$YR%x^2N7%1=h&i#fgwLSAZn|nH*BsbH<KhD(eLuPjxyFv7~+a$k#
zQ2xQu(p1_8-+VUcJ(|opLPPgwQk3w@?Lf@)GjYdIG`s!@_+d@_aY(B+>JJXT)9-r$
z(slZItBjai&gY}H22494aat)mbNBnMn#90~FxTi?#~l}Cn#H>E#xFxWupO#hj%pI_
z)B1fRAXP#9uKc376R|#6R@T(9NVpVx<DoK>rrPi2bWDqE<YrS|2q`+q)C>lyyQ_Cd
ztvi%+^5~^~So*u0Rz|&ls!~pj0F$@ImHM6PgOG1Y;Uiw8YPq~inGp{ULgW789&}gJ
zo59}GbMsE@DLhbS3U*shN7X_`@MorgmkvEhCE2_&4KT#iVkg&;TG0+%g^Y`~hJ_eq
zMzwh`@qkT-(Gz=`MT}w036um)+`U}Z<S0#i`Vty}h_j_co=E)zgvAyQR~2Snnur18
z{A6SU6pY^rzB=NbF*TiY5uxx7ae@f%QH~b8g>u9kbt5!xqlZHgyy&<YUs0y`1L3k2
zQ#<3xi2aM+@PU`5-<>|Q-^Z*(RNkl-shvEfnZBFiwj`l6{M4kr1$Fgb=Kp^EvSJ+X
z{3=5^Lfkmz>9F6y17kiC0Z?9ppW|*|VPZg{a^(X`rEL1s&MLRK1;xHNDv>E8EB;fi
zF7Fpjwe4VRi|{FL$7V&_e`s;1Dv=5Q#8+NDJuc=YEAffDCZ>FiP_zhE9|HQ`fo2Lv
zwZt82K*m`fdWgHfK1lnOF1B@WOFZCrSLKQqoTZbW*&e5Hg?FZx<jMkJhP1M;AoROy
zuXwXWhKS74_?FIp>V?XF*WbT)L6ag=+TSC^f>ghWTT(thD}CR7znaJAS&5An_fce`
zt^|-a)rm^pATE5E4(W-=Qei6CXt*oXsR#H(#vkDv2`BR(pe7qt60Yo=i2eU)@#5yJ
z8&4Qlup_>yHeH<1Sw!b_sN}CJH@QouE=Q($Vsva)vZX2yc$w;tEB0s=zG)vKoM9_{
z(Gt2X>XaFzb9?vsiSt)6W@+~sA&)I3*pAUnT!)I?z{^e~Iy|$#2peRHI-Bp_ldM~7
znyX^JF791MI}6xq=9yb5(5OG4+$d50pgvdJy~cr_+X?N4AjF}<)l;_MLg7lR5_X6P
zKSUL$m9hLWBf_b^`n^2u*fG0(84hV4DMP6mL4x;+eKW-)9x`x-nG5V}m_;HQpPiZ*
zROnh*N!k5lkp%FbtfuRY<aK1uS+k`ZXW3(8ysZP(p!M0Y^Yq@FdNCIGbvDQEIDcwP
zJ^*J}Q8UhKgH&*~4vlAW{Fq_X7FQHzb$%|nCzauvG$Lz;nnWuw%o<5%&0xRi&swcf
ziF6TG6r4~spZSJNBcSUMt&#5z2#n6OsFn$NQg_HA-F?5rCy`6YrWFLJUMpePacMzL
z@RG(UK1j$BUx@Ob_!i2Lw!>i=a^u6n*-CY)SgAuG(lIg=TX>Br+3(~`#4DBq>D6>P
z&Rqef%nh6FKEjQtz=P0SnY4>$`X+ky_tZm5>sRLm(+qzgw&TFZj@Vn=M`4SxgU5}0
zV7E?Dn-HsSE3$BET?XUR)x-Vn5f+&4!9K7bY8}vp4`5-0My)W?0;TvUTDK3j?W8(0
zW#)F_rIDBEE!P470OfZ3-7+SlMN1YhiZwo!<7#Cq-I8S5Nt`3R<nO_GJniHZ(=^*S
zs3JTAa@alYWFe}&fg36uAUtoE^j_(GlD1d6)0F^1PVKnf!=6HV>;ov0eQjWYkXb)6
zb>^Foy(3?(h@PQ8uwWeD6#KrKQ}DX6P3fJ6(m<Fc4r_*9*NXV6V3>{wtB`zUHa`LO
zqvJT_r>qjPhydmN`U7#)n2F0tE5`^_9TS%u5P_;o7^7h~tFe)@x=_Fl!AtWa?m)MP
zeHfqJ2P+$i>T#!PpLLeUAuqr$2in{!GbQZClC-)k*X|7joyq>*5hi%+jWLs)Y0~Tn
zbv2)?pG<lHnQiRRL__t|DM7I^^-nsT=BzQgDI*&NErX<?u<p*B*m{<G@0#4orO;y{
zEwIg%2rpvLcMCsyBzt8nZ}SE&{A*-r$r^VxhHc(U(V1QkA874u9P{U~@c1}+UhUK-
z>`r(oO|YlVc8JkyQ!uNr&!>e|afI|YP>2H`k6qw8b%bvxvoH(&7%f9SQ%cw=2laVv
zvGwhB)}RC87;96ZRhy8-d9e~gVrx-bP>c+y6<Mwxs5RdbHINU~$5YqC*21pSL))Qg
zj5lD}^Pc27PU~Rv_hnWSrYmU6A+JCVnuh0Gp=)>8f;@f<kx)lyL$TskHpg^0rf3Q>
zaLyRn7b8gq4QX9VMt)|>Ml$wz1d1GPdtj`mbq(-t+6I5ip@>kpy|1>^y|RVC0nNY$
z7W|WkT`yNWgXi>Nc1BeESY$ZdqjVT$-x#J8q-zP3`NV(<^J#>pT^GP^@@e<3S0cSa
z@~9x1aW`nz*g%wcyQ+7p7cjua`Je|om}hRMzz9_bK7H!|FXav*T&s=(n(TB$HaB77
zw8h+KORF@Bs|r}E`<5NiTt5SI9{eVY#{jst-O;TFqg_-!*>8IO^db-C^Tj(t#g^AM
zx*0aqd=;0RDq0V;9~fqp=b*ub@DDvIjG9{hw1yoeCz9Ra$iM?u8#Ok-)~c?ms?%CQ
zBd7qL8kIb;wzZSmJZZcuM4(81U&_vi*)oBCV#)^;KWeFZ`AWcQ<yRdxf(7uT*U96=
zr<axk)e)+19#7cH_U)?c=PFfDMZ1vjBZ*;$Y-AY$N!16Td7PY1^(n_lx%~AY^n`d&
zPm$nAUn8kD^EJ>q3yDn(ti>5OTkyV8RmfA=sGmtsa=|ZVjYR-gZk^*~g3j2}Z=(^p
zvWtV@n+&0ep3u2SUXGR-@nZ)t7OKDC5D*Cqch4IkbEmn2Q+aAsbE`(uXPh)$4{_Em
zg8-kZySg^%;6m#OE5|!y;F#8MD$+DK6e-1{!CqvaXC;2w%^=YyikzZ=YHPZ`-?2Lu
z>+TKOeB3@3d#H~%-ZY3=JOe!JmP9{6QzbaRianw%?^Ce1mUS_w6n*D-*YWI9$0%{;
zksGhI15(V15Lx$g(m+5BTw8Felw`FgwZ5T>DV66Q3_6fcubzyVKA1}}YD{jUNWpq7
zE6uf81=KN3fD|scyg6GM;J8U7`UQjL^|d`;?39jaI^W<wH@34n@+~^FhbFXqK786Y
znGV%wJ4jupc@kc-f6fDe3v#Pm2O<6iK4>)Z?LR^#RYCr9pPO!AVy94K+Z8lMFP*Gg
zL-l6r`C(dvkUMACt?OYA^Jvp`5^sXeOIJYh>jj~ALDgaZ8-3|-!^a$VHCzqs4w{V>
zH4TUjUsC!YVOV18<bJ%XF7AB5bgYR^{0$`wld1%-N|@0Lh=~hb@e8mCvm*gZ`u<*<
zNb)5Y!oI=XtMCmi!4{=>hivH}{{ude<-h7GQNiWRYE;Nx<o6*>HTs1Z2Q$e<(K@=)
zH|_N3Z2bY1$(`OA$ztUrVpg9)wb$R+G_IzUPjj_B-w;RjIGKQuxuyKaH7}y(5jHmG
zbJeB*QPT>BLfS55)*U7cb?*(*kL-6P;ZY#+#`yMmtC{|YMqX3`I=C_srs3h`06lpF
zO9(B$+`}M4ZX3EHSY<aDm7BwZQ0gx~uwQ%|XW1?923<GQC%T!@=rNMbe?X3!Z&4+R
z3952?eR%0M<A0n}wCHQ!vs@Ab3GnOB4LZL2&#hIDLLcc1Mat_$TbN#uD5Ox7Lr!L}
zD@RFJZSG;~Egn>kK5HPi1BV<_uAzY7&sfVD1i^bF99Jo!716_uAiRKmMauY?`Q)U9
z<W}ZWG)cQ;`7*DnId!7&+iCUT72ml(0~TYsSu5VjV{(bkQ@hiav>#StVa@(?%R*<l
z+O3I67&W>#=ba^+Ozg9UEy>A&%s&0V+d6;+d|26}|C;9t4*0%oplju^y~yu%Id0TV
z#u%${uucKAav)HFbedImp5c6A08iItw}1pEZV7^~!U{LC5=BUrL`tF)e>}nh4fw65
zTE}!v96tk@*Er!j#wlF&_N#AhJue~@{|L@gk#-x2m*HI&J*;(QGQnWV=kQnY-Xl4C
z@6L@UVS7%pEglpF8^p$YB~5~66thcfw2bcrDRdNyx&v9TKm)D=8G0rx>I;hIoUKpd
zjNGg3cC71|X6k9rT6a5gjpO~hg`NqdbWAgjNs1l3CK@B(v{*2?+#h?-oz^x`4Y;t#
za7H7RGavTW`}vQ^0zOn?3E+hS#FE@YC;9?Abbd_zU+PSA^OY4|Rjk)SopTWj4l#Az
z4atU6)glOD#=8ZyUJdo1H)sK649voswX2#z{C<XiDAJbwg7aBWG4RXEWHBsBmAGds
zE5we+hzq{dzNXqKW0-I1IIVo(FHpbfkoV0(UJg*vS2ZjClC|K!nW#1+uemO{yL8{a
zupq}!J4%AP6#1lHLBY|J{Y{ep4|{JKmt_9`|9+=wUtFqDb0f8Ea~Uc$TyRp<$}DX$
zQ`C~mh0v5-5YeeDaX~bjG;_(Nv=kjmKwPIuL31G$!N6q_1(nbgalxf?S<UbN{hizA
z#yOA2xvMv>i_i60U+>rJ`EkB&Ok41GtZ%osX>yNk#^F8bDdHTl|I?X3qGPG@TP4?&
zdUof2d_OTf+Rww_n#WgG@n;vA?s#0Ria1z1HGA1NV<tb%hVXuaXF6gMgtu$l-L!7;
zR|)FuR+MRnl;_2xTj+(;@5KHpLcOCJ@WgqGANpgJx`cs)OS>iGvVn*pHtg}8X^;PS
z?i;yfQkD+FeHvASX<O!clTcc@#Z@Wcq=4G^E~?F#hdTSKZ_X!qvvB3uxFiEA<Cp!3
zV)FvE%jw%+D>9W7H5I&<bJSbo+5t;#D1)sPO?Tf&0-a-&;x#`Z5wT^AIbc93tu`G`
zbUe=SPKrhmEH08T5dId}Q_-43E8m<bTz(E(7=ITLdv#6mxmUiLLz;M1x&~^dZ%-Z8
zcpsbn5G79B56!E26bK?!dz(rFte+xzU93gwLNq5(3sW#qsDh$uED&P0wORxi-0(du
zC=F>RhUOF|gk=P@ivi(qnsR3__$A1fDU6Xv<_tCr-CWM6&fmIVJ23};!EI)=M)a82
ze3{8gYTW2`G#XZq44?NX+X1S6KY&reyk`tgkw~&(<gU@LYjg70%aem%A-9*OYw4&r
z6}w7#ZlJ*>eBD_Fw@GGG_w~Ibjrnw@ytnp259-Yoq4m0O9&UX;EUGSLkoT-sw;P)K
zg+H2IIQO|FY-BmF;VU-A8P*}^@j|10ieq<ui3)`RN>jn$^ryK~@xLn5vA^AohZQ7*
zNN~<O0uuB-copHz6<Y+$aqz4Xfb$an<+5dKFsI~nK_1hiLu@|PV=;z9d$Su~J6h&d
zwqntJyhq^~d?~~;X9sGlEUkOL{N;M#I}P8mG05XL^*x5WQfj%EVWRO!l&25t&2Nsn
zmR<feE_0LlqE*2ubg|4nBidrMk`}2<O_=&qOXs)5;{8?b=1*o3>H&jkT+pv^`z=%s
z6FVK_{*>2mde&OzizzepRmbL`^!XT9UMShH$5y2dCKmR|va1Z?!?hKiiykNn@oM|w
z7pUPFOVZ5!DQ&GziLqb7(=j=|j2-eM9NQr+K}(H#RRT$w?^X}}tC^tKao{xwo2Z0f
zg6yyTEtj7`%x=b{`;(J&0@5wg&;KMf{IeA1TRvA``R0R&V$%2ch$|H=F#v^uZJ2?T
z9_U5t7#0aD5Mi8$%PP<yEha@tlwTn`&zagupH4vV*s9>7s@4!rZ)EV<H8~@@pz30y
zF6WZ#&fgTkx&Pc(oL?=h`Nmgon%UizI`SwZ{4*TIL5vr=4Q0TK^bm%rXDU78{z1>t
zhj+Q|-45O8+tw2uEYNiIqe6MZ?u8^IQDY9#Tv>i6bJ|USs+^>Px!lHM3Xg^q@_JYB
z)t>P8bPeRsUMZ+L>UD$|>-G4$&RJ=e7Ti;`fcW1pA<`N5ui5Q*`?4-3hE$nEU4Evw
zXG_;uNvfWR2G`k9AbK{~#4FfjsPG16?04@pRer1J^w44-Mhgd6eQM~G#OrN`AkHPr
zn$y&6)KN*VL*ubP1NF#QjkD-d4A`Ng@O?1n{%^%opS00dahEqHgi})L6KP_~`X7qy
z>e4V~$vOG>Vycr#Q#fiv=-tGlaHr?0YcBf_c_5#>5oFNdgq&HuMBNO`?%z8}7CD2c
z(-*|O9rv^qA!o{Vi4)|WO8B;^{ir5}LbHTO0dupxoDxk~l$ab4-~tQRF%Cx7O+G}d
z<0JDXB>~QysGI-lKc1_fp+2}b{|qJJ%}LD0+x66+dxMX}9kWQS&?`TIq?*Z{;c4kH
zsG848Vbn=#+NDpGz05k;<T(Sgg&cmp+eC%0=Y~#p63zRbxKae)>1NrAkJhWtr9;zN
zk)^#71NE9t;{wAuy>91{A9W_l>JYfqx?vAAy!g1P#HhRX51P;CpRVq_FkS1FKvC(k
z5I-AyestQ*4KP5Ji<u!$D<GMrolW$1Dy_rba||*{$G~gI_x&+t^&(`BRlQC;t&vvl
zu;U-AaxjUyl9}iG_`1~7aw5+yB&GUMEAofQ3J+8khZk4W8X1LM+MOfN(1Tq*C-un%
z@%x8+zf5h)YZynh3Aqpc%CAse4i8eTxtanjI$5CUUA$~@V^%3cuZc^`lsu4VP77pD
zcTYN`yGfk{1(cw<tnBX0qR3nc<RzNgrIf(M)>Y7Bi<T~ZH3?qmeX;V8z}8(z@|ukt
zQq~v?&Uk0)-perj)MlD?td-$&Vk%lJ5FwXcxZNGyu?ua~y!b_tu=Wydmv`~LuM2oh
z88WthZpO)`f;R*NRf<=|Q|V(;Z<-r$pv?#jp!>XEb3D#Sw2|UrpX`Jqq&fDLo2zbf
zwI5)~viZTC%-caPcdb=NdZfz;%e8jd(*r4TD|5IHri3&VuCv!7+-rcF`TXN>L|Ia{
zJ^A987x8(F>J4HSdq_J>joco*aLjk|5~*0Ze_!lIn@{&HbgW~rf`yWX9;5PrrEM7Y
zg5K>LWRfgD;+-vd@}4|+!yW_EgC}qmJMJqCv1F3uz>oP(YRl@lUD+^WV0g)}SgGhH
z;Q)#DkY5S~n+6sR7O*qwPhIIi2?`STD-J$BFkZDAo!&z@JRw7IG)c6SN@R+tFpt|+
zTak|Bj78>wP!kSU5nuNw4xhoYkN*xy!DQ`rw4r-t;>w;G#%0a9RP-)7A!5;(rNl|n
ze$G4W29b~RN;b&WkE=KailUovcz;lMe<yA38j!&A>rZ-1gi)JUmkQf$cXY#_<8br&
zc4@^btX#V?JiKKacv`jF!x$uKbbsh+zekA*8-Q1n?-0O~PBlqnwlh`lqZ?099X{hK
zR+Sln<lX`<h{f&X5imiG6!g$5#&$n=`1uB&eN3{2(sAzo<<#rRfYD&3Dm^E>1l#KP
z=^s0j*e^j;;3#o;TJ%Y}=#GKK<8R%>KdU*~fN#*yqJ#})k7<Jj+UZHP&Ua0ORb2Yy
z2>+JJf(njKb@P=)Te#_d{j;Wis0}k4Q}(t&|52Do#+Ag>^Blf97LyH%c>Z%!rn!^P
zk80NiIkJ=TitEE`Ce5w=Y(U(u>LVz0J30)1^K0EhcA74-=K9YSPXIOHL9DCh<@z%<
zu`#6blfBroKjcW8Na-5uvrqB{e#WsSf4#MsQj`y*vtnNy-UrI~bIxygMyP<VY6sD+
z8`fF`$^J6dr5)O~`;nKKC&-q|tOYG-BCS}NT49|TnGum>A2HK?ytvxUbivAePt?OP
z4aYMH;cZjZ+_M-1AJG{0LFTvsYp&mTk&o@rer`yWWIAMw^yW+m@ofZJ8|v@RGDNQ9
zo(lSZ{?G~BOznhSP(%KaqkL`gKa-#@pxahlqO$hl?;G_#TKYv-{qyse<@jY~wbFKw
zcR1_>{Ogy`P>DcTe(rDu<jpGzD{t-d+~BuQ#9L8A_xQT3B^ym?tzPp~)r+iUnU#oo
zxuy4$a4@poQIXxwlYYTI`MM67gITJsu5JDrUD7xtw{}NGl=n>5Uo!J~v!Wr4jUEac
zv$0DBVSI4U>d!EIm`W96jYx7EX?c|D1nCN9FATA}#<4n3${8!>bgq@mFL1a`Xffpn
zKNf??Qv$l;;m<A-W01|t7iiFw%hlTtcPoLJ7nV+0iYt8z9`g3%ZAhD*jTGn<B=C*s
z*8E-#y(F`8$(4!2rhr1-9~f<|H=RCj3&+GBV%F*<mW^Yh(82LXo!V2?qt9sF`$7w8
zZ9?nud8lN*{b_yc36BhL%arc;x-C%tHObE(ZEiViY6b0|eS1e)=qj4s6@iH}uP;1b
zF8>_=!G&Hc!l0ZXS|}-uPKxZ9uI)j(^AJ<imq6}PIQR<sc0L+pW7;iw19tp~BgXYp
zl|**~R-W)~hSeou+Iemzm{1!!8_}J>^7x3K2$$RlY<~hh^Z;8rH~f-U96A(&uKU_5
zQ*c;v%~erl@v(Axz~@s>{g3N<X{#PFc?@(S9t!rGO`sZ>-95VO-e8~n9P8>CdXRYV
z@xynBWb91_!m{m6m~AGmF|%hDx~y%SA<3X5OTu<Fk0|<R8v0T^o@ivl({~sse19u9
z1ALszS0gsxKVeQu2_aAEj8~1^n{&}3Ej;T}{02k3v$?gD=QCKO^W;eM{FSed_+J^=
zzT?)5dbdSCPqcZQZ|4dJ6)Nle^4`=bj~x-$F;VAvRu~-|yXhyPY<VsABTlJSO{l2Q
zqa3=-%s}b1|B^fFec6iHR2v{Ym6QH0MdY*E8c!-F8&UM*WatsUre7=SY5%lg(q!+C
zEMF#LU?ITT)flvJ!X~n0$nSOUb?&uW$uN;Vf1F=?!93Z~DD2^-g`_AV!&-FO|4zcE
zDqV%wqs1!D_<}VF0VoJ|%eP>lbeerIoo`Vr!f|GAok`<d)foe72`OfeCF?KTy>4_(
z14vtJ&o112m=9G8nRrbMGY($$M@O|xY_Pv7w40x|`wMpKbgxUz{1s?YGj*c;h0K`!
z_3flq(01L(ex?v6yW@tUiOX#K-+mO|oV4Tf<x^q5&V9yKu6#zFAO43Uv{{5%M)jYu
zGL`2E<azu{bllqc;<+(z!8|DG9yMIt!EOio$%2NuZTLK&3kBvL9`9#<n6?%7eKg+B
z+w#*F>sv#Vd;6AjZYdZVz)%tJEIX{_Rj}3Qz}kl1>kk9c4yK=;EFB#oL~|yGk8Vcm
zu<c`C84E+|HA-d0lDoSdk}Z;2>$fAh4&|FdO6TMrx>7JmLJT>SS5WcCq5xxi_qk2;
zv^x@=R7Yd|M4+VT@fV*tnfXpiG7~GCuEqmF4fj}$qh_!;b3rNO0jBEN=S>}|Bhj+>
z)Es4T^PGcH7?7=bN{T(J50Yogmu^kGgT$d~%>bwe>FXnxyvY6zD^t5zuZEM0AX*F%
znBwP1Ab#F&da!D;7t}+zif*@>a!S(>#Z4r!l<_aOui*Y^MB2RR7`I+{BpzxL@;&H?
zcT+;eZD6KVT~g66YQEOF?lAu#ZZD6&{o=9K$hMalPhBY6QNWtM#IwKfQEQs3G}gm7
z92Dl=&9&2(g(wmEtSY)EneLekecVmOcnb(r8(J~g>+ISdHX5n&Q3}=c3Kdwu_VGq^
zM!dDc4wzj{@t4xJNQbl+D5Nlayv3?T&3txcJ1BgZ28+vhU0Hwj600`G^YrXUsrTgV
zWi61mT|X1r5&g^=;>oL-`?S<6ZiC7+$`$<I6;-*>I`@xM2%d=7H7*QDYu9^nQ1~{F
z>l57rhmu%TkwHK^gq@iX&%Q)?{0U)y9~L1U)!af*&5<@wudnI3Nq&kq9^&Ys)y+i&
z3&3V=O`%j?{EsSfD?A7llzSd^zML7J(gzYhN%d{>oq0OX)K1WQ%8j=wkV>{nAITOd
z-W=lc;eAcdM5@II4~*uH058C>W&pCa0?b=)Q3{jF3bF4^{EiWgU{#3EyvDeSz!<co
zI}V{7IS`vhSKhjWIj|CX7PMx;^y~ETD>iQj#FO~+MwiLuM52JMJ=}k;EJ^u=*T*l)
z6^I=&-Nm2i*Iak-1Ql;}F?|RB9HOwFa33inB&}G1`SxZjyz!!m4AWqCHfqU}9U*Fy
zgim9C3U{`RGBF&YRO0Rm@v*+-RhmW56p9v^{1k}FhP_`t93JTma4W2~o#sUkQ7z@V
zDle#8)Pb?Fq_}X#%H-1*_QqpTh&&ZwHR-DN(;RvZrmHjdytFQ#cAW&1w&6LCV#;?F
zP%mzmX>_=D2-ZS!x<k9>5afjVO?2@G!1<1Xk$4(w2JHt5PWX?LkOW~QIoQ?ylFLsH
zmDN@+{(f4JP)U#9KdKE6c1rddC3s%Ro^zS}G^aJbA!Vw{$J$#wSFz*~`;QUq^k&ci
zd(dFZ*d%ED_*b#my&^VJGty{s8er6H9;oHERo|Gjyuq`Yg+8?@GQOl+is+6U@QXp4
z!Db>rUqv$O(D`cXAuL6bjXETww;0v?V3A}Y!*2lK9)8I())fvxePE)~z+~DgpDiC7
zmK}8gEi!l$^VWZQ)KsWjEl>U~6#EV@;X)A+@`%PK4Y9Cos}pLRM`P={&LKC?p;J-m
zl^$(UduM|5f*24*5;llkK5kP@k)OZ7*y_<x(Zi})E6nDngh{GY&`B4ckqS-(%*Z|H
z5*DJ(Np`WETrph+ZV%~nQ*}6F5T}7v_XCkADrj<oRY#$#VgU#2^ET+^tv`7B&Ad&5
z7?GqBy6TEIy06*wXwmouZF5lj$o{ys%F76lFqgEjZDUT;D7*8dc>G+yz*s3PNkIr$
zHhgY(6zfg8oIJ~oBrf;OX7y$!neY!*dl$a;4CT{H{+57wmwi4|L(g=54%w0n*eO%b
zZs^yGe&JRB?SWf?2bQ?lJ-e{mPJb^Au?wTu{x>u+l*5~K!=p`oOU-R}YlS!;Eb0mh
zy@^HRF6;?ju5}ymO2J~hlI2)TP-@68J<T=47M)xVhUj8F(NRmkR2pLZ3nJMr1(JgO
z<C?lyufPrU8Gl8t!BV)X1NNJvQF%ZHU^?K_T(NGyZ)oDT_t^aXy!#*h-s_<$8yLs^
z4L0l1oRcqw9e6*#`*S>6)w|7$K;4WSE;bu4fVC%0UA&-5CG_3UA@Cn{XL2{bq=HdA
z==wdhxk8<SQfwupU{LZ@gRVKV;{fQKH39Q{`Bni@2H1D8%Z<t^6L`nz%efe1+h#2A
z#fz3*3J5#bmOBLo8N3MJ7&`oFKWb}e1BV`FHh#1q=nv(~+AOBm*f}w>G)GeVn0l$E
zyY7Wg>oK!Qw_uhYZ&+Qm;^d58d4SR$GZIykjjDtm?8uVQ%8xkwf(#HWq)8T1C17=Y
z05aY~zu~)|b@kMFtv=pE1^c@G10S+Ez>z+8Uxlk#Sk63|Nf#KVLV5Si%N-Z%Z+y0J
z4AOPNwzrGNU75Qdk2>BIzKN{x&A8MOuoK!dMWDj?0lEr3TBkSskHMYsA!tu+Zg)(u
zX@bspc<Y8AYJv{Xy1RlFRIW-2JQkskvrqZAID@JCIvpy*8+r`ZLKMfPbG04qYjnVC
ztJ`x%B2oj180XS$7jB{3$^0HfWqfVYYpJ%FvZp4k6+KC+=@4r7Uk(zwP6{<pVQT0N
z7QU}k^?9r^YhaWAUzW0ugZZ-?U!KD6u$cLIlCI;!wr}Wx*RVUO9$qha$*R1r#m*o}
zoW^2SShR*#VD{rAxeU99i75n+s8i@(zIwFgG1)F*uB;b@53(R_{`}zqryw{~YeB`|
z>re-TsHOLbw7#ah@0*8hVm<I1UGu{OP?SxDEyLHrd<Qj5`X$L+G`n3|2S$<BWZ$=5
zaeP*J-6-$@)HY>7q3?rwF?v|=oW?0yiOJb`6J?;BCdD=a{`2A6UL-y#I>9wPqChL8
zCcZly2-6p9#2k1#l=0i=bK{p9{`n`hmWgD?K1Puj;kh$bs<zFCR*ggt08=<a4OMgU
zdZNVyc<p86h5|D-Sqk=BW69-P94Un3Or#GTVdcorB&n`C%0ZBqeli+g=9t!DruJ})
zYCDok(izv3)zZuqDjt=P&BhA;=%JTBzG|Z9R+iFBDL9TtWyAa{?|ls;LM!%x2=hZ6
z^KZz4t*c*nB0p%&A=kaZofQju>m7wA5A^=YdZY1o?@N81uu|&zj^{C6yaWjWv(*(;
z+B7PdH=28AwGmZ$@s#TGNlH1r$L#WitG$NmIf*K?^sH)F7tMW2?sAAy(JfP><ThEm
zyqnC20hJr!DjG;-H6@khQu_OIjjhXjinB=WOb_d|rgRjs32~(2ypYiDMNF76d#Njf
zs7u4zP&iBLOC>GxgRd+M|9-;UO?N{sq)w#z?D&*v!yTr?=nmg3x94~?YzgLI&lGrN
z412WqmRExNOr@REKGf{8CQld*@Gf{?n`rl&&8f+&!!CZAKtHTG>5p0lD(ip08rah*
zi8G&s^=g6!7P61d&i23C;1!D~qyju0n_`HzCF{X03047}`Oevit@QaaCF;k$#93PT
zT)b;D90FwtLfhlnP`$Y5zrX3AVJDD@2Lq8l_p3zlQH4pEmjR6T?#RPWWDaaGI3Wb>
zkuKV5$;Ofgf_!q~!--RwxA94()fbgq1qX`=U2__emtP#}Xj2~UI2EbY3*li==QyrX
z9*yAj7UUt5nYq`@_j77`O)FH=FqEZ#hN|~+NaVZ-Z|BofrP)t^TMRBlH4I?)azHSv
z+I!j!Cx?uEEyUVs0f<ZLx6*pQ!*)XY4{tb!1~9zEK1)|6&DE2OU#&(h&bJRR08eZ8
zYH0P0)Wr{RCBAnYu+dIJcQo`wvQh1~Qowx8P2_cl%MW{r<xoH2>;8@%NR!F|-Mv(H
zu#lkAHCk-(OOM3_mV5x*$m6Ds;!$&QeSS67gkGoi$ZPDS>9e!>-v7M56ic4o{r0jI
z2#~hJdl3dy`f%-p$Dt96a2DIDoQT;5NpBQqv9gm?Y+*n#?9#RKC6H=DfzERF*#bT*
zY9Q`IFJDiW#as%^$p?wkHGu3?P8cl5PqGrwSP2tV#vn503S*j2a;)@259WbQ4g(QO
zL-FoXRjGUz245!c^zNW$28h#pnesmH1Y@rcTDn5T>VG$h@Ox7`j!&2k&t3p%K%Y3!
z(&QinX^5)9lJ1#AvX1pyIKJ9du^i_T>~*$&;=EWtF7@oHy~Q=(jdIsTFVV>1=3O4^
z^xx-*4#B84z<-LQO2t#r!Je_dkPXS5<$E=F%D&R*6!5;kN0&W{myeO)I^7y<gKOQs
z2vSPGOh`_;Z>bYih5K@lmy2u?1#%c_#_A}n02OFCdD^Z>LdW}`0V0Qfv^_yi+d-Z-
z#C4!s%2R@P^M#cg*C_y+Co<{&fCZ(x-{3Fup6)un486Blm$xaO7H)HC9fqCrZ=<fY
zC7)9(iM*U#Z=crfb|g`1L@jI<>G-F=Z=MTJt`IOUn2HY{kc$7z;+)~7v(~h>V1Au(
z;y{cX>Pb(^M5s=Rwhk(SftLM_u=6%(G-rzT&s!MVjNDR6+GXiSvbN#sj0n|ID^~EE
z<?yt@E2%Zk3~N^(*3KR03Ag&}YHOIHDAe12_^`)ygy^(olb<ecuO;Wn|7p=(;Uz!M
z=y|?WzItTWFVWHd^pM6(%l9aj%whvoQXSJ#m-$8hA{?2$gA|;spEv+4pxI(7Apf0o
z6~p0Y5~zC>d=H`I+ErS1`=p$Jm4bs&m&<#w#FRxVPa7V|zkI?0RT(_%Pr)lg?ne!^
zE!STD&uWiU6UL)BimC?@lCbcP)pFpNWMRP3l31-E0RI2jYK+CXWbStYH%3)pNMyi5
zpPL0%`>!`M-9p=p^f)B)=kRx?@jQG4;%yRao3uZ(BOgj49<KjfNPeBgycmcZyvCJO
zlB_~I9V@fIqA3KOa0b!ZJK6cC02*aO+}Gj|qyjkV`!nl9Y@0eTB?oL5dlkld9lna=
zfvKM5uHr4>+x{Mq>Vhj)F$EXrhFM__C7w1pmx3*KRmkW6=OypCB&FWxoIw*ql*1<J
z;UAcPDbz@hTT!PMc6vHn45rS7w?^D<xA$i4P9SuuPr=D@J)*Z3qw-8L6{2J?j&x3P
zKhNGJJcq)z<Qp%X4>{gJr<FhD4(e~hkN}E({nsn{;U#-R<D-)1Eub57HX6kI9_(l(
zj*2#wdE*;;^e6BWYox#qZcbk5J$!>fP9EG~tc_Qe4+t#|a2_8bo#kpaef<ZTF{KEL
z1{(I|su-Q_lHtGRm>8nOFsiv2eGgn=d+dtPFp+ECnLGvC7x+K}AWM{6cX+Zo*;05+
z-#!20V?6ni3rTzJZ9;RzTOH<YuU&T8!~Den?~1Wb?s2#cSGR>ho((Ma2w^Za?kl3o
zil$$Unna|1KJ=v%qz)J-H_IWL^2-mq7Y>-Y%5qyVb{lINnI>TmuMeN|(!Jz+lfun3
zJrPq2^5kbZLAK%g{7VV?%xV>;p2Gm|RHx|U5(3y-plo3*zOECw{0>Y6*QHV(<k>CW
zS>3Z3gSlT~ew``qAJs%g@cEfe`Sog+4TzCbC8OT>xmlr&2@oULIbM3W-%e_Ktnq+f
zfkpB*;Q`p=9g?`CPp^bS%{zC}6c9xuk+B{F0d)$<FH-Ex;x%zG;!(^wyw*Jzq{*~i
zhsV9}MsJib%}IKc+wlh>Y&Mh|k+9yr3|ww&tPi+z0SMZPUmxw)<=q3+FN3e<%fvPJ
z0j7-}d^IrAV+^{y(Yf(d1JRE%OA|j$tzNp@J2J6mtWy#dTlR*bMjzvK1tN(*VQV{Q
zqppPd3#EL$6kW1m;Q5`tK}mXl8Y?`yg2dAVFi}IRpi_Ku26gFbknCn{&o~qp<9&!!
zu~<{n4Q1(!i|vQc$2On2)*Wfk#fUYPVN`9Bd+VJPQ0&{)w<%gRZu%&$o=|N>ZAhb&
z{kuero+?qz1(Gn=6!RkUS7<*$V-ET*tjB_={}3u}jQ-;^XcF7(H-lc$MyJdIn|I#$
z!r@$B?{1M^o_NGU>wHT&M31Ms1!6we-ErHnfA$Xa9*`ye#uV(+Up>nLF(D_wO#4@^
z<nG6ad&JS=oUyA`Cjgx`YKNez*g_Ft6!^!Uv4H-usJRcC*rl!%tYIEZoqe*LR9(^u
zUB=$K7F3=lvlVQbTR=~!fNzX4zzt13RxJSo;>d5a|EY%~V3X<p+HBr&DecAo#JHDv
z`2u3CIr2X(D5(k0Sovf}*va2n(9TII^+SrZq=jmsCbXMjCBXvgbQ&{rJ+Fbq1%sFX
zvfGy9@{oXvA#Z0;I;?S*^cab|J0sBUnRN<eASG)wL&LJYH0wd)?fQ{-{F2iD;UHK8
z%jmESMDc{#_I{XHUURJrsdbiN$UG1GB)r!a)e)#r3VU`pKD=~FhN~$*g77R=-PA^f
z?yF>h(9LCBcgv3W5?)~^vlu1{G+K7!6}ImZy2od;!gX?!RxWh!Vm_YlIMVz&n&bHN
zyAiwpTX6{`^Nsh2&>`#CKC$P-m6Lk-0D>b)VUj_^<cQ-qfhN;`-!hp|Mb(M$&S;!-
zGF7wH^NcQXc(a>wNE!64c-J{0<3K@7A}u8sXCR8IaR^oq(G|~UCf()?d+bnf)F0F*
zzCI~)zjR$-Z{e#pKL6i#=o6n^?2?Tpp8b7He0nshGP;kM79{pZ?p^PlK5}W1KP!=G
z^DlP9OPZ<Zt%pY$`EJt?u^3g;YB3@6gp*0)rOKehm*s4G5Wq|zW;x0EXF~2-n8`1u
z=J=mws02)!BTBx)zK8$6l|Er#RZl!Vkvr*PkTnB6cvmv(lF<@oH?Y=Sj3p+%=$=l6
z&vdF?P2wZoWXEg3iIoN(<O&^$1!S<0cfzK;xZ)6`yLuF7IiC8ib|-ZJ+1Ap@>;#xg
zqGc<3McTL%f@YU`9;a|4mF)5z%yDSUKK^eJbk+NPVldzAssz1n518(?6J^4?Y*f>2
zoHwM;>-fZQy*8q0Js4Q1OMN-WJzn2&oP+QQzPLk74byuBorQRSBml%{PYZMqrJ8o6
z()z^hHZP8oS8k1Ogw-{yKP%<-z?1Ng9jhnNe`ENoMyye#Fn&&l>wS|wn2MZ)=;q2_
z%ibh<LVud3X<kZe-<=mY4YhmpbSbJak^@lga{QVLi9DU*dQ|NZkvPG^I-Z#e5>!1X
zaokx+!VZ|i>zVuxJkg|?I{`VBF0ya)HAc6IzlUqSIl6^P@{{XTseSv&2NYH3n2(_e
z?+`Qge5U^bfZnYTIktF-jUU5?T@4f}A07s;K}d{ep-_?LJMKyB7!S)$sSaxxNncB%
zhYr(-B(wmV>x=%85<LWrjkSP9cpHdzWZTKRe_d88c#iap%M40eXZBatc4I$u=@iD^
zq(?+G9Fs?9TpLE_Hc>h{x{+-XNnlLoQ}&bT63_B|a#d<aLE<4ry|+~Z@-))J+*c@&
zW<PZSKh`Aix%=;CGg-#~qa`@w2g+cz4J&oVQ^${7dy-r-T}6PEKivF@GYW^<=VS;p
z_3+Jh6QPY&m32zXxo4N%-dq&OkU5Q+Hf07Uj_z_6YxwH=lnIYs<+A*RX6#S~jNQ7N
zbqO8`0l9_*=$7c~EI*3C<_e|<(we`MIc8TUd$~0y^-s>(IHMZ@?LwzeG}<!NTuYWI
zIA@der<ZX5-;fv7IBYJ_Qy1uYXC&{jwKwXta%8$-Ls!(fHX*}g4%gV*>>UJA8<m1m
zug=KBbXf+2NVR}p6Conyx&J-4#+)Atjo18pZ-`@==gq$lgs5~iw|b;Go{{NaC!;Au
zI>XGgfY@5=CPob}FdRN$#397TC^4ZnX(Djti$+mh3L{3B4zAp0d6rF<h_G)D@}^V0
zRfnQ+j*gAT_}=v7Q<Y-v@8j<qvEYSH;2%XCM?}7UmhbgHc-hSwzFHZwla@u@e6>PS
zb*kuOBr+(`Bc3)Sw&R36&9k?d2KyoQjh{z*V+d}8yaZYkO|5{#o6=p(Y(Fj_gtHTR
zX|wK@568b~;<QocOj!3%IBH40e9!)UYfdt*MDIM=beaQ1)-P<Mq&RKuoY5%YhyGI0
zxnQhV*sv=lq$R+o{H+YUkL%CNU|E|J4l}`Lkv^8Zh^ds(Fx^FsQ0^ee2lHb6xl&=O
zX99yJJ;ifhTRVATOX`Rw_(d6?w%Gn(->)~{t#b$T?)-s)2ggS0hkUDBF9>CJE_m&s
z$Cyr@V&~$qg62Mz#mKf!nCR3^G$(+VjO&lw#tmj@U++L9g((<Jf6R+86@1JUjHovu
zY%b6Zy93#Je-F;bH)D*D#s&{V={U~dqs+<t7vJK<-;(2*E_Scs{OAn+o~_H8=)Tl!
zr+^*JW;TIEIzz8Q;1Yf1tMYI`Ku{-puwX>EWL&^C2<4}gAl-Q7JQfwke1Lt3`db@2
zb3TWS5*mAWW!vOgk{n}uCLn@JSrH=R)AkMUM1%22_)mYAbx!9QxKX%@CS%Yy3gWQg
zcRTdYmYmd2Dk8%U{Xl-oXjNR+4Ei6)lM-cDH^jrmOnHr!WAYTGoV?dnK&bLg#%fEP
zI3WQNtKj13x^l3um55oZy9hmZ#@B}@63kmX7%pddMQ>S9XH<s$UUsoz<Q-F=u2HJ*
zRRDxJzJK6vX<C|H|1}SI%XQOh{P0{oWU6h&&zCix-_Y2yo1sZogXcIj?+^U796Vwj
zh;9q+oL<)aK%!OL58p)}h4{Bt<?QPjW1xv8DDZgTPKAO19*|+TRo*KBec-)yPx-kv
zh_Ch*5JWTK3{^~5uZzU>GFA15vBmWJoUR7FckGb<X%)L+H`f+v%BJfn$eh`yTMf7&
z?E3@<=d41Avp+^hfv=012+65>aO_eI*N}C<A?MUBcp;k@lWPF=Vh_FUFkl*`gdHq5
z4xWMRc@ctZXCg9gATtX)N8A^^lVVWC8rVkA1pY^)@*5vv;nK|vFx<ik5*M7P@2;kI
z2XO5#Y|6M?nuHiP53nDU@n^xo=9gzR7NWML{#Ad&h9s)9&MoFNB8KG%{Bky3KJ7k(
zgLNeI4mS{;9*M(7aa#i$?qCmA4g?{QCR}>`me3tz7iVU7-h1@*Y7Okivw^#-4sEyO
z9BfOZ>m{h{BOSb-cB!BrQ+RteCRqz#n}jMR*?R$^-b+p-Cx&ys3}^yBAvgFOpjXcx
z<IZ?g;;kz^XDCO{VodtI-aC20@ww_nOUG=eg$_PXIl+W^krn(Hv!G6EUE9UloQRUW
zO7!R-1NvJ(6XdH=c7Wfj{#}GuEmaxUc3zLRYW$$s)q3$xGI+<upVydIf<^vbmB_8K
zIv8DGVTXQC2RsFbnHI(*tZn+R`ypZgF1t8PuQw~BgpC|8c9;FEut=sPU|#L=9k|bp
zhJ)DKb%tsaZL$Mz$5$`?OAq>%C!970r5dIOro)rC@i&QB)kC0eZT>;hUSDT42@F5V
z69HC4wj?Y7(d5QISgIzgb*~t?kctoLz$HgD((I&_wKM}}WS%+$JJB1Y`g&ZtK8`v(
zt$DCY7ecB(CwjTWbRV|9gyaPJWQsf&ohWw3s$!Ay-tE8{guc2Ol}+Z)?tfi`CU!=o
zaq7hvOmMihcW<C`%p04Fr+Qt33bJLdACrK{D3+SD7H35w&Y?1q6%r}ML}8YTVVLl?
zqJDGeoGpP1@+PeYcxGum^;?1g{`9@I%0jb!B8L?W5!vC}u`uUadU`Hva{G_G{^~cM
zULeUmVKaGO_R{Jdj_+0JWW5+gtGB2jjRMbmk+^1KZPLmVW=L7jo=>{ISx?0z)I`$)
z!rDi&$1J2G?7$Edjei>K%a>@nN+>N6iSM!qDu~LTfAI#jQej-AIuPPHaNS5AQvd1y
zo>5az1K1OG<@&_{&ujMs!w@wx$lXVb8yt_$;RJ^rZ0riQZ1XM-X`2gEmu40-Sa464
z?+kCjD&qa3Ozo?|;W7~WWs0XD5Lc<0ajE^JCosPZeK<Q)+m6!j<IZR-c$jlC`jnA$
z{&e;K;(+Yt9K<W$-7xfZetdC#oz&JJD-rw5KSVYI!G6Z0VAaDGOpiR?`2-_~bXH{;
zQG}5Ou7tOtDtyc7E8`n>$|94dYpLL1iF*gG4Wg)q!$bkM-}cm2LV_tyxAHeq6GPG@
zxvdL*vjkkp-tSl+!Ky!xuSA_V2WUW#yHX&-2OOKPaqOMdPHUOEriEpIMHBWFm=JCZ
zN{pCb3;hKie)=M*BmPX0x8Oj9E3=XeE`P^=j480TS9P1D%d=-C?+OR^&|QYH4~Gu6
zlk-Afk_(I{w<Vc9Ky~9vg#W!6Ck)t;Yr6HLoQvuz&<Xm^s(P332)HUfxs(t^o+~Yy
zokD1#k!9Odso5#p=%F(qNer){P;t~R6dD|#46x5ECR68nbMtD?3>U0tz)Z!mc{dol
zy9BK&$VTBm>*8YmBfKMi<(^SulU$|gBmH+4UmewHQ;(Gs^qsI9EJ9ODawmn(mFwVy
zmv_PHr_y^$w2<l_2SAvYIyGH~pt|8@VwwACd28l)JZnTaoq55~Kun^rrIa3Q88SR&
z03@5v+KLryqD`rI0ICXGEcuMOY84oIT1pEazEl*v?v6{Vb_`ITTlMI!R+MkG#-E~Y
zdUEo~$>+0rKz?v4+fGNZnQ8o>`HXNoAe<>rwT6_viOxOJx8`p4OrdqtRX?1muQN%}
zd(K8&*FT-+$)O`OpN1X?B0AQSrFXUT`y^H%;m;3~7_P<OK;x{Vjy99$wv+-%^zZS<
zZwc6goYcY8zyQ0VG9COb9!<^~m8M$3b&mYx27a97iYTmay~UoJ(rA@SA1f1=wWSD+
zLkyUinAyt?D7YL-fRb3SHfbl5iAbt<;PjM)kxhp@rY!)4U^n9>NEQ#?@d>(*k`Q(s
za`vC^Xe{&9<*Lt)yr!>+uh0wPs_!O|gM}7AyfE52YFkkU2G6qGQ`wPF-8Z{``S?w0
zaG3FUN?0<ls>HN2@cfzbpF2ah%d1t8DI*W~B?p9%a*+t4m<VYv249_bBO$tnBRYeG
z9Unjf>1>Ma(v^bE|1t=4S1TCdCHBv%fv{<T@tQG)nbJ?~%gqVd_DTgWFa{e!k~B}0
zvOA}aa)*xkxu!G2d74Zf_ydZEa*_#zQ=<&`ni2h|oY_{yI!xi9{@NbasW><*4D!%j
ztCPKu<!K)*iE^lEvMc&nAeZw}=-FO78b<D|V!2kUaeIK`Nlmv2SH-9u2R}37ZZNH%
zHDGqfY>EThqaxi?X82%l)By9mmP8p@&t;-@7b)IO(&Ffv@|c(%?T1aRncOp-qTu1W
z3dSQkt8Y<FulyzGLK-)u#U4Pnri7{Byaf0l+55UKWAoWCV|7UYU>f-bx?9C%b;ayg
zJ<L$?Pil@oF^f?9JQ{E0fP3U0jN^pit&_Y$;~Ccn!YeT(@FvWRJQ`cZnUAy@7@(Cb
zUr?8Y){uW1@7swR02oeGxvJi43vR@#Me~?pcg%opAZqd1q-9sNWsZVo_aohnTZMu>
z2wwR8FWXm7T^v292h2~O!VMIRtUa-Nm@V922HV$iv(*uVve!jrOl6uoaNyeFwuJ#U
z=A!<2A7o2_08}`OM}TlCXBt?$@C5(ix*MIr1!efB6+&X|4I<2Z+zs49mBLt=)WwwB
zOWQLDxolfw)V9Itw?FdbtEDo&F-V1H*u{O|A`kDt)>HA?Xo5~-SRlY4cwF03P<e5q
zwLXt&aH+7T44GV9eJt40&kI>b%{ux*Mh-UO-b7|fq!-R3$w_^oH&Z|Vg(2(AP!`lu
z_-tr`Uh5O1uIEJ5@b@nLZTME%p;dh$^819sXNmtD)R1KsofVt|g$AM;qf6;ix;4!v
zOly!333pCG#@rNm*yZFFay~^B5Nmmre6IT2nHZmlvL}V@6zZP>6xM4C;{Y((Q3rS*
zLIB@2xkFK!GYY<;a2Jquukl$IOIrV%_*Mj5Nm#Q%Wg&SgRitKM>Kb^|cdPGc7he%j
zCUp>dly$=+K1V=19%@rdSKN!yUKNgYZlt<!*J8A%oxoTuJiyGfR`wT|1eGf<=!!1s
z+t{B#qYc&%_@t0A_iiTbIZKZy3a=woZ-RV3Lw$?yE0p(c1}eRY!2qssKSS?@*;<$1
zwkEh8=%JL1$>OaP7Uu0vlFvyquJwr_*-re>2}G$hJ4uEM(ja9wS~c|8+QzSFENT-D
zPMZv6?xRe4Y@m22Hmj#~(4+k=<J|e^xm`uk!;gi8mt@<V;Qs}OlIo5deHg9aAN17!
zV-%+iSmZ-h>;oiAYIR)J(dzj?;;eD8+&L20IG-sP$IXPv`IQZ-u0PMzs(B6w&ifdw
z?Pe+IkKe3sOR(Z=7Mez)lLk`y(WOK)QK61xSmWl%7X6lPC2HgBayJ%{xf*g?O^biy
zQsu>tu$~$zPk$b+r(JA@2SPj==*G%dZ-O^sXEkc-4%WOwBpoE_HJ7wZm7T!FKxo>*
zVrNJ$3dvXxI3LyQk0Ol{XvDb~PkN6&6H#%#E9&Q$;hFdRdzECFNAxBbv@P3?dk^np
zn4o|87nbvlTe3hpo(%u8Ikog;0hkK_Gl~dV5vm<n^|zUYYo79<wwpaKyw|kz5e=8f
z3DiNcK=GRS=uI#83?sm3nwq0HkA6>5^##Z>hBt{9?uEbKb-+AX?}icmD-kr{c6F6S
zLBjf3g#Hj8S8*KxttCXj+SB_Gr7G0L0esUDV~_HaWu)UfSy2IwO6Pjl0_5b;gS>&+
zOtvaCN$-QIaRb$G$R#6`dZRzy-@~TdzUj#L&J!hcBto#4hQ-G`RmX&G1G)treY5Yr
z!wj@jU6iHkTol_Ey8VqiU1xl?mhnFm)@!OAdD^Y;_mUGqqjrJRj{6$WH0vh8JtLG!
zpg}N|(w&XMRbl}z`Vg(&u{0?v0bSmdY2HMnG)pwertJO?AQmb)ifrdunCxg0NYxP@
zpfQdQyQE9b;S!%TA+E}`RJF*#cl%eZ(BGEeZeUp=EW7BdJlS&6VWxhF;g53W9De|b
zDks)_E|@IX7;-^>Qr~*G79HAmpD`%<B=^U0EE+Q>uWh17dnhlLRCKajYcwksMkRce
zGiW=QK`@$psTPDOG^67OZlze|A~(*QD<aZL%Q{&_HvMP&18D`57jP-`=+#T@zM;6T
z#CzP=c%6O6|M|w_rO?I{05y#8jR#LAX=K4Yh_m3csOp`hyM51(@sbygvI?oj4$hUB
zhNh!j-BQ32m5j8HLL&ZTX(IKX*$rYCgK@nqU+;1qeo2dPfZL~^hx}#aqW8uYTJQov
z04pPEe@8~HlFtCW_uig_rI&jcTLWVar&CSa?aA+ZH3X5va3x3{-?_}%cK6exrKeAM
z8z>&mF^mh!+hy+4=pYm>IfTOnvkP<XUq-4dTRF0ZvB@RSyg@=tGBPJKT@X-9mM*-M
zQW7fV7as_!?(v}1c&`AxdR_MPa{buVp!eqa04wFcaDN+v7Th--h2Q)|?;ckjoLr9#
zl@1B6VH=ri(;D+Z`owG|KTo*leKTr?kt>lucjMjN^P=xpu0fza)8ZY1aD%hqos|}7
zx;Y@$U_6_XJH(B&-RnNBT3Fsf5qrcQZw0dDlSQKM)AlNP4B(1iOpaaqaIdR<OMz&M
zbG`k0TU}$rJ1Ny>T!C@M@DAT>0U!zO7m|Hg_?xfZ^md$|#+=cm&l%6gXz{SR@!(+G
z))s0#6-S&aG>nVfbw50aeW;V>Z`o<vMqK$2{zZ|Syd1wnI;*5}z6+RBDpr=i#(!U!
zj{yraP|h*-%>meysYi6?wBe<4uo^X$|4`Y(>%DwsD&=<L!8fh@jd=T|9!DyH0(5P?
zd}L}d^VDncZL3>vsaV$?k?3E>Xbwaz=}7I&y9X*hm5`w5d+{vSECbMVpTI5SUvY-M
z8sGzrSOu{~1jx0Q)Ghk{1Qp01?B@I&41<X*J+DfvJyA8Ae!*aJO?6^*hl8#(3sgX|
zb1>jF_6q8ByZl{QRy1rvZ4g^blP@B6X~k(S6KjW%nuR(3Vq>iRw8|&7b$I;46DX7Z
zOV-0O6ROiJsn?ogll#9X@8$UII(2g7BZ=OtRJ|<!KwZiR4xvgV8?SjHKpVG<y-;Zr
zkIz!CpFxQ!+XY!?T3MM%0p;xF+=!3d`nIWF9xbeZM#Y!)G+B6n!l-p1G3d7$T0JZm
z6^e+_Pz|}C+!S=1P4fMrg?-~4)dJWZqk<yeZA-JHP0b$gpP<A9qn^?%BdQ9ATMi{r
zZ907VOuG2fRiS4_Wi-@>VDv6J_+?Uz7739%h(Xqf_Sja2kqO}3Kr><D?XzL)*VOK~
z_z)GVGS)ZQIgzg$v3eQCDpBM(P?!ROuara5HOu`mi}5sbnb&SRGYDzr=!5-2yTOnI
z#HN{pd1B_giuK?)CZ@SXKJQ+7Amp+TsLv3S5DqiZL8X79(8FI4Gc*UC9p{{Vgg0?%
z_vUH)8QinN9VTt)=)U|8Rnoohi_$m2+tZT6S4!h9^|`&AQ5XXEl-T?5E!0%wp51_w
zDLqRrPt#cssz+Jc%~x7adScAD{D2hV<(!m7i?mW<;e1s2Pn~T@i6;Dy&!Hwsetcoj
zOy8^pen9Lssws3!3AZFTVfx7{h`~c9obA9ZeLwtH%D^IV$7L?ZFM;Ao#upR9lJva|
zQ@S<)#<cXs&fJ16XmmuriEA?k6ZAe9ZhcnA4pu-2@;uKP!M?|IxpO=R3OWVS`p=K;
zth&#r+6sJcxN0F?YY2KkY=2QBj*%$e33Qbo9N}+b&!AmSu-G5}2Wm3uxBKpPwT_I(
z^(PR`1tI_ho@weTL2kuADU|McRSI%wtRi0aM0vJ{B+IVk=CI1C(xZ-WZ%NvlUfqlo
zT>If0)7c?b;+s+p0K%$Rax)8jFlyO5kV0Y0AqiFmTS9}(Lv1!uC(oU=<ouVkxcr!8
z$lk8!NjRBX<8D`AWCQ<$I^gz!M{AoxH1-W>wGLUq_wfnGCs3ZE##+}uaZ+tzmT~yo
z@B^f<yEH)HtmV)Y7BFTwjF_Zp_0=En!M|6==m%4h!V>O><5<52>01vd?#ylbzRkkj
z0d}z>(5a&@xwHve{Y(6V7r3-hOsaam#MR}e$`ZN$6=M=2u@uo9_}PJnAlq>eGw~se
zayLI-$xsO<5KeSNykRD{19|l8Qg2Hd9htiLQp)xNZFz6uk)b~gp%az|#t(ModNx)K
z0`aBQJ5|4}LzOy#%_eI%h3eo3853)C!u%s_GsEiN=ge8JXAGja7!R@&SyWV4p2PER
zT-wuOCk=JR)*hIJSb<OnTm=HCjU!6H2L$@5zA87)rbwOCZjI%g604SA>1jvU;J$4q
zX}s!I3<1No*P7J&fudXkOiztU)Rh;FsbYV-^5;I!E#jgceI|GtoGbPv)H=)n;uXrP
zVv@lz>9Ul<?lnUe<W~IBrQ5g%aGfNAW|CLrJy>y0Y{{6AP-j>{P1HiJM0Y^Ax<yd>
zc}|wai>m!}M8?=lL#p&C>`T@U<rWB~`l$BjyMYgf*xfvw6Y(mIr`cF?7OGlf)a42~
zyfEBbWJVWSEk_e1G){AEPn2D3bE{BBKxBkW7D_t-`j5<`h7{cN++QMlLWoIvZlVZ-
z`TnyU^VAWJ1I_4+<+f5{ujk(3W&hW3o#$KC*=Tl^=}Xb7&$02E3;u;_Xi2GiQgeV-
z=W~-HkE!sDRoucCRPvwzIw<fAc@*s97|IWpcmT*3$C<Ed!W;_0rBen-Sg%kNet4}_
z9;BE9ag&|v(|YQgF^o?b2y|*R26gGKhSFBQ>NjP67|>a0$}`TH#(5DXHK%dOG5XW*
zwA0=me{2x1xVUq7j7KRt;bbPV%&|3?s(J)%#MR!zFL!S0#;7eaeA^Vy>(izcRZ%x(
zOIQG47}U;+3~;(hzXkVZO=ns2jrFE2oU$Wc7?e+Bm_YIE&PB%T@6`zJ)o|8ql2_IV
zPtW`2a)^G$qK7)t5JNb4Uw5A?H~Rfm6MmL#_Eoq!zgAaPg-BxM-vB^uLat+b?HNvo
zG$!c7xSaB=Un0u<Sn?L*gY@+D9nLwPeUCf&w-u8dPSWd2oNy8927bp|eam@rmE=1C
zH`g!Qy{=mv5$(RR{o;(ub#2v!{5<}tT^lG*%b-w4&8I@E+yG>NUzGM68OlhUgSvaP
z*dZ3kx>56Fj0VEFBPU*qk{<_)cb;+{o>u-<B(L5tcIWGVu-@!kvhba#PF^)4EO^3R
zyW3@-&Qh&Y-gOfnfWs$wcT+5Mc6@wVm@Ecx_xgbEcGKsB3Qgk<WU50e0Q%N0Rv31r
zO;U>sZ5$*Us6nQaXfH8bJ5=u-DG9|esp%fb1$L(Yhk{Jl1Q|ZjsHz&8z0Q+w7q^sn
zI_#tFqTz>^0H?J&?cN?5fzn5V!MpemNmK1BG0EZ2YPxKb(m=j8@d*$B8gqzMq9ghg
z@}i_!*aOup{K{Ec@ZWy(Ce`uvuUkSIX8yF4x<>r_Jmpn^rY_!M=pauYt_o4PLNZqV
zXgh$cM3;##!qRyAPh3dzPJU8SUcjN(b4uqs7Wla>SewaEqdAl|Mj9Pii~f87eViA0
zdgn)C{lm2jf8q@vTx%6R3h)0>D57rw275GnP$8&xTK2EsF0FWxU72<XKpOf4E>xVd
z<mvRB@La1jcyH@bQaC63CURSUm{+Ad+uv#Vf)Mo|NyN>RO8mC=KjuT1r28t*e`VEL
z!+&!9OSm}o)iX{3+(L8C`8#%U$G0v441oVHUndO!p;bcvUwP5>|NmzH&s<v$N@K6^
zd<-JqkIVapKuh;xf17yJBVqVLGWs@@@?__L`@~eHRWB!KGL+pa#A@>&R-}U~=ukf^
z2im;m;J(!z3U*yw_9xTXhFRW<rcejISzi3}eTDqn6|0wiYrfp9$v}Ux0B#}G+0Ur}
zt&WP?HMSjYv7PCHINRm1-|}OYS80{Qzo>*Vb;cKex8&rh0hh}wuO1P-f70_SZ5VAq
z+vcwT@vnxMZ?Cg?BNXsi;Q!JYKf7hKT=MNmQ}KK1n;xH;VY7UfSb#X;WApEug~Tgh
z|0v0e*ZtQ!eH=GcJpD(@Cw6|Q)hA~D^BcCN&&ssAvd>qh`y8<%-(mW|+=W~W8TBP9
zPN4<-nGgJL0Ecc^xj)>n^o2Sd6??Gnp-b%Y796pDUJ(`DME-g?YAY|w=-;RI4=Yid
zcV3gU`YbBmnS1DNzi~Imrq|||{1|IX&S2y`Kg0gR`a3B+vrR|u17Nc9stJ_QSES@?
zx9np^!{ZgJ3A=pQgVm$jkKbiVoFEw6)Y>r>y~X;Re;^y>0~o8?iJjvk62{Q03QE1w
zbd>e9{Fw{r-**2fmAcd%jh&J=^%C$OPLgFK75I0|`YGx{c$(?MXRXJ=|7w`G2s-q3
z9{6nn4~avhjwOdCU@Y|A2=Lt4XZ}C{uV4Do^u<);ZvDhEq|qeum%p$?K~&B?fy(%j
zU&ti;`SKP!ocC01?5FMHvD|S~P;B_J+*%>y519Laf`9qDA+!i0wRkUClt&E|@?yo5
ztzp0ow7|u?K(AQ+0vU$zU7%M$o7aD7t8rX8%b9*VxUO1U77UseqBoRMgOY00$7gL0
zCs9tR2G)?wH_b9p{3hqd5`v4T!Jb0{8=Ou?Uk<V@X_Zjr;&-{c6~8eppE>bGlsNWc
zU}!mGN36F1y-&Yd8e4GVZC=IClR!`N^ZvTb@@0ruZxj61wohy0Jv1U7#+fdrT-$iD
z)N<cjyZ#5g{jXgb5_QH|eP*dBbMJ~m9qCU#$cW;jBR*N4D&u49cjIBlru+h;Qp~-R
z+9HE?jLT8<IX{b&b5D3*8<8ywPOH~KHy_$Pd{eHzY&=B_?zNH4#=d9S2wzO4gTh&$
zdfwtc(I&9V`2$%QK90eKXTDx9Tsr^tB_wp^J{Fr_UekDmBB-6JomjzIPQf(38s(~t
z7ed&zD}K7IM^>+i|JI1)2^UjU23L7z<`Zq{&&3CWP9OJJeW~7-P|e*S#(X&#UIH?x
zI2lCq`M+wr)}W@6ER0%~jLS;}k?imqR#8M8QE*lscZd@hP$2^gSOf?RG87NxWzYmn
zMj$+fl?1cODvwkKA20$jGDtMUhyemP!Ylz2g$RfPMFL3>Lf*;V1kkPhxmDYB|J+-B
zPn~o6bf50i-RG<RB8DEB@YI%9{QFp+1YgAz3|CL};A6;oS?-OyxuSNv<(Wl03<7rZ
zLjyo{Eyk$*uBVGs_RUwsG+*Nh2SX=s(f!Oy9q<^|B+mJyf4Is-<5ujqd(rbLZ><^v
zvFAJ9Ji&(jKCUlVl=#1OJA7yaOgyC-ie8A#^rdpids|LU&dPZU-DKW1`71E(l&T)B
z1=9$nd}@kuia)=n+3|wNQe0#S6T?}1@`sk3vX!U_OxWka;q`J5YqYG|MyS;<r2_O)
z-8^v0V;DK53{^(#%!f8s^NviOWU5tUtox7wig9D~Ktj~dA5%LAe9kGFt`tm}J2uO}
z3*XkcXMP*kOKrUUCo=IorxC4xEc(!!<qTxxSRSeBAQjf>suC^u)S&MFD)6yS&)ea7
zB*Y6-VcMG9zDxb6^A5aYE>$#i)t{$rPb*xMd4tCu>qqbM%xaa(n7~H-{D}e7nt*dZ
zZrB=vSqec$M@mXZCB-d3#y-c#OJVAz00BTW*TjgX8Rt5RF|@H3X-r<DIV<IHXP}Y{
zrqsyIUGW=PKF$V@CAZf`$Il^1snQ%MQ_;mPk8z>i*C~IRTS@2Yf7=hsDq@3;hsR)%
zul4^R<W|P(NrXS_jCj~<rs((NOgsTja)}RZ?B{&cJ7SztSw}hAJj;rTXIsdGUK8JY
z=_B6l#bacc4BG9mK?AbrdZ)$Y)J!noq-9Wk65*qgJ1~}BcIY@cNc#Ug#vj%6IE25t
zJYMx*o+D690KL}MWRXARqn9}Q$!YDA_X}mQwA-h|MWZ700pq$FjG1^Co5m14*=kIf
zY}hX|fZ2jy{)c(n6b!G5#{Lm)@KNCZ?^~Oo+8UO!#*!sNuuxYhI`B9N%s4qTb-rX-
zuu9f(aVqIFdz%a#Q74skljwL#@8)&hKD_zLWdtYPhLcKza4SJEYYQ5X@J`3`rRz(p
zVj|D9U==2&%&rA;!S}CigehRcVnDwP;1q3ux~&vYk^r<~2GAwhq)i+z+-eLKf!wv5
zkhSw<-Fzuhfk$3ej3Tv>%yv7dwoXzoH!a6X<PKQ99LM_1t8)+5EUe@(5Ym|a$Zg~+
zXJhCV1SmNweN9&0BBK>ONKH>EQr(V>7}A21gT;Wx=`MbP|Dh4wk}ZyAop$!GySv{_
z>Q*~s#p}Z53_VZ5t%A>VHFmz*0juTV;{0p@qJqIvGcb(Y0yZb4arzYlS|@4feQ%ZK
zUU@#NmS~JzT0zBjiiIKV#E_rn19%geovG=~JPi;{De(dT-0S2&YXx!L{#n+NnNc+3
z>a-zk{nep&2bU|w<iPXVtKC*YVyaCVAGKRZU)(|hv4k1Rm%fWIB&`Qc!EXz>N6V$F
zH_O8~@-T@&T!lX&2|Z3JNp5hO42sKCKMzij&`rP=25XCNskB@KgR9h~Dsq^D8LCc5
zeF~QdRyRd(g0nm)e!Z4|<{_+79V$h+@I5(K_S2vI88}i-b?(X}D_!;P$-bHyoQB}2
z`xl@JGMY_sf%Ozw3Rmp!w8m}^(<;e&G%8y22&%{^U~tAPT`ma3*&&Td)sR1R4br~+
zyWbtiKEgPVAXCg*?(z390}hl|bXT97DGVs{UbADzEs7NS8Z~^|i@52B52yn#8C*n1
zK6n|oj+kcM`fPE_&HB3#*Iwp6tMphiEW^yhOioFdgV<IG(toVr__?ifW;R8h{#hEX
zIN)nD_|uuhiR>Mob*$G(>6b7l2In4}n%6|z<8EKUe&amK-^uBxA<SvL%u)J7cOE~G
zgP+lFHtNju$!@Dzr<{*6_WbZ=r;QHc!;QQrVsi5tTn5yhF><h}w?8Yq_H)}!wBD@&
zt%)l7x3L+f-nzpkmW77yRZJvo((H2B?r2_Ka{oniQnaf1G)KHLw&(y}e7OTb2o5$4
zGDaht6SdAfXa0r&F9N0;q{D8*QXV}8vzIH2BDir$@P=Jb=JhnbGUS(RwztRTC}a=B
zpht@?1AqY7S7N@tUDSuKcya2%w`}ChHmhh)bA4R@MN`x>K@w<7!ch;@O`&3zKos&@
zENH!B=suL`hW1HW-(5bSIaYB@<Mr}lK|@gAN>bka8aNR3OQJOYd;1*wLc_)rXm^~y
z#2%Ztc<PR5aK-M{TWcXP?ey7TR2k}q@W$EF*pv-kl6H7NF2ul|4qPl-3AuN&vF*4e
z^qT%0<?VGLQy}b2`VWfjpQR2KlS&#&zDcQSWeg)c>+mOD9<#6!9u2R%^dNiKZ7j02
z=(5SWZrmRcekgDKqAvMFt-Sek(Or0Eux#uC$Uq-z_k#QDPqjdTZBbPgw=Cua*Hekf
d5MQupSbux>oI~!etS|vfFf8<&R%k-uzX9vP2P*&o

literal 0
HcmV?d00001

diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md
index c4a602aacd..b6a64d28e9 100644
--- a/windows/deployment/upgrade/quick-fixes.md
+++ b/windows/deployment/upgrade/quick-fixes.md
@@ -3,7 +3,7 @@ title: Quick fixes - Windows IT Pro
 ms.reviewer: 
 manager: laurawi
 ms.author: greglin
-description: Learn how to quickly resolve many problems which may come up during a Windows 10 upgrade.
+description: Learn how to quickly resolve many problems, which may come up during a Windows 10 upgrade.
 keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -38,7 +38,7 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
 <li>Check the system drive for errors and attempt repairs. <a href="#repair-the-system-drive" data-raw-source="[More information](#repair-the-system-drive)">More information</a>.</li>
 <li>Run the Windows Update troubleshooter. <a href="#windows-update-troubleshooter" data-raw-source="[More information](#windows-update-troubleshooter)">More information</a>.</li>
 <li>Attempt to restore and repair system files. <a href="#repair-system-files" data-raw-source="[More information](#repair-system-files)">More information</a>.</li>
-<li>Check for unsigned drivers and update or uninstall them. <a href="#repair-system-files" data-raw-source="[More information](#remove-unsigned-drivers)">More information</a>.</li>
+<li>Check for unsigned drivers and update or remove them. <a href="#repair-system-files" data-raw-source="[More information](#remove-unsigned-drivers)">More information</a>.</li>
 <li>Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. <a href="#update-windows" data-raw-source="[More information](#update-windows)">More information</a>.</li>
 <li>Temporarily uninstall non-Microsoft antivirus software.
   <a href="#uninstall-non-microsoft-antivirus-software" data-raw-source="[More information](#uninstall-non-microsoft-antivirus-software)">More information</a>.</li>
@@ -166,6 +166,9 @@ Drivers that are not properly signed can block the upgrade process. To check you
 4. If you are prompted by UAC, click **Yes**.
 5. Type **sigverif** and press ENTER. 
 6. The File Signature Verification tool will open. Click **Start**.
+
+    ![File Signature Verification](../images/sigverif.png)
+
 7. After the scanning process is complete, click **Advanced**, and then click **View Log**.
 8. Locate drivers in the log file that are unsigned and remove or update them using Device Manager.  For more information, see [Using Device Manager to uninstall devices and driver packages](https://docs.microsoft.com/windows-hardware/drivers/install/using-device-manager-to-uninstall-devices-and-driver-packages).
 
@@ -212,7 +215,7 @@ To use sigcheck:
             MachineType:    64-bit
 
     ```
-In addition to unsigned drivers, drivers might be signed with an invalid certificate, requring the driver to be updated or removed so that Windows upgrade can continue.
+In addition to unsigned drivers, drivers might be signed with an invalid certificate, requiring the driver to be updated or removed so that Windows upgrade can continue.
 
 ### Update Windows
 

From eb8290ee4e9c8549c262b119fe6b504af852d925 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greglin@microsoft.com>
Date: Wed, 7 Oct 2020 15:47:09 -0700
Subject: [PATCH 24/33] added txt

---
 windows/deployment/upgrade/quick-fixes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md
index b6a64d28e9..837199548a 100644
--- a/windows/deployment/upgrade/quick-fixes.md
+++ b/windows/deployment/upgrade/quick-fixes.md
@@ -215,7 +215,7 @@ To use sigcheck:
             MachineType:    64-bit
 
     ```
-In addition to unsigned drivers, drivers might be signed with an invalid certificate, requiring the driver to be updated or removed so that Windows upgrade can continue.
+In addition to unsigned drivers, drivers might be signed with an invalid certificate, requiring the driver to be updated or removed so that Windows upgrade can continue. Sigcheck will report whether or not the certificate chain is valid.
 
 ### Update Windows
 

From 697519637081d513b664800c47556840e8e712c5 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greglin@microsoft.com>
Date: Wed, 7 Oct 2020 15:53:11 -0700
Subject: [PATCH 25/33] fix link

---
 windows/deployment/upgrade/quick-fixes.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md
index 837199548a..a4619b4f14 100644
--- a/windows/deployment/upgrade/quick-fixes.md
+++ b/windows/deployment/upgrade/quick-fixes.md
@@ -38,7 +38,7 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
 <li>Check the system drive for errors and attempt repairs. <a href="#repair-the-system-drive" data-raw-source="[More information](#repair-the-system-drive)">More information</a>.</li>
 <li>Run the Windows Update troubleshooter. <a href="#windows-update-troubleshooter" data-raw-source="[More information](#windows-update-troubleshooter)">More information</a>.</li>
 <li>Attempt to restore and repair system files. <a href="#repair-system-files" data-raw-source="[More information](#repair-system-files)">More information</a>.</li>
-<li>Check for unsigned drivers and update or remove them. <a href="#repair-system-files" data-raw-source="[More information](#remove-unsigned-drivers)">More information</a>.</li>
+<li>Check for unsigned drivers and update or remove them. <a href="#remove-unsigned-drivers" data-raw-source="[More information](#remove-unsigned-drivers)">More information</a>.</li>
 <li>Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. <a href="#update-windows" data-raw-source="[More information](#update-windows)">More information</a>.</li>
 <li>Temporarily uninstall non-Microsoft antivirus software.
   <a href="#uninstall-non-microsoft-antivirus-software" data-raw-source="[More information](#uninstall-non-microsoft-antivirus-software)">More information</a>.</li>
@@ -193,7 +193,7 @@ To use sigcheck:
     C:\Sigcheck>Driverquery /v > C:\sigcheck\drivers.txt
 
     ```
-7. Open the drivers.txt file and locate the problem driver that was reported by sigverif in the procedure above. Copy the path to the driver.
+7. Open the drivers.txt file and locate the problem driver that was reported by sigverif in the [procedure above](#remove-unsigned-drivers). Copy the path to the driver.
 8. To check the driver, type **sigcheck64 -u -e \<driver path\>** and press ENTER.  See the following example:
 
     ```

From ffd4ebc8dca3e52f965f995c58fe7e15c6259f97 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greglin@microsoft.com>
Date: Wed, 7 Oct 2020 16:00:14 -0700
Subject: [PATCH 26/33] update resolution proc doc

---
 windows/deployment/upgrade/resolution-procedures.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md
index a96205d6fd..6b8a9587d2 100644
--- a/windows/deployment/upgrade/resolution-procedures.md
+++ b/windows/deployment/upgrade/resolution-procedures.md
@@ -36,7 +36,7 @@ A frequently observed [result code](upgrade-error-codes.md#result-codes) is 0xC1
 
 The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018).  
 
-To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process.  
+To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process. Also check to be sure that your drivers are properly signed. For more information, see [Remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers).
 
 See the following general troubleshooting procedures associated with a result code of 0xC1900101:<br /><br />
 
@@ -49,7 +49,7 @@ See the following general troubleshooting procedures associated with a result co
 | 0xC1900101 - 0x30018 | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.<br>Contact your hardware vendor to obtain updated device drivers.<br>Ensure that &quot;Download and install updates (recommended)&quot; is accepted at the start of the upgrade process. | A device driver has stopped responding to setup.exe during the upgrade process. |
 | 0xC1900101 - 0x3000D | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.<br>Update or uninstall the display driver. | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.<br>This can occur due to a problem with a display driver. |
 | 0xC1900101 - 0x4000D | Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.<br>Review the rollback log and determine the stop code.<br>The rollback log is located in the <strong>$Windows.~BT\Sources\Rollback</strong> folder.  An example analysis is shown below. This example is not representative of all cases:<br>&nbsp;<br>Info SP     Crash 0x0000007E detected<br>Info SP       Module name           :<br>Info SP       Bugcheck parameter 1  : 0xFFFFFFFFC0000005<br>Info SP       Bugcheck parameter 2  : 0xFFFFF8015BC0036A<br>Info SP       Bugcheck parameter 3  : 0xFFFFD000E5D23728<br>Info SP       Bugcheck parameter 4  : 0xFFFFD000E5D22F40<br>Info SP     Cannot recover the system.<br>Info SP     Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.<br>&nbsp;<br>Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:<br>&nbsp;<br>1. Make sure you have enough disk space.<br>2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.<br>3. Try changing video adapters.<br>4. Check with your hardware vendor for any BIOS updates.<br>5. Disable BIOS memory options such as caching or shadowing. | A rollback occurred due to a driver configuration issue.<br>Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.<br>This can occur because of incompatible drivers. |
-| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).<br>&nbsp;<br>Ensure that you select the option to "Download and install updates (recommended)."  <br>&nbsp;<br><b>Computers that run Citrix VDA</b>  <br>You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.  <br>&nbsp;<br>This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.  <br>&nbsp;<br>**Resolution**<br>&nbsp;<br>To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).<br>&nbsp;<br>You can work around this problem in two ways:<br>&nbsp;<br>**Workaround 1**<br>&nbsp;<br>1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.<br>2. Run the Windows upgrade again.<br>3. Reinstall Citrix VDA.<br>&nbsp;<br>**Workaround 2**<br>&nbsp;<br>If you cannot uninstall Citrix VDA, follow these steps to work around this problem:  <br>&nbsp;<br>1. In Registry Editor, go to the following subkey:<br> **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**<br>2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.<br>3. Go to the following subkey:<br> **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**<br>4. Delete the **CtxMcsWbc** entry.<br>5. Restart the computer, and then try the upgrade again.<br>&nbsp;<br>**Non-Microsoft information disclaimer**  <br>The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.<br>This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. |
+| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).<br>&nbsp;<br>Ensure that you select the option to "Download and install updates (recommended)."  Also be sure to [remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers).<br>&nbsp;<br><b>Computers that run Citrix VDA</b>  <br>You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.  <br>&nbsp;<br>This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.  <br>&nbsp;<br>**Resolution**<br>&nbsp;<br>To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).<br>&nbsp;<br>You can work around this problem in two ways:<br>&nbsp;<br>**Workaround 1**<br>&nbsp;<br>1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.<br>2. Run the Windows upgrade again.<br>3. Reinstall Citrix VDA.<br>&nbsp;<br>**Workaround 2**<br>&nbsp;<br>If you cannot uninstall Citrix VDA, follow these steps to work around this problem:  <br>&nbsp;<br>1. In Registry Editor, go to the following subkey:<br> **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**<br>2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.<br>3. Go to the following subkey:<br> **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**<br>4. Delete the **CtxMcsWbc** entry.<br>5. Restart the computer, and then try the upgrade again.<br>&nbsp;<br>**Non-Microsoft information disclaimer**  <br>The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.<br>This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. |
 
 ## 0x800xxxxx
 

From 4f348378a25dd517ec6ad2c951d3ca9bbb0a70d9 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greglin@microsoft.com>
Date: Wed, 7 Oct 2020 16:12:42 -0700
Subject: [PATCH 27/33] update

---
 windows/deployment/upgrade/quick-fixes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md
index a4619b4f14..3f2fc11c16 100644
--- a/windows/deployment/upgrade/quick-fixes.md
+++ b/windows/deployment/upgrade/quick-fixes.md
@@ -187,7 +187,7 @@ To use sigcheck:
 3. Right-click **Command Prompt** and then left-click **Run as administrator**.
 4. If you are prompted by UAC, click **Yes**.
 5. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**.
-6. Next, generate a list of drivers using driverquery.exe. To do this, type **driverquery /v > c:\sigcheck\drivers.txt** and press ENTER. See the following example:
+6. A list of drivers with their path is displayed in the File Signature Verification tool (step #7 in the previous procedure). Optionally, you can generate a list of drivers using driverquery.exe. To use driverquery, type **driverquery /v > c:\sigcheck\drivers.txt** and press ENTER. See the following example:
 
     ```cmd
     C:\Sigcheck>Driverquery /v > C:\sigcheck\drivers.txt

From 8afbba9a89f8d304b7db5db7e68d2d642b25d07a Mon Sep 17 00:00:00 2001
From: ManikaDhiman <v-madhi@microsoft.com>
Date: Wed, 7 Oct 2020 16:44:47 -0700
Subject: [PATCH 28/33] Updated topic titles and filenames

---
 .openpublishing.redirection.json              | 45 +++++++++++++++++++
 windows/client-management/mdm/TOC.md          | 16 +++----
 .../mdm/enable-admx-backed-policies-in-mdm.md |  2 +-
 ...ew-in-windows-mdm-enrollment-management.md |  2 +-
 ... => policies-in-policy-csp-admx-backed.md} | 10 ++---
 ...n-policy-csp-supported-by-group-policy.md} | 10 ++---
 ...d-by-hololens-1st-gen-commercial-suite.md} |  6 +--
 ...y-hololens-1st-gen-development-edition.md} |  6 +--
 ...s-in-policy-csp-supported-by-hololens2.md} |  6 +--
 ...es-in-policy-csp-supported-by-iot-core.md} |  6 +--
 ...policy-csp-supported-by-iot-enterprise.md} |  6 +--
 ...in-policy-csp-supported-by-surface-hub.md} |  6 +--
 ...n-policy-csp-that-can-be-set-using-eas.md} |  6 +--
 .../policy-configuration-service-provider.md  | 30 ++++++-------
 .../mdm/policy-csp-controlpolicyconflict.md   |  2 +-
 15 files changed, 102 insertions(+), 57 deletions(-)
 rename windows/client-management/mdm/{policy-csps-admx-backed.md => policies-in-policy-csp-admx-backed.md} (99%)
 rename windows/client-management/mdm/{policy-csps-supported-by-group-policy.md => policies-in-policy-csp-supported-by-group-policy.md} (99%)
 rename windows/client-management/mdm/{policy-csps-supported-by-hololens-1st-gen-commercial-suite.md => policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md} (95%)
 rename windows/client-management/mdm/{policy-csps-supported-by-hololens-1st-gen-development-edition.md => policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md} (95%)
 rename windows/client-management/mdm/{policy-csps-supported-by-hololens2.md => policies-in-policy-csp-supported-by-hololens2.md} (98%)
 rename windows/client-management/mdm/{policy-csps-supported-by-iot-core.md => policies-in-policy-csp-supported-by-iot-core.md} (97%)
 rename windows/client-management/mdm/{policy-csps-supported-by-iot-enterprise.md => policies-in-policy-csp-supported-by-iot-enterprise.md} (96%)
 rename windows/client-management/mdm/{policy-csps-supported-by-surface-hub.md => policies-in-policy-csp-supported-by-surface-hub.md} (97%)
 rename windows/client-management/mdm/{policy-csps-that-can-be-set-using-eas.md => policies-in-policy-csp-that-can-be-set-using-eas.md} (90%)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 8d507ba71a..b15fa65bb2 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -14565,41 +14565,86 @@
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-surface-hub",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-surface-hub.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-iot-enterprise.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-iot-core.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-core",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-core.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-hololens2.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens2",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens2.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-development-edition.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-commercial-suite.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-admx-backed.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-admx-backed",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-admx-backed.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-admx-backed",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-group-policy.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-group-policy",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-group-policy.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/collect-wip-audit-event-logs.md",
       "redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs",
diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index a7fbff363b..6b92d9991b 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -159,14 +159,14 @@
 #### [Personalization DDF file](personalization-ddf.md)
 ### [Policy CSP](policy-configuration-service-provider.md)
 #### [Policy DDF file](policy-ddf-file.md)
-#### [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
-#### [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
-#### [Policy CSPs supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
-#### [Policy CSPs supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
-#### [Policy CSPs supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
-#### [Policy CSPs supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
-#### [Policy CSPs supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
-#### [Policy CSPs supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
+#### [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
+#### [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
+#### [Policies in Policy CSP supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
+#### [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
+#### [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
+#### [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
+#### [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
+#### [Policies in Policy CSP supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
 #### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policy-csps-that-can-be-set-using-eas.md)
 #### [AboveLock](policy-csp-abovelock.md)
 #### [Accounts](policy-csp-accounts.md)
diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index 805f9ee481..d79b428c0e 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -33,7 +33,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
 ## Enable a policy
 
 > [!NOTE]
-> See [Understanding ADMX-backed policy CSPs](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies).
+> See [Understanding ADMX-backed policies in Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies).
 
 1.  Find the policy from the list [ADMX-backed policies](policy-csps-admx-backed.md). You need the following information listed in the policy description.  
     - GP English name
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index d919c5f1a7..ba8dc31c1f 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -2515,7 +2515,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
 </ul>
 <p>Added a new section:</p>
 <ul>
-<li><a href="policy-csps-supported-by-group-policy.md" data-raw-source="[[Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)">[Policy CSPs supported by Group Policy</a> - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.</li>
+<li><a href="policy-csps-supported-by-group-policy.md" data-raw-source="[[Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)">[Policies in Policy CSP supported by Group Policy</a> - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.</li>
 </ul>
 </td></tr>
 <tr>
diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
similarity index 99%
rename from windows/client-management/mdm/policy-csps-admx-backed.md
rename to windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index a580f4a524..75ac21a8b3 100644
--- a/windows/client-management/mdm/policy-csps-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -1,6 +1,6 @@
 ---
-title: ADMX-backed policy CSPs
-description: ADMX-backed policy CSPs
+title: ADMX-backed policies in Policy CSP
+description: ADMX-backed policies in Policy CSP
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,12 +12,12 @@ ms.localizationpriority: medium
 ms.date: 08/18/2020
 ---
 
-# ADMX-backed policy CSPs
+# ADMX-backed policies in Policy CSP
 
 > [!div class="op_single_selector"]
 >
-> - [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
-> - [ADMX-backed policy-CSPs](policy-csps-admx-backed.md)
+> - [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
+> - [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
 >
 
 - [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
diff --git a/windows/client-management/mdm/policy-csps-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
similarity index 99%
rename from windows/client-management/mdm/policy-csps-supported-by-group-policy.md
rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
index 651f088e72..09c680512c 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by Group Policy
-description: Policy CSPs supported by Group Policy
+title: Policies in Policy CSP supported by Group Policy
+description: Policies in Policy CSP supported by Group Policy
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,12 +12,12 @@ ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
 
-# Policy CSPs supported by Group Policy
+# Policies in Policy CSP supported by Group Policy
 
 > [!div class="op_single_selector"]
 > 
-> - [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
-> - [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
+> - [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
+> - [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
 >
 
 - [AboveLock/AllowCortanaAboveLock](./policy-csp-abovelock.md#abovelock-allowcortanaabovelock)
diff --git a/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
similarity index 95%
rename from windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md
rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
index f77d3c1308..0a8beec733 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by HoloLens (1st gen) Commercial Suite
-description: Policy CSPs supported by HoloLens (1st gen) Commercial Suite
+title: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
+description: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 09/17/2019
 ---
 
-# Policy CSPs supported by HoloLens (1st gen) Commercial Suite
+# Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
 
 > [!div class="op_single_selector"]
 >
diff --git a/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
similarity index 95%
rename from windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md
rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
index 2dec2fdb8b..256ddb3528 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by HoloLens (1st gen) Development Edition
-description: Policy CSPs supported by HoloLens (1st gen) Development Edition
+title: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
+description: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
 
-# Policy CSPs supported by HoloLens (1st gen) Development Edition
+# Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
 
 > [!div class="op_single_selector"]
 >
diff --git a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
similarity index 98%
rename from windows/client-management/mdm/policy-csps-supported-by-hololens2.md
rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index e5cdb0f0ca..4757f9c46c 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by HoloLens 2
-description: Policy CSPs supported by HoloLens 2
+title: Policies in Policy CSP supported by HoloLens 2
+description: Policies in Policy CSP supported by HoloLens 2
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 05/11/2020
 ---
 
-# Policy CSPs supported by HoloLens 2
+# Policies in Policy CSP supported by HoloLens 2
 
 > [!div class="op_single_selector"]
 >
diff --git a/windows/client-management/mdm/policy-csps-supported-by-iot-core.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
similarity index 97%
rename from windows/client-management/mdm/policy-csps-supported-by-iot-core.md
rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
index c43363b357..f3143ed222 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-iot-core.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by Windows 10 IoT Core
-description: Policy CSPs supported by Windows 10 IoT Core
+title: Policies in Policy CSP supported by Windows 10 IoT Core
+description: Policies in Policy CSP supported by Windows 10 IoT Core
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 09/16/2019
 ---
 
-# Policy CSPs supported by Windows 10 IoT Core
+# Policies in Policy CSP supported by Windows 10 IoT Core
 
 > [!div class="op_single_selector"]
 >
diff --git a/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md
similarity index 96%
rename from windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md
rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md
index 8e70dd707e..afb79c5bfe 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md
@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by Windows 10 IoT Enterprise
-description: Policy CSPs supported by Windows 10 IoT Enterprise
+title: Policies in Policy CSP supported by Windows 10 IoT Enterprise
+description: Policies in Policy CSP supported by Windows 10 IoT Enterprise
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
 
-# Policy CSPs supported by Windows 10 IoT Enterprise
+# Policies in Policy CSP supported by Windows 10 IoT Enterprise
 
 > [!div class="op_single_selector"]
 >
diff --git a/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
similarity index 97%
rename from windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
index 1d89eb88de..e39b0aef27 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by Microsoft Surface Hub
-description: Policy CSPs supported by Microsoft Surface Hub
+title: Policies in Policy CSP supported by Microsoft Surface Hub
+description: Policies in Policy CSP supported by Microsoft Surface Hub
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 07/22/2020
 ---
 
-# Policy CSPs supported by Microsoft Surface Hub
+# Policies in Policy CSP supported by Microsoft Surface Hub
 
 
 - [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)
diff --git a/windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
similarity index 90%
rename from windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md
rename to windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
index 171652aa2b..4fa3380c87 100644
--- a/windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs that can be set using Exchange Active Sync (EAS)
-description: Policy CSPs that can be set using Exchange Active Sync (EAS)
+title: Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
+description: Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
 
-# Policy CSPs that can be set using Exchange Active Sync (EAS)
+# Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
 
 - [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)  
 - [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)  
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 0349f6cde6..ba400e3ffb 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -4901,27 +4901,27 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
-## Policy CSPs supported by Group Policy and ADMX-backed policy CSPs
-- [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
-- [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
+## Policies in Policy CSP supported by Group Policy and ADMX-backed policies in Policy CSP
+- [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
+- [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
 
 > [!NOTE]
-> Not all Policy CSPs supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> Not all Policies in Policy CSP supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 
-## Policy CSPs supported by HoloLens devices
-- [Policy CSPs supported by HoloLens 2](policy-csps-supported-by-hololens2.md)  
-- [Policy CSPs supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)  
-- [Policy CSPs supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
+## Policies in Policy CSP supported by HoloLens devices
+- [Policies in Policy CSP supported by HoloLens 2](policy-csps-supported-by-hololens2.md)  
+- [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)  
+- [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
 
-## Policy CSPs supported by Windows 10 IoT
-- [Policy CSPs supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
-- [Policy CSPs supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
+## Policies in Policy CSP supported by Windows 10 IoT
+- [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
+- [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
 
-## Policy CSPs supported by Microsoft Surface Hub
-- [Policy CSPs supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
+## Policies in Policy CSP supported by Microsoft Surface Hub
+- [Policies in Policy CSP supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
 
-## Policy CSPs that can be set using Exchange ActiveSync (EAS)
-- [Policy CSPs that can be set using Exchange ActiveSync (EAS)](policy-csps-that-can-be-set-using-eas.md)
+## Policies in Policy CSP that can be set using Exchange ActiveSync (EAS)
+- [Policies in Policy CSP that can be set using Exchange ActiveSync (EAS)](policy-csps-that-can-be-set-using-eas.md)
 
 ## Related topics
 
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index 9a867b0778..2cde160250 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -100,7 +100,7 @@ The [Policy DDF](policy-ddf-file.md) contains the following tags to identify the
 -  \<MSFT:GPRegistryMappedName\>    
 -  \<MSFT:GPDBMappedName\>  
 
-For the list MDM-GP mapping list, see [Policy CSPs supported by Group Policy
+For the list MDM-GP mapping list, see [Policies in Policy CSP supported by Group Policy
 ](policy-csps-supported-by-group-policy.md).
 
 The MDM Diagnostic report shows the applied configurations states of a device including policies, certificates, configuration sources, and resource information. The report includes a list of blocked GP settings because MDM equivalent is configured, if any. To get the diagnostic report, go to **Settings** > **Accounts** > **Access work or school** > and then click the desired work or school account. Scroll to the bottom of the page to **Advanced Diagnostic Report** and then click **Create Report**.

From 06fb11bd53e606a642a9c3daa863c7455d505bcc Mon Sep 17 00:00:00 2001
From: Aasawari Navathe <aanavath@microsoft.com>
Date: Wed, 7 Oct 2020 18:06:22 -0700
Subject: [PATCH 29/33] Boolean value that indicates compliance with the
 enterprise encryption policy for OS (system) drives

---
 windows/client-management/mdm/devicestatus-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index 06e4d21323..97daf7a3ce 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -107,7 +107,7 @@ Supported operation is Get.
 Node for the compliance query.
 
 <a href="" id="devicestatus-compliance-encryptioncompliance"></a>**DeviceStatus/Compliance/EncryptionCompliance**  
-Boolean value that indicates compliance with the enterprise encryption policy. The value is one of the following:
+Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives. The value is one of the following:
 
 -   0 - not encrypted
 -   1 - encrypted

From 5713121545fdc0cf96777a410047500c510d1837 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greglin@microsoft.com>
Date: Thu, 8 Oct 2020 02:12:53 -0700
Subject: [PATCH 30/33] update

---
 windows/deployment/upgrade/quick-fixes.md     | 88 ++++++++++---------
 .../upgrade/resolution-procedures.md          |  4 +-
 2 files changed, 49 insertions(+), 43 deletions(-)

diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md
index 3f2fc11c16..e69527eeb0 100644
--- a/windows/deployment/upgrade/quick-fixes.md
+++ b/windows/deployment/upgrade/quick-fixes.md
@@ -38,7 +38,7 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
 <li>Check the system drive for errors and attempt repairs. <a href="#repair-the-system-drive" data-raw-source="[More information](#repair-the-system-drive)">More information</a>.</li>
 <li>Run the Windows Update troubleshooter. <a href="#windows-update-troubleshooter" data-raw-source="[More information](#windows-update-troubleshooter)">More information</a>.</li>
 <li>Attempt to restore and repair system files. <a href="#repair-system-files" data-raw-source="[More information](#repair-system-files)">More information</a>.</li>
-<li>Check for unsigned drivers and update or remove them. <a href="#remove-unsigned-drivers" data-raw-source="[More information](#remove-unsigned-drivers)">More information</a>.</li>
+<li>Check for unsigned drivers and update or repair them. <a href="#repair-unsigned-drivers" data-raw-source="[More information](#repair-unsigned-drivers)">More information</a>.</li>
 <li>Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. <a href="#update-windows" data-raw-source="[More information](#update-windows)">More information</a>.</li>
 <li>Temporarily uninstall non-Microsoft antivirus software.
   <a href="#uninstall-non-microsoft-antivirus-software" data-raw-source="[More information](#uninstall-non-microsoft-antivirus-software)">More information</a>.</li>
@@ -156,9 +156,15 @@ To check and repair system files:
     > It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image) and [Use the System File Checker tool](https://support.microsoft.com/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system).
 
 
-### Remove unsigned drivers
+### Repair unsigned drivers
 
-Drivers that are not properly signed can block the upgrade process. To check your system for unsigned drivers:
+Drivers that are not properly signed can block the upgrade process. Drivers might not be properly signed if you:
+- Disabled driver signature verification (highly not recommended).
+- A catalog file used to sign a driver is corrupt or missing.
+
+Catalog files are used to sign drivers. If a catalog file is corrupt or missing, the driver will appear to be unsigned, even though it should be signed. This can cause the upgrade process to fail. To restore the catalog file, reinstall the driver or copy the catalog file from another device. You might need to analyze another device to determine the catalog file that is associated with the unsigned driver.  All drivers should be signed to ensure the upgrade process works.
+
+To check your system for unsigned drivers:
 
 1. Click **Start**.
 2. Type **command**.
@@ -169,53 +175,53 @@ Drivers that are not properly signed can block the upgrade process. To check you
 
     ![File Signature Verification](../images/sigverif.png)
 
-7. After the scanning process is complete, click **Advanced**, and then click **View Log**.
-8. Locate drivers in the log file that are unsigned and remove or update them using Device Manager.  For more information, see [Using Device Manager to uninstall devices and driver packages](https://docs.microsoft.com/windows-hardware/drivers/install/using-device-manager-to-uninstall-devices-and-driver-packages).
+7. After the scanning process is complete, if you see **Your files have been scanned and verified as digitally signed** then you have no unsigned drivers. Otherwise, you will see **The following files have not been digitally signed** and a list will be provided with name, location, and version of all unsigned drivers.
+8. To view and save a log file, click **Advanced**, and then click **View Log**. Save the log file if desired.
+9. Locate drivers in the log file that are unsigned, write down the location and file names. Also write down the catalog that is associated to the driver if it is provided. If the name of a catalog file is not provided you might need to analyze another device that has the same driver with sigverif and sigcheck (described below).
+10. Download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**.
 
->[!NOTE]
->If a file is corrupted, it might display as unsigned. Be sure to [repair the system drive](#repair-the-system-drive) and [repair system files](#repair-system-files) before attempting to replace unsigned drivers.
-
-#### Optional: Use sigcheck
-
-[Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. 
-
-To use sigcheck:
-
-1. Download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**.
-2. Click **Start**.
-2. Type **command**.
-3. Right-click **Command Prompt** and then left-click **Run as administrator**.
-4. If you are prompted by UAC, click **Yes**.
-5. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**.
-6. A list of drivers with their path is displayed in the File Signature Verification tool (step #7 in the previous procedure). Optionally, you can generate a list of drivers using driverquery.exe. To use driverquery, type **driverquery /v > c:\sigcheck\drivers.txt** and press ENTER. See the following example:
-
-    ```cmd
-    C:\Sigcheck>Driverquery /v > C:\sigcheck\drivers.txt
+    [Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. To use sigcheck:
 
+11. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**.
+12. Using the list of unsigned drivers and their associated paths that you obtained from the File Signature Verification tool, run sigcheck to obtain details about the driver, including the catalog file used for signing. Type **sigcheck64 -u -e \<driver path\>** and press ENTER. See the following example:
     ```
-7. Open the drivers.txt file and locate the problem driver that was reported by sigverif in the [procedure above](#remove-unsigned-drivers). Copy the path to the driver.
-8. To check the driver, type **sigcheck64 -u -e \<driver path\>** and press ENTER.  See the following example:
-
-    ```
-    C:\Sigcheck>sigcheck64.exe -i c:\windows\system32\DolbyMATEnc.dll
+    C:\Sigcheck>sigcheck64.exe -i c:\windows\system32\drivers\afd.sys
     
     Sigcheck v2.80 - File version and signature viewer
     Copyright (C) 2004-2020 Mark Russinovich
     Sysinternals - www.sysinternals.com
-    
-    c:\windows\system32\DolbyMATEnc.dll:
-            Verified:       Unsigned
-            Link date:      6:43 PM 9/20/2028
-            Publisher:      n/a
-            Company:        Microsoft Corporation
-            Description:    Dolby MAT Encoder DLL
-            Product:        Microsoft« Windows« Operating System
-            Prod version:   10.0.18362.1
-            File version:   10.0.18362.1 (WinBuild.160101.0800)
-            MachineType:    64-bit
 
+    c:\windows\system32\drivers\afd.sys:
+	    Verified:	Signed
+	    Signing date:	6:18 PM 11/29/2017
+	    Signing date:	6:18 PM 11/29/2017
+	    Catalog:	C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_163_for_KB4054518~31bf3856ad364e35~x86~~6.1.1.2.cat
+	    Signers:
+	       Microsoft Windows
+		    Cert Status:	This certificate or one of the certificates in the certificate chain is not time valid.
+		    Valid Usage:	NT5 Crypto, Code Signing
+		    Cert Issuer:	Microsoft Windows Verification PCA
+		    Serial Number:	33 00 00 00 4B 76 63 2D 24 A2 39 9A 8B 00 01 00 00 00 4B
+		    Thumbprint:	B8037C46D0DB7A8CEE502407469B0EE3234D3365
+		    Algorithm:	sha1RSA
+		    Valid from:	11:46 AM 3/1/2017
+		    Valid to:	11:46 AM 5/9/2018
+            (output truncated)
     ```
-In addition to unsigned drivers, drivers might be signed with an invalid certificate, requiring the driver to be updated or removed so that Windows upgrade can continue. Sigcheck will report whether or not the certificate chain is valid.
+
+13. Optionally, you can generate a list of drivers using driverquery.exe, which is included with Windows. To save a list of signed and unsigned drivers with driverquery, type **driverquery /si > c:\drivers.txt** and press ENTER. See the following example:
+
+    ```cmd
+    C:\>Driverquery /si
+    
+    DeviceName                     InfName       IsSigned Manufacturer             
+    ============================== ============= ======== =========================
+    Microsoft ISATAP Adapter       nettun.inf    TRUE     Microsoft                
+    Generic volume shadow copy     volsnap.inf   TRUE     Microsoft                
+    Generic volume                 volume.inf    TRUE     Microsoft                
+    (truncated)               
+    ```
+    For more information about using driverquery, see [Two Minute Drill: DriverQuery.exe](https://techcommunity.microsoft.com/t5/ask-the-performance-team/two-minute-drill-driverquery-exe/ba-p/374977) and [driverquery](https://docs.microsoft.com/windows-server/administration/windows-commands/driverquery).
 
 ### Update Windows
 
diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md
index 6b8a9587d2..1d75d19367 100644
--- a/windows/deployment/upgrade/resolution-procedures.md
+++ b/windows/deployment/upgrade/resolution-procedures.md
@@ -36,7 +36,7 @@ A frequently observed [result code](upgrade-error-codes.md#result-codes) is 0xC1
 
 The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018).  
 
-To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process. Also check to be sure that your drivers are properly signed. For more information, see [Remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers).
+To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process. Also check to be sure that your drivers are properly signed. For more information, see [Remove unsigned drivers](quick-fixes.md#repair-unsigned-drivers).
 
 See the following general troubleshooting procedures associated with a result code of 0xC1900101:<br /><br />
 
@@ -49,7 +49,7 @@ See the following general troubleshooting procedures associated with a result co
 | 0xC1900101 - 0x30018 | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.<br>Contact your hardware vendor to obtain updated device drivers.<br>Ensure that &quot;Download and install updates (recommended)&quot; is accepted at the start of the upgrade process. | A device driver has stopped responding to setup.exe during the upgrade process. |
 | 0xC1900101 - 0x3000D | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.<br>Update or uninstall the display driver. | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.<br>This can occur due to a problem with a display driver. |
 | 0xC1900101 - 0x4000D | Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.<br>Review the rollback log and determine the stop code.<br>The rollback log is located in the <strong>$Windows.~BT\Sources\Rollback</strong> folder.  An example analysis is shown below. This example is not representative of all cases:<br>&nbsp;<br>Info SP     Crash 0x0000007E detected<br>Info SP       Module name           :<br>Info SP       Bugcheck parameter 1  : 0xFFFFFFFFC0000005<br>Info SP       Bugcheck parameter 2  : 0xFFFFF8015BC0036A<br>Info SP       Bugcheck parameter 3  : 0xFFFFD000E5D23728<br>Info SP       Bugcheck parameter 4  : 0xFFFFD000E5D22F40<br>Info SP     Cannot recover the system.<br>Info SP     Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.<br>&nbsp;<br>Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:<br>&nbsp;<br>1. Make sure you have enough disk space.<br>2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.<br>3. Try changing video adapters.<br>4. Check with your hardware vendor for any BIOS updates.<br>5. Disable BIOS memory options such as caching or shadowing. | A rollback occurred due to a driver configuration issue.<br>Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.<br>This can occur because of incompatible drivers. |
-| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).<br>&nbsp;<br>Ensure that you select the option to "Download and install updates (recommended)."  Also be sure to [remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers).<br>&nbsp;<br><b>Computers that run Citrix VDA</b>  <br>You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.  <br>&nbsp;<br>This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.  <br>&nbsp;<br>**Resolution**<br>&nbsp;<br>To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).<br>&nbsp;<br>You can work around this problem in two ways:<br>&nbsp;<br>**Workaround 1**<br>&nbsp;<br>1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.<br>2. Run the Windows upgrade again.<br>3. Reinstall Citrix VDA.<br>&nbsp;<br>**Workaround 2**<br>&nbsp;<br>If you cannot uninstall Citrix VDA, follow these steps to work around this problem:  <br>&nbsp;<br>1. In Registry Editor, go to the following subkey:<br> **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**<br>2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.<br>3. Go to the following subkey:<br> **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**<br>4. Delete the **CtxMcsWbc** entry.<br>5. Restart the computer, and then try the upgrade again.<br>&nbsp;<br>**Non-Microsoft information disclaimer**  <br>The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.<br>This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. |
+| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).<br>&nbsp;<br>Ensure that you select the option to "Download and install updates (recommended)."  Also be sure to [remove unsigned drivers](quick-fixes.md#repair-unsigned-drivers).<br>&nbsp;<br><b>Computers that run Citrix VDA</b>  <br>You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.  <br>&nbsp;<br>This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.  <br>&nbsp;<br>**Resolution**<br>&nbsp;<br>To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).<br>&nbsp;<br>You can work around this problem in two ways:<br>&nbsp;<br>**Workaround 1**<br>&nbsp;<br>1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.<br>2. Run the Windows upgrade again.<br>3. Reinstall Citrix VDA.<br>&nbsp;<br>**Workaround 2**<br>&nbsp;<br>If you cannot uninstall Citrix VDA, follow these steps to work around this problem:  <br>&nbsp;<br>1. In Registry Editor, go to the following subkey:<br> **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**<br>2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.<br>3. Go to the following subkey:<br> **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**<br>4. Delete the **CtxMcsWbc** entry.<br>5. Restart the computer, and then try the upgrade again.<br>&nbsp;<br>**Non-Microsoft information disclaimer**  <br>The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.<br>This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. |
 
 ## 0x800xxxxx
 

From 96a295c4f02ced1e7a2ea0f33f9ee8a9d84535bf Mon Sep 17 00:00:00 2001
From: greg-lindsay <greglin@microsoft.com>
Date: Thu, 8 Oct 2020 02:34:44 -0700
Subject: [PATCH 31/33] up

---
 windows/deployment/upgrade/quick-fixes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md
index e69527eeb0..f1d655d44b 100644
--- a/windows/deployment/upgrade/quick-fixes.md
+++ b/windows/deployment/upgrade/quick-fixes.md
@@ -183,7 +183,7 @@ To check your system for unsigned drivers:
     [Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. To use sigcheck:
 
 11. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**.
-12. Using the list of unsigned drivers and their associated paths that you obtained from the File Signature Verification tool, run sigcheck to obtain details about the driver, including the catalog file used for signing. Type **sigcheck64 -u -e \<driver path\>** and press ENTER. See the following example:
+12. Using the list of unsigned drivers and their associated paths that you obtained from the File Signature Verification tool, run sigcheck to obtain details about the driver, including the catalog file used for signing. Type **sigcheck64 -i \<driver path\>** and press ENTER (or sigcheck -i for a 32 bit OS). See the following example:
     ```
     C:\Sigcheck>sigcheck64.exe -i c:\windows\system32\drivers\afd.sys
     

From bf9fdab616073a163800b1c819fd847803cb5ea5 Mon Sep 17 00:00:00 2001
From: Tina Burden <v-tibur@microsoft.com>
Date: Thu, 8 Oct 2020 08:54:03 -0700
Subject: [PATCH 32/33] pencil edit

---
 windows/client-management/mdm/devicestatus-csp.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index 97daf7a3ce..6ab35ba018 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -36,9 +36,8 @@ Supported operation is Get.
 <a href="" id="devicestatus-cellularidentities"></a>**DeviceStatus/CellularIdentities**  
 Required. Node for queries on the SIM cards.
 
-> **Note**  Multiple SIMs are supported.
-
- 
+>[!NOTE]
+>Multiple SIMs are supported.
 
 <a href="" id="devicestatus-cellularidentities-imei"></a>**DeviceStatus/CellularIdentities/**<strong>*IMEI*</strong>  
 The unique International Mobile Station Equipment Identity (IMEI) number of the mobile device. An IMEI is present for each SIM card on the device.

From fce88befcc084ff10f297162d632cc11c86ed68a Mon Sep 17 00:00:00 2001
From: ManikaDhiman <v-madhi@microsoft.com>
Date: Thu, 8 Oct 2020 09:34:01 -0700
Subject: [PATCH 33/33] minor update to trigger build

---
 .../client-management/mdm/policies-in-policy-csp-admx-backed.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 75ac21a8b3..5a62b30b51 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -9,7 +9,7 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 08/18/2020
+ms.date: 10/08/2020
 ---
 
 # ADMX-backed policies in Policy CSP