Merge branch 'main' into nimishasatapathy-5878036-addsearch

windows/client-management/mdm/config-lock.md

@@ -8,7 +8,7 @@ ms.topic: article
 ms.prod: w11
 ms.technology: windows
 author: lovina-saldanha
-ms.date: 10/07/2021
+ms.date: 03/14/2022
 ---
 
 # Secured-Core PC Configuration Lock 
@@ -48,31 +48,31 @@ The steps to turn on Config Lock using Microsoft Endpoint Manager (Microsoft Int
     - **Profile type**: Templates
     - **Template name**: Custom
 
-    :::image type="content" source="images/configlock-mem-createprofile.png" alt-text="create profile":::
+    :::image type="content" source="images/configlock-mem-createprofile.png" alt-text="In Configuration profiles, the Create a profile page is showing, with the Platform set to Windows 10 and later, and a Profile Type of Templates":::
 
 1. Name your profile.
 1. When you reach the Configuration Settings step, select “Add” and add the following information:
     - **OMA-URI**: ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/ConfigLock/Lock
     - **Data type**: Integer
     - **Value**: 1 </br>
-    To turn off Config Lock. Change value to 0.
+    To turn off Config Lock, change the value to 0.
 
-    :::image type="content" source="images/configlock-mem-editrow.png" alt-text="edit row":::
+    :::image type="content" source="images/configlock-mem-editrow.png" alt-text="In the Configuration settings step, the Edit Row page is shown with a Name of Config Lock, a Description of Turn on Config Lock and the OMA-URI set as above, along with a Data type of Integer set to a Value of 1":::
 
 1. Select the devices to turn on Config Lock. If you're using a test tenant, you can select “+ Add all devices”.
 1. You'll not need to set any applicability rules for test purposes.
 1. Review the Configuration and select “Create” if everything is correct.
 1. After the device syncs with the Microsoft Intune server, you can confirm if the Config Lock was successfully enabled.
 
-    :::image type="content" source="images/configlock-mem-dev.png" alt-text="status":::
+    :::image type="content" source="images/configlock-mem-dev.png" alt-text="The Profile assignment status dashboard when viewing the Config Lock device configuration profile, showing one device has succeeded in having this profile applied":::
 
-    :::image type="content" source="images/configlock-mem-devstatus.png" alt-text="device status":::
+    :::image type="content" source="images/configlock-mem-devstatus.png" alt-text="The Device Status for the Config Lock Device Configuration Profile, showing one device with a Deployment Status as Succeeded and two with Pending":::
 
-## Disabling
+## Configuring Secured-Core PC features
 
-Config Lock is designed to ensure that a Secured-Core PC isn't unintentionally misconfigured.  IT Admins retain the ability to change (enabled/disable) SCPC features via Group Policies and/or mobile device management (MDM) tools, such as Microsoft Intune.
+Config Lock is designed to ensure that a Secured-Core PC isn't unintentionally misconfigured.  IT Admins retain the ability to change (enable/disable) SCPC features (for example Firmware protection) via Group Policies and/or mobile device management (MDM) tools, such as Microsoft Intune.
 
-:::image type="content" source="images/configlock-mem-firmwareprotect.png" alt-text="firmware protect":::
+:::image type="content" source="images/configlock-mem-firmwareprotect.png" alt-text="The Defender Firmware protection setting, with a description of Windows Defender System Guard protects your device from compromised firmware. The setting is set to Off":::
  
 ## FAQ
 
@@ -89,45 +89,45 @@ Config Lock is designed to ensure that a Secured-Core PC isn't unintentionally m
 |[ApplicationControl](applicationcontrol-csp.md) 
 
 
-|**MDM policies**     |
-|-----|
-|[DataProtection/AllowDirectMemoryAccess](policy-csp-dataprotection.md)      |
-|[DataProtection/LegacySelectiveWipeID](policy-csp-dataprotection.md)      |
-|[DeviceGuard/ConfigureSystemGuardLaunch](policy-csp-deviceguard.md)      |
-|[DeviceGuard/EnableVirtualizationBasedSecurity](policy-csp-deviceguard.md)      |
-|[DeviceGuard/LsaCfgFlags](policy-csp-deviceguard.md)      |
-|[DeviceGuard/RequirePlatformSecurityFeatures](policy-csp-deviceguard.md)      |
-|[DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](policy-csp-deviceinstallation.md)      |
-|[DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md)      |
-|[DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](policy-csp-deviceinstallation.md) |
-|[DeviceInstallation/PreventDeviceMetadataFromNetwork](policy-csp-deviceinstallation.md) |
-|[DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](policy-csp-deviceinstallation.md) |
-|[DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](policy-csp-deviceinstallation.md) |
-|[DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md) |
-|[DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](policy-csp-deviceinstallation.md) |
-|[DmaGuard/DeviceEnumerationPolicy](policy-csp-dmaguard.md) |
-|[WindowsDefenderSecurityCenter/CompanyName](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/DisableAccountProtectionUI](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/DisableAppBrowserUI](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/DisableClearTpmButton](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/DisableDeviceSecurityUI](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/DisableEnhancedNotifications](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/DisableFamilyUI](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/DisableHealthUI](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/DisableNetworkUI](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/DisableNotifications](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning](policy-csp-windowsdefendersecuritycenter.md)|
-|[WindowsDefenderSecurityCenter/DisableVirusUI](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/Email](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/EnableCustomizedToasts](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/EnableInAppCustomization](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/HideRansomwareDataRecovery](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/HideSecureBoot](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/HideTPMTroubleshooting](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/Phone](policy-csp-windowsdefendersecuritycenter.md) |
-|[WindowsDefenderSecurityCenter/URL](policy-csp-windowsdefendersecuritycenter.md) |
-|[SmartScreen/EnableAppInstallControl](policy-csp-smartscreen.md)|
-|[SmartScreen/EnableSmartScreenInShell](policy-csp-smartscreen.md) |
-|[SmartScreen/PreventOverrideForFilesInShell](policy-csp-smartscreen.md) |
+|**MDM policies**     | **Supported by Group Policy** |
+|-----|-----|
+|[DataProtection/AllowDirectMemoryAccess](policy-csp-dataprotection.md)      | No |
+|[DataProtection/LegacySelectiveWipeID](policy-csp-dataprotection.md)      | No |
+|[DeviceGuard/ConfigureSystemGuardLaunch](policy-csp-deviceguard.md)      | Yes |
+|[DeviceGuard/EnableVirtualizationBasedSecurity](policy-csp-deviceguard.md)      | Yes |
+|[DeviceGuard/LsaCfgFlags](policy-csp-deviceguard.md)      | Yes |
+|[DeviceGuard/RequirePlatformSecurityFeatures](policy-csp-deviceguard.md)      | Yes |
+|[DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](policy-csp-deviceinstallation.md)      | Yes |
+|[DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md)      | Yes |
+|[DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](policy-csp-deviceinstallation.md) | Yes |
+|[DeviceInstallation/PreventDeviceMetadataFromNetwork](policy-csp-deviceinstallation.md) | Yes |
+|[DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](policy-csp-deviceinstallation.md) | Yes |
+|[DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](policy-csp-deviceinstallation.md) | Yes |
+|[DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md) | Yes |
+|[DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](policy-csp-deviceinstallation.md) | Yes |
+|[DmaGuard/DeviceEnumerationPolicy](policy-csp-dmaguard.md) | Yes |
+|[WindowsDefenderSecurityCenter/CompanyName](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableAccountProtectionUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableAppBrowserUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableClearTpmButton](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableDeviceSecurityUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableEnhancedNotifications](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableFamilyUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableHealthUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableNetworkUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableNotifications](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning](policy-csp-windowsdefendersecuritycenter.md)| Yes |
+|[WindowsDefenderSecurityCenter/DisableVirusUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/Email](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/EnableCustomizedToasts](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/EnableInAppCustomization](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/HideRansomwareDataRecovery](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/HideSecureBoot](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/HideTPMTroubleshooting](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/Phone](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/URL](policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[SmartScreen/EnableAppInstallControl](policy-csp-smartscreen.md)| Yes |
+|[SmartScreen/EnableSmartScreenInShell](policy-csp-smartscreen.md) | Yes |
+|[SmartScreen/PreventOverrideForFilesInShell](policy-csp-smartscreen.md) | Yes |

windows/client-management/mdm/defender-csp.md

@@ -10,7 +10,7 @@ ms.prod: w10
 ms.technology: windows
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 10/04/2021
+ms.date: 02/22/2022
 ---
 
 # Defender CSP
@@ -623,9 +623,9 @@ Valid values are:
 <a href="" id="configuration-hideexclusionsfromlocaladmins"></a>**Configuration/HideExclusionsFromLocalAdmins**<br>
 This policy setting controls whether or not exclusions are visible to Local Admins.  For end users (that are not Local Admins) exclusions are not visible, whether or not this setting is enabled.
 
-If you disable or do not configure this setting, Local Admins will be able to see exclusions in the Windows Security App and via PowerShell.
+If you disable or do not configure this setting, Local Admins will be able to see exclusions in the Windows Security App, in the registry, and via PowerShell.
 
-If you enable this setting, Local Admins will no longer be able to see the exclusion list in the Windows Security app or via PowerShell.
+If you enable this setting, Local Admins will no longer be able to see the exclusion list in the Windows Security app, in the registry, or via PowerShell.
 
 > [!NOTE]
 > Applying this setting will not remove exclusions, it will only prevent them from being visible to Local Admins. This is reflected in **Get-MpPreference**.

windows/client-management/mdm/diagnosticlog-csp.md

@@ -90,6 +90,8 @@ The data type is string.
 Expected value:
 Set and Execute are functionality equivalent, and each accepts a `Collection` XML snippet (as a string) describing what data to gather and where to upload it. The results are zipped and uploaded to the specified SasUrl. The zipped filename format is "DiagLogs-{ComputerName}-YYYYMMDDTHHMMSSZ.zip".
 
+With Windows 10 KB5011543, Windows 11 KB5011563 we have added support for an additional element which will determine whether the output file generated by the CSP is a flattened folder structure, instead of having individual folders for each directive in the XML. 
+
 The following is an example of a `Collection` XML.
 
 ``` xml
@@ -104,6 +106,7 @@ The following is an example of a `Collection` XML.
    <Command>%windir%\system32\mdmdiagnosticstool.exe -out %ProgramData%\temp\</Command>
    <FoldersFiles>%ProgramData%\temp\*.*</FoldersFiles>
    <Events>Application</Events>
+   <OutputFileFormat>Flattened</OutputFileFormat>
 </Collection>
 
 ```
@@ -176,6 +179,11 @@ The SasUrl value is the target URI to which the CSP uploads the zip file contain
     - .evtx
     - .etl
 
+- **OutputFileFormat**
+  - Flattens folder structure, instead of having individual folders for each directive in the XML.
+  - The value “Flattened” is the only supported value for the OutputFileFormat. If the OutputFileFormat is absent in the XML, or if explicitly set to something other than Flattened, it will leave the file structure in old structure.  
+
+
 <a href="" id="diagnosticarchive-archiveresults"></a>**DiagnosticArchive/ArchiveResults**
 Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting displays the results of the last archive run.
 
@@ -367,6 +375,7 @@ Added in version 1.4 of the CSP in Windows 10, version 1903. Dynamic node to rep
 
 Supported operations are Add, Delete, and Get.
 
+
 Add **Channel**
 ``` xml
  <SyncML xmlns="SYNCML:SYNCML1.2">

windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: dansimp
-ms.date: 01/03/2022
+ms.date: 03/02/2022
 ms.reviewer:
 manager: dansimp
 ms.collection: highpri
@@ -47,14 +47,15 @@ In Windows 10, version 1709 or later, when the same policy is configured in GP a
 For this policy to work, you must verify that the MDM service provider allows the GP triggered MDM enrollment for domain joined devices.
 
 ## Verify auto-enrollment requirements and settings
+
 To ensure that the auto-enrollment feature is working as expected, you must verify that various requirements and settings are configured correctly.
 The following steps demonstrate required settings using the Intune service:
 
-1. Verify that the user who is going to enroll the device has a valid Endpoint Protection Manager license.
+1. Verify that the user who is going to enroll the device has a valid [Intune license](/mem/intune/fundamentals/licenses).
 
    :::image type="content" alt-text="Intune license verification." source="images/auto-enrollment-intune-license-verification.png" lightbox="images/auto-enrollment-intune-license-verification.png":::
 
-2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Mobile Device Management (MDM). For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](./azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md).
+2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Mobile Device Management (MDM) with Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](./azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md).
 
     ![Auto-enrollment activation verification.](images/auto-enrollment-activation-verification.png)
 

windows/client-management/mdm/enterprisedesktopappmanagement-csp.md

@@ -66,7 +66,7 @@ Installation date of the application. Value type is string. Supported operation
 <a href="" id="msi-productid-downloadinstall"></a>**MSI/*ProductID*/DownloadInstall**
 Executes the download and installation of the application. Value type is string. Supported operations are Execute and Get.
 
-In Windows 10, version 1703 service release, a new tag \<DownloadFromAad\> was added to the \<Enforcement\> section of the XML. The default value is 0 (do not send token). This tag is optional and needs to be set to 1 in case the server wants the download URL to get the AADUserToken.
+In Windows 10, version 1703 service release, a new tag \<DownloadFromAad\> was added to the \<Enforcement\> section of the XML. The default value is 0 (do not send token). This tag is optional and needs to be set to 1 in case the server wants the download URL to get the AADUserToken.\<TimeOut\> 0 will set the timeout to infinite. 
 
 Here is an example:
 
@@ -112,7 +112,7 @@ Value type is string. Supported operation is Get.
 Added in the March service release of Windows 10, version 1607.
 
 <a href="" id="msi-upgradecode"></a>**MSI/UpgradeCode/_Guid_**
-Added in the March service release of Windows 10, version 1607. A gateway (or device management server) uses this method to detect matching upgrade MSI product when a Admin wants to update an existing MSI app. If the same upgrade product is installed, then the update is allowed.
+Added in the March service release of Windows 10, version 1607. A gateway (or device management server) uses this method to detect matching upgrade MSI product when an Admin wants to update an existing MSI app. If the same upgrade product is installed, then the update is allowed.
 
 Value type is string. Supported operation is Get.
 
@@ -261,7 +261,7 @@ The following table describes the fields in the previous sample:
 
 |Name|Description|
 |--- |--- |
-|Add|This is required to precede the Exec command.<li>CmdID - Input value used to reference the request. Responses includes this value, which can be use to match the request and response.<li>LocURI - Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting.|
+|Add|This is required to precede the Exec command.<li>CmdID - Input value used to reference the request. Responses include this value, which can be used to match the request and response.<li>LocURI - Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting.|
 |Exec|The Exec node includes the parameters and properties requires to locate, download, validate and perform product installation.<li>CmdID - Input value used to reference the request. Responses will include this value which can be used to match request and response.<li>LocURI - Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting.<li>Data - The Data node contains an embedded XML, of type “MsiInstallJob”<li>MsiInstallJob - Contains all information required for the successful download, validation and execution of the MSI installation process (see section at the end of this document for details on this embedded data object).|
 </table>
 
@@ -370,7 +370,7 @@ Here is an example of a common response to a request
 ## How to determine which installation context to use for an MSI package
 
 
-The following tables shows how app targeting and MSI package type (per-user, per machine, or dual mode) are installed in the client.
+The following tables show how app targeting and MSI package type (per-user, per machine, or dual mode) are installed in the client.
 
 For Intune standalone environment, the MSI package will determine the MSI execution context.
 

windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md

@@ -9,7 +9,7 @@ ms.prod: w10
 ms.technology: windows
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 10/11/2021
+ms.date: 03/01/2022
 ---
 
 # Policies in Policy CSP supported by HoloLens 2
@@ -120,7 +120,6 @@ ms.date: 10/11/2021
 - [Update/ScheduleRestartWarning](policy-csp-update.md#update-schedulerestartwarning) <sup>10</sup>
 - [Update/SetDisablePauseUXAccess](policy-csp-update.md#update-setdisablepauseuxaccess)
 - [Update/UpdateNotificationLevel](policy-csp-update.md#update-updatenotificationlevel) <sup>10</sup>
-- [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl)
 - [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
 - [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) <sup>8</sup>
 
@@ -139,4 +138,4 @@ Footnotes:
 
 ## Related topics
 
-[Policy CSP](policy-configuration-service-provider.md)
+[Policy CSP](policy-configuration-service-provider.md)

windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md

@@ -64,7 +64,7 @@ ms.date: 07/22/2020
 - [DeliveryOptimization/DOMonthlyUploadDataCap](policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
 - [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth)
 - [Desktop/PreventUserRedirectionOfProfileFolders](policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
-- [RestrictedGroups/ConfigureGroupMembership](policy-csp-restrictedgroups.md)
+- [RestrictedGroups/ConfigureGroupMembership](policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership)
 - [System/AllowLocation](policy-csp-system.md#system-allowlocation)
 - [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard)
 - [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry)
@@ -79,11 +79,12 @@ ms.date: 07/22/2020
 - [TextInput/ExcludeJapaneseIMEExceptJIS0208](policy-csp-textinput.md#textinput-excludejapaneseimeexceptjis0208)
 - [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](policy-csp-textinput.md#textinput-excludejapaneseimeexceptjis0208andeudc)
 - [TextInput/ExcludeJapaneseIMEExceptShiftJIS](policy-csp-textinput.md#textinput-excludejapaneseimeexceptshiftjis)
+- [TimeLanguageSettings/ConfigureTimeZone](policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone)
 - [Wifi/AllowInternetSharing](policy-csp-wifi.md#wifi-allowinternetsharing)
 - [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
 - [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi)
-- [WiFi/AllowWiFiHotSpotReporting](policy-csp-wifi.md#wifi-allowwifihotspotreporting)
-- [WiFi/WLANScanMode](policy-csp-wifi.md#wifi-wlanscanmode)
+- [Wifi/AllowWiFiHotSpotReporting](policy-csp-wifi.md#wifi-allowwifihotspotreporting)
+- [Wifi/WLANScanMode](policy-csp-wifi.md#wifi-wlanscanmode)
 - [Wifi/AllowWiFiDirect](policy-csp-wifi.md#wifi-allowwifidirect)
 - [WirelessDisplay/AllowMdnsAdvertisement](policy-csp-wirelessdisplay.md#wirelessdisplay-allowmdnsadvertisement)
 - [WirelessDisplay/AllowMdnsDiscovery](policy-csp-wirelessdisplay.md#wirelessdisplay-allowmdnsdiscovery)

windows/client-management/mdm/policy-csp-applicationmanagement.md

@@ -834,6 +834,9 @@ Value type is string.
 <!--/Description-->
 <!--SupportedValues-->
 
+> [!NOTE]
+> The check for recurrence is done in a case sensitive manner. For instance the value needs to be “Daily” instead of “daily”. The wrong case will cause SmartRetry to fail to execute.
+
 <!--/SupportedValues-->
 <!--Example-->
 Sample SyncML:
@@ -853,7 +856,7 @@ Sample SyncML:
         </Meta> 
         <Data> 
           <ForceRestart StartDateTime="2018-03-28T22:21:52Z"  
-                        Recurrence="[none/daily/weekly/monthly]"  
+                        Recurrence="[None/Daily/Weekly/Monthly]"  
                         DayOfWeek=”1”  
                         DayOfMonth=”12”  
                         RunIfTaskIsMissed=”1”/> 

windows/client-management/mdm/policy-csp-authentication.md

@@ -401,7 +401,7 @@ Web Sign-in is only supported on Azure AD Joined PCs.
 <!--/Scope-->
 <!--Description-->
 > [!Warning]
-> The Web Sign-in feature is in preview mode only and therefore not meant or recommended for production purposes.
+> The Web Sign-in feature is in private preview mode only and not meant or recommended for production purposes. This setting is not currently supported at this time. 
 
 This policy is intended for use on Shared PCs to enable a quick first sign-in experience for a user. It works by automatically connecting new non-admin Azure Active Directory (Azure AD) accounts to the pre-configured candidate local accounts.
 
@@ -456,7 +456,7 @@ Value type is integer. Supported values:
 <!--/Scope-->
 <!--Description-->
 > [!Warning]
-> The Web Sign-in feature is in preview mode only and therefore not meant or recommended for production purposes.
+> The Web Sign-in feature is in private preview mode only and not meant or recommended for production purposes. This setting is not currently supported at this time. 
 
 "Web Sign-in" is a new way of signing into a Windows PC. It enables Windows logon support for new Azure AD credentials, like Temporary Access Pass.
 

windows/client-management/mdm/policy-csp-textinput.md

@@ -7,7 +7,7 @@ ms.prod: w10
 ms.technology: windows
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 09/27/2019
+ms.date: 03/03/2022
 ms.reviewer: 
 manager: dansimp
 ---
@@ -1084,15 +1084,15 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Specifies whether the emoji button is enabled or disabled for the touch keyboard. When this policy is set to disabled, the emoji button on touch keyboard is disabled.
+Specifies whether the emoji, GIF (only in Windows 11), and kaomoji (only in Windows 11) buttons are available or unavailable for the touch keyboard. When this policy is set to disabled, the buttons are hidden and unavailable.
 
 <!--/Description-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
--   0 (default) - The OS determines when it's most appropriate to be available.
--   1 - Emoji button on keyboard is always available.
--   2 - Emoji button on keyboard is always disabled.
+- 0 (default) - The OS determines when buttons are most appropriate to be available.
+- 1 - Emoji, GIF, and Kaomoji buttons on the touch keyboard are always available.
+- 2 - Emoji, GIF, and Kaomoji buttons on the touch keyboard are always unavailable.
 
 <!--/SupportedValues-->
 <!--/Policy-->

windows/client-management/mdm/surfacehub-csp.md

@@ -31,7 +31,7 @@ SurfaceHub
 --------Email
 --------CalendarSyncEnabled
 --------ErrorContext
---------PasswordRotationPeriod
+--------PasswordRotationEnabled
 ----MaintenanceHoursSimple
 --------Hours
 ------------StartTime

windows/client-management/mdm/toc.yml

@@ -963,6 +963,11 @@ items:
           items: 
             - name: WindowsAdvancedThreatProtection DDF file
               href: windowsadvancedthreatprotection-ddf.md
+        - name: WindowsAutoPilot CSP
+          href: windowsautopilot-csp.md
+          items: 
+            - name: WindowsAutoPilot DDF file
+              href: windowsautopilot-ddf-file.md
         - name: WindowsDefenderApplicationGuard CSP
           href: windowsdefenderapplicationguard-csp.md
           items: 

windows/client-management/mdm/windowsautopilot-csp.md

@@ -0,0 +1,29 @@
+---
+title: WindowsAutoPilot CSP
+description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, which results in security and privacy concerns in Autopilot.
+ms.assetid: E6BC6B0D-1F16-48A5-9AC4-76D69A7EDDA6
+ms.reviewer: 
+manager: dansimp
+ms.author: v-nsatapathy
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 02/07/2022
+---
+
+# WindowsAutoPilot CSP
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+The WindowsAutopilot CSP collects hardware information about a device and formats it into a BLOB. This BLOB is used as input for calling Windows Autopilot Service to mark a device as remediation required if the device underwent a hardware change that affects its ability to use Windows Autopilot.” with “The WindowsAutopilot CSP exposes Windows Autopilot related device information.” Because the CSP description should be more general/high level.
+
+**./Vendor/MSFT/WindowsAutopilot**
+
+Root node. Supported operation is Get.
+
+**HardwareMismatchRemediationData**
+
+Interior node. Supported operation is Get. Collects hardware information about a device and returns it as an encoded string. This string is used as input for calling Windows Autopilot Service to remediate a device if the device underwent a hardware change that affects its ability to use Windows Autopilot.

windows/client-management/mdm/windowsautopilot-ddf-file.md

@@ -0,0 +1,76 @@
+---
+title: WindowsAutoPilot DDF file
+description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, for the WindowsAutoPilot DDF file configuration service provider (CSP) .
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.date: 02/07/2022
+ms.reviewer: 
+manager: dansimp
+---
+
+# WindowsAutoPilot DDF file
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+This topic shows the device description framework (DDF) for the **WindowsAutoPilot** configuration service provider. 
+
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+
+```xml
+<NodeName>WindowsAutopilot</NodeName>
+        <Path>./Vendor/MSFT</Path>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>These settings enable configuration of Windows Autopilot</Description>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <MIME>com.microsoft/1.0/MDM/WindowsAutopilot</MIME>
+          </DFType>
+          <Applicability>
+            <OsBuildVersion>99.9.99999, 10.0.19041.1202, 10.0.19042.1202, 10.0.19043.1202</OsBuildVersion>
+            <CspVersion>1.0</CspVersion>
+          </Applicability>
+          <ExposedTo>
+            <Mdm />
+          </ExposedTo>
+        </DFProperties>
+        <Node>
+          <NodeName>HardwareMismatchRemediationData</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>This data is used to remediate Autopilot hardware mismatches.</Description>
+            <DFFormat>
+              <chr />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
+    </MgmtTree>
+  </cspDefinition>
+</identity>
+```

windows/configuration/provisioning-packages/provisioning-multivariant.md

@@ -121,30 +121,30 @@ Follow these steps to create a provisioning package with multivariant capabiliti
     The following example shows the contents of a sample customizations.xml file.
 
     ```XML
-   <?xml version="1.0" encoding="utf-8"?> 
-   <WindowsCustomizatons> 
-   <PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0"> 
-    <ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID> 
-    <Name>My Provisioning Package</Name> 
-    <Version>1.0</Version> 
-    <OwnerType>OEM</OwnerType> 
-    <Rank>50</Rank> 
-   </PackageConfig> 
-   <Settings xmlns="urn:schemas-microsoft-com:windows-provisioning"> 
-    <Customizations> 
-      <Common> 
-        <Policies> 
-          <AllowBrowser>0</AllowBrowser> 
-          <AllowCamera>0</AllowCamera> 
-          <AllowBluetooth>0</AllowBluetooth> 
-        </Policies> 
-        <HotSpot> 
-          <Enabled>0</Enabled> 
-        </HotSpot> 
-      </Common> 
-    </Customizations> 
-   </Settings> 
-   </WindowsCustomizatons> 
+   <?xml version="1.0" encoding="utf-8"?>
+   <WindowsCustomizations>
+     <PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0">
+       <ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID>
+       <Name>My Provisioning Package</Name>
+       <Version>1.0</Version>
+       <OwnerType>OEM</OwnerType>
+       <Rank>50</Rank>
+     </PackageConfig>
+     <Settings xmlns="urn:schemas-microsoft-com:windows-provisioning">
+       <Customizations>
+         <Common>
+           <Policies>
+             <AllowBrowser>0</AllowBrowser>
+             <AllowCamera>0</AllowCamera>
+             <AllowBluetooth>0</AllowBluetooth>
+           </Policies>
+           <HotSpot>
+             <Enabled>0</Enabled>
+           </HotSpot>
+         </Common>
+       </Customizations>
+     </Settings>
+   </WindowsCustomizations> 
     ```
 
 5. Edit the customizations.xml file to create a **Targets** section to describe the conditions that will handle your multivariant settings. 
@@ -152,48 +152,48 @@ Follow these steps to create a provisioning package with multivariant capabiliti
     The following example shows the customizations.xml, which has been modified to include several conditions including **ProcessorName**, **ProcessorType**, **MCC**, and **MNC**.
     
     ```XML
-    <?xml version="1.0" encoding="utf-8"?> 
-   <WindowsCustomizatons> 
-   <PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0"> 
-    <ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID> 
-    <Name>My Provisioning Package</Name> 
-    <Version>1.0</Version> 
-    <OwnerType>OEM</OwnerType> 
-    <Rank>50</Rank> 
-   </PackageConfig> 
-   <Settings xmlns="urn:schemas-microsoft-com:windows-provisioning"> 
-    <Customizations> 
-      <Common> 
-        <Policies> 
-          <AllowBrowser>0</AllowBrowser> 
-          <AllowCamera>0</AllowCamera> 
-          <AllowBluetooth>0</AllowBluetooth> 
-        </Policies> 
-        <HotSpot> 
-          <Enabled>0</Enabled> 
-        </HotSpot> 
-      </Common> 
-      <Targets> 
-        <Target Id="Unique target identifier for desktop"> 
-          <TargetState> 
-            <Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" /> 
-            <Condition Name="ProcessorType" Value="Pattern:.*(I|i)ntel.*" /> 
-          </TargetState> 
-          <TargetState> 
-            <Condition Name="ProcessorName" Value="Barton" /> 
-            <Condition Name="ProcessorType" Value="Athlon MP" /> 
-          </TargetState> 
-        </Target> 
-        <Target Id="Mobile target"> 
-          <TargetState> 
-            <Condition Name="MCC" Value="Range:310, 320" /> 
-            <Condition Name="MNC" Value="!Range:400, 550" /> 
-          </TargetState> 
-        </Target> 
-      </Targets> 
-    </Customizations> 
-   </Settings> 
-   </WindowsCustomizatons> 
+   <?xml version="1.0" encoding="utf-8"?>
+   <WindowsCustomizations>
+     <PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0">
+       <ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID>
+       <Name>My Provisioning Package</Name>
+       <Version>1.0</Version>
+       <OwnerType>OEM</OwnerType>
+       <Rank>50</Rank>
+     </PackageConfig>
+     <Settings xmlns="urn:schemas-microsoft-com:windows-provisioning">
+       <Customizations>
+         <Common>
+           <Policies>
+             <AllowBrowser>0</AllowBrowser>
+             <AllowCamera>0</AllowCamera>
+             <AllowBluetooth>0</AllowBluetooth>
+           </Policies>
+           <HotSpot>
+             <Enabled>0</Enabled>
+           </HotSpot>
+         </Common>
+         <Targets>
+           <Target Id="Unique target identifier for desktop">
+             <TargetState>
+               <Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" />
+               <Condition Name="ProcessorType" Value="Pattern:.*(I|i)ntel.*" />
+             </TargetState>
+             <TargetState>
+               <Condition Name="ProcessorName" Value="Barton" />
+               <Condition Name="ProcessorType" Value="Athlon MP" />
+             </TargetState>
+           </Target>
+           <Target Id="Mobile target">
+             <TargetState>
+               <Condition Name="MCC" Value="Range:310, 320" />
+               <Condition Name="MNC" Value="!Range:400, 550" />
+             </TargetState>
+           </Target>
+         </Targets>
+       </Customizations>
+     </Settings>
+   </WindowsCustomizations> 
     ```
 
 6. In the customizations.xml file, create a **Variant** section for the settings you need to customize. To do this:
@@ -212,56 +212,56 @@ Follow these steps to create a provisioning package with multivariant capabiliti
     The following example shows the customizations.xml updated to include a **Variant** section and the moved settings that will be applied if the conditions for the variant are met.
 
     ```XML
-   &lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt; 
-   <WindowsCustomizatons> 
-   <PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0">
-    <ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID> 
-    <Name>My Provisioning Package</Name> 
-    <Version>1.0</Version> 
-    <OwnerType>OEM</OwnerType> 
-    <Rank>50</Rank> 
-   </PackageConfig> 
-   <Settings xmlns="urn:schemas-microsoft-com:windows-provisioning"> 
-    <Customizations> 
-      <Common> 
-      </Common> 
-      <Targets> 
-        <Target Id="Unique target identifier for desktop"> 
-          <TargetState> 
-            <Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" /> 
-            <Condition Name="ProcessorType" Value="Pattern:.*(I|i)ntel.*" /> 
-          </TargetState> 
-          <TargetState> 
-            <Condition Name="ProcessorName" Value="Barton" /> 
-            <Condition Name="ProcessorType" Value="Athlon MP" /> 
-          </TargetState> 
-        </Target> 
-        <Target Id="Mobile target"> 
-          <TargetState> 
-            <Condition Name="MCC" Value="Range:310, 320" /> 
-            <Condition Name="MNC" Value="!Range:400, 550" /> 
-          </TargetState> 
-        </Target>
-      </Targets> 
-      <Variant> 
-        <TargetRefs> 
-          <TargetRef Id="Unique target identifier for desktop" /> 
-          <TargetRef Id="Mobile target" /> 
-        </TargetRefs> 
-        <Settings> 
-          <Policies> 
-            <AllowBrowser>1</AllowBrowser> 
-            <AllowCamera>1</AllowCamera> 
-            <AllowBluetooth>1</AllowBluetooth> 
-          </Policies> 
-          <HotSpot> 
-            <Enabled>1</Enabled> 
-          </HotSpot> 
-        </Settings> 
-      </Variant> 
-    </Customizations> 
-   </Settings> 
-   </WindowsCustomizatons> 
+   <?xml version="1.0" encoding="utf-8"?>
+   <WindowsCustomizations>
+     <PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0">
+       <ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID>
+       <Name>My Provisioning Package</Name>
+       <Version>1.0</Version>
+       <OwnerType>OEM</OwnerType>
+       <Rank>50</Rank>
+     </PackageConfig>
+     <Settings xmlns="urn:schemas-microsoft-com:windows-provisioning">
+       <Customizations>
+         <Common>
+         </Common>
+         <Targets>
+           <Target Id="Unique target identifier for desktop">
+             <TargetState>
+               <Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" />
+               <Condition Name="ProcessorType" Value="Pattern:.*(I|i)ntel.*" />
+             </TargetState>
+             <TargetState>
+               <Condition Name="ProcessorName" Value="Barton" />
+               <Condition Name="ProcessorType" Value="Athlon MP" />
+             </TargetState>
+           </Target>
+           <Target Id="Mobile target">
+             <TargetState>
+               <Condition Name="MCC" Value="Range:310, 320" />
+               <Condition Name="MNC" Value="!Range:400, 550" />
+             </TargetState>
+           </Target>
+         </Targets>
+         <Variant>
+           <TargetRefs>
+             <TargetRef Id="Unique target identifier for desktop" />
+             <TargetRef Id="Mobile target" />
+           </TargetRefs>
+           <Settings>
+             <Policies>
+               <AllowBrowser>1</AllowBrowser>
+               <AllowCamera>1</AllowCamera>
+               <AllowBluetooth>1</AllowBluetooth>
+             </Policies>
+             <HotSpot>
+               <Enabled>1</Enabled>
+             </HotSpot>
+           </Settings>
+         </Variant>
+       </Customizations>
+     </Settings>
+   </WindowsCustomizations> 
     ```
 
 7. Save the updated customizations.xml file and note the path to this updated file. You will need the path as one of the values for the next step.

windows/deployment/TOC.yml

@@ -47,12 +47,12 @@
         - name: Define your servicing strategy
           href: update/plan-define-strategy.md
         - name: Delivery Optimization for Windows client updates
-          href: update/waas-delivery-optimization.md
+          href: do/waas-delivery-optimization.md
           items:
             - name: Using a proxy with Delivery Optimization
-              href: update/delivery-optimization-proxy.md
+              href: do/delivery-optimization-proxy.md
             - name: Delivery Optimization client-service communication
-              href: update/delivery-optimization-workflow.md
+              href: do/delivery-optimization-workflow.md
         - name: Windows 10 deployment considerations
           href: planning/windows-10-deployment-considerations.md
         - name: Windows 10 infrastructure requirements
@@ -83,7 +83,7 @@
         - name: Update Baseline
           href: update/update-baseline.md
         - name: Set up Delivery Optimization for Windows client updates
-          href: update/waas-delivery-optimization-setup.md
+          href: do/index.yml
         - name: Configure BranchCache for Windows client updates
           href: update/waas-branchcache.md
         - name: Prepare your deployment tools
@@ -185,7 +185,7 @@
         - name: Monitor Windows client updates
           items:
             - name: Monitor Delivery Optimization
-              href: update/waas-delivery-optimization-setup.md#monitor-delivery-optimization
+              href: do/waas-delivery-optimization-setup.md#monitor-delivery-optimization
             - name: Monitor Windows Updates
               items:
               - name: Monitor Windows Updates with Update Compliance
@@ -283,7 +283,7 @@
         - name: Additional Windows Update settings
           href: update/waas-wu-settings.md
         - name: Delivery Optimization reference
-          href: update/waas-delivery-optimization-reference.md
+          href: do/waas-delivery-optimization-reference.md
         - name: Windows client in S mode
           href: s-mode.md
         - name: Switch to Windows client Pro or Enterprise from S mode

windows/deployment/deploy-whats-new.md

@@ -72,7 +72,7 @@ Windows PowerShell cmdlets for Delivery Optimization have been improved:
 - **Get-DeliveryOptimizationLogAnalysis** is a new cmdlet that provides a summary of the activity in your DO log (# of downloads, downloads from peers, overall peer efficiency). Use the **-ListConnections** option to for in-depth look at peer-to-peer connections.
 - **Enable-DeliveryOptimizationVerboseLogs** is a new cmdlet that enables a greater level of logging detail to assist in troubleshooting.
 
-Additional improvements in [Delivery Optimization](./update/waas-delivery-optimization.md) include:
+Additional improvements in [Delivery Optimization](./do/waas-delivery-optimization.md) include:
 - Enterprise network [throttling is enhanced](/windows-insider/archive/new-for-business#new-download-throttling-options-for-delivery-optimization-build-18917) to optimize foreground vs. background throttling.
 - Automatic cloud-based congestion detection is available for PCs with cloud service support.
 - Improved peer efficiency for enterprises and educational institutions with complex networks is enabled with [new policies](/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Microsoft 365 Apps for enterprise updates and Intune content, with Microsoft Endpoint Manager content coming soon!

windows/deployment/do/TOC.yml

@@ -0,0 +1,42 @@
+- name: Delivery Optimization for Windows client
+  href: index.yml
+  items: 
+    - name: Get started
+      items: 
+        - name: What is Delivery Optimization
+          href: waas-delivery-optimization.md
+        - name: What's new
+          href: whats-new-do.md
+
+
+     
+    - name: Configure Delivery Optimization
+      items:
+        - name: Configure Windows Clients
+          items:
+            - name: Windows Delivery Optimization settings
+              href: waas-delivery-optimization-setup.md#recommended-delivery-optimization-settings
+        - name: Configure Microsoft Endpoint Manager
+          items:
+            - name: Delivery Optimization settings in Microsoft Intune
+              href: /mem/intune/configuration/delivery-optimization-windows
+     
+    - name: Microsoft Connected Cache
+      items:
+        - name: MCC overview
+          href: waas-microsoft-connected-cache.md
+        - name: MCC for Enterprise and Education
+          href: mcc-enterprise.md
+        - name: MCC for ISPs
+          href: mcc-isp.md
+
+    - name: Resources
+      items:
+        - name: Set up Delivery Optimization for Windows
+          href: waas-delivery-optimization-setup.md
+        - name: Delivery Optimization reference
+          href: waas-delivery-optimization-reference.md
+        - name: Delivery Optimization client-service communication
+          href: delivery-optimization-workflow.md       
+        - name: Using a proxy with Delivery Optimization
+          href: delivery-optimization-proxy.md

windows/deployment/do/delivery-optimization-proxy.md

@@ -6,9 +6,9 @@ keywords: updates, downloads, network, bandwidth
 ms.prod: w10
 ms.mktglfcycl: deploy
 audience: itpro
-author: jaimeo
+author: carmenf
 ms.localizationpriority: medium
-ms.author: jaimeo
+ms.author: carmenf
 ms.collection: M365-modern-desktop
 ms.topic: article
 ---

windows/deployment/do/delivery-optimization-workflow.md

@@ -29,12 +29,12 @@ This workflow allows Delivery Optimization to securely and efficiently deliver r
 2. The authenticity of the content metadata file itself is verified prior to any content being downloaded using a hash that is obtained via an SSL channel from the Delivery Optimization service. The same channel is used to ensure the content is curated and authorized to leverage peer-to-peer.
 3. When Delivery Optimization pulls a certain piece of the hash from another peer, it verifies the hash against the known hash in the content metadata file.
 4. If a peer provides an invalid piece, that piece is discarded. When a peer sends multiple bad pieces, it's banned and will no longer be used as a source by the Delivery Optimization client performing the download.
-5. If Delivery Optimization is unable to obtain the content metadata file, or if the verification of the hash file itself fails, the download will fall back to “simple mode” (pulling content only from an HTTP source) and peer-to-peer won't be allowed.
+5. If Delivery Optimization is unable to obtain the content metadata file, or if the verification of the hash file itself fails, the download will fall back to "simple mode” (pulling content only from an HTTP source) and peer-to-peer won't be allowed.
 6. Once downloading is complete, Delivery Optimization uses all retrieved pieces of the content to put the file together. At that point, the Delivery Optimization caller (for example, Windows Update) checks the entire file to verify the signature prior to installing it.
 
 ## Delivery Optimization service endpoint and data information
 
-|Endpoint hostname|Port|Name|Description|Data sent from the computer to the endpoint
+|Endpoint hostname | Port|Name|Description|Data sent from the computer to the endpoint
 |--------------------------------------------|--------|---------------|-----------------------|------------------------|
 | geover-prod.do.dsp.mp.microsoft.com <br> geo-prod.do.dsp.mp.microsoft.com <br> geo.prod.do.dsp.mp.microsoft.com <br> geover.prod.do.dsp.mp.microsoft.com | 443 | Geo | Service used to identify the location of the device in order to direct it to the nearest data center. | **Profile**: The device type (for example, PC or Xbox) <br> **doClientVersion**: The version of the DoSvc client <br> **groupID**: Group the device belongs to (set with DownloadMode = '2' (Group download mode) + groupID group policy / MDM policies) |
 | kv\*.prod.do.dsp.mp.microsoft.com | 443| KeyValue | Bootstrap service provides endpoints for all other services as well as device configs. | **countryCode**: The country the client is connected from <br> **doClientVersion**: The version of the DoSvc client <br> **Profile**: The device type (for example, PC or Xbox) <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |