Merge branch 'main' of github.com:MicrosoftDocs/windows-docs-pr into pm-7933126-credential-guard-20230808

education/windows/edu-deployment-recommendations.md

@@ -1,7 +1,7 @@
 ---
 title: Deployment recommendations for school IT administrators
 description: Provides guidance on ways to customize the OS privacy settings, and some of the apps, for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.
-ms.topic: conceptual
+ms.topic: best-practice
 ms.date: 08/10/2022
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>

education/windows/set-up-school-pcs-azure-ad-join.md

@@ -1,7 +1,7 @@
 ---
 title: Azure AD Join with Set up School PCs app
 description: Learn how Azure AD Join is configured in the Set up School PCs app.
-ms.topic: conceptual
+ms.topic: reference
 ms.date: 08/10/2022
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>

education/windows/set-up-windows-10.md

@@ -1,7 +1,7 @@
 ---
 title: Set up Windows devices for education
 description: Decide which option for setting up Windows 10 is right for you.
-ms.topic: conceptual
+ms.topic: overview
 ms.date: 08/10/2022
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>

education/windows/take-tests-in-windows.md

@@ -2,7 +2,7 @@
 title: Take tests and assessments in Windows
 description: Learn about the built-in Take a Test app for Windows and how to use it.
 ms.date: 03/31/2023
-ms.topic: conceptual
+ms.topic: how-to
 ---
 
 # Take tests and assessments in Windows

education/windows/tutorial-school-deployment/index.md

@@ -2,7 +2,7 @@
 title: Introduction to the tutorial deploy and manage Windows devices in a school
 description: Introduction to deployment and management of Windows devices in education environments.
 ms.date: 08/31/2022
-ms.topic: conceptual
+ms.topic: tutorial
 ---
 
 # Tutorial: deploy and manage Windows devices in a school

education/windows/windows-11-se-settings-list.md

@@ -1,8 +1,8 @@
 ---
 title: Windows 11 SE settings list
 description: Windows 11 SE automatically configures settings in the operating system. Learn more about the settings you can control and manage, and the settings you can't change.
-ms.topic: article
+ms.topic: reference
-ms.date: 03/09/2023
+ms.date: 08/18/2023
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
 ms.collection:

education/windows/windows-editions-for-education-customers.md

@@ -1,7 +1,7 @@
 ---
 title: Windows 10 editions for education customers
 description: Learn about the two Windows 10 editions that are designed for the needs of education institutions.
-ms.topic: conceptual
+ms.topic: overview
 ms.date: 07/25/2023
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>

windows/application-management/add-apps-and-features.md

@@ -1,74 +1,98 @@
 ---
-title: Add or hide optional apps and features on Windows devices | Microsoft Docs
+title: Add or hide Windows features
-description: Learn how to add Windows 10 and Windows 11 optional features using the Apps & features page in the Settings app. Also see the group policy objects (GPO) and MDM policies that show or hide Apps and Windows Features in the Settings app. Use Windows PowerShell to show or hide specific features in Windows Features.
+description: Learn how to add Windows optional features using the Apps & features page in the Settings app. Also see the group policy objects (GPO) and MDM policies that show or hide Apps and Windows Features in the Settings app. Use Windows PowerShell to show or hide specific features in Windows Features.
 author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
-ms.date: 08/30/2021
+ms.date: 08/18/2023
-ms.topic: article
+ms.topic: how-to
 ms.prod: windows-client
 ms.technology: itpro-apps
 ms.localizationpriority: medium
 ms.collection: tier2
-ms.reviewer:
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
-# Add or hide features on the Windows client OS
+# Add or hide Windows features
 
-**Applies to**:
+Windows includes optional features that aren't installed by default, but you can add later. These features are called [Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities), and can be installed at any time. Some of these features are language resources like language packs or handwriting support. On organization-owned devices, you can control access to these other features. You can use group policy or mobile device management (MDM) policies to hide the UI from users, or use Windows PowerShell to enable or disable specific features.
 
-- Windows 10
+## Use the Windows Settings app to add or uninstall features
-- Windows 11
 
-The Windows client operating systems include more features that you and your users can install. These features are called [Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) (opens another Microsoft web site), and can be installed at any time. On your organization-owned devices, you may want to control access to these other features.
+### Windows 11
 
-This article:
+1. Open the Start menu and search for **Settings**.
 
-- Shows you how to add features using the user interface.
+1. In the Settings app, search for "optional" and select **Optional features**.
-- Lists the group policies and Mobile device management (MDM) policies to hide Windows Features.
-- Includes information on using Windows PowerShell to disable specific Windows Features.
 
-If you're working on your own device, use the **Settings** app to add features.
+   > [!TIP]
+   > You can also use the following shortcut to open it directly: [`ms-settings:optionalfeatures`](ms-settings:optionalfeatures).
 
-## Add or uninstall features
+1. To add a feature:
 
-1. In the Search bar, search for "apps", and select **Apps and features**.
+    1. Select **View features** next to "Add an optional feature."
-2. Select **Optional features** > **Add a feature**.
+
-3. Select the feature you want to add, like **XPS Viewer**, and then select **Install.**
+    1. Find the feature you want to add, like **XPS Viewer**. Select the box to add it. You can select multiple features.
+
+    1. Select **Next**. Review the list of features you selected, and then select **Install** to add the selected features.
+
+1. To uninstall a feature:
+
+    1. Search for it in the list of **Installed features**.
+
+    1. Expand the section, and select **Uninstall**.
+
+### Windows 10
+
+1. In the Search bar, search for "apps" and select **Apps and features**.
+
+1. Select **Optional features** > **Add a feature**.
+
+1. Select the feature you want to add, like **XPS Viewer**, and then select **Install.**
 
 When the installation completes, the feature is listed in **Apps & features**. In **Apps & features** > **Optional features** > **More Windows features**, there are more features that you and your users can install.
 
 To uninstall a feature, open the **Settings** app. Select the feature, and then select **Uninstall**.
 
-## Use Group Policy or MDM to hide Windows Features
+## Use group policy or MDM policies to hide Windows features
 
-By default, the OS might show Windows Features, and allow users to install and uninstall these optional apps and features.
+By default, the OS might show Windows features and allow users to install and uninstall these optional apps and features. To hide Windows features on your user devices, you can use group policy or an MDM provider like Microsoft Intune.
 
-To hide Windows Features on your user devices, you can use Group Policy (on-premises), or use an MDM provider, such as Microsoft Intune (cloud).
+### Group policy
 
-### Group Policy
+If you use group policy, use the `User Configuration\Administrative Template\Control Panel\Programs\Hide "Windows Features"` policy. By default, this policy may be set to **Not configured**, which means users can add or remove features. When this setting is **Enabled**, the settings page to add optional features is hidden on the device.
 
-If you use Group Policy, use the `User Configuration\Administrative Template\Control Panel\Programs\Hide "Windows Features"` policy. By default, this policy may be set to **Not configured**, which means users can add or remove features. When this setting is **Enabled**, the Windows Features is hidden on the device.
+You can't use group policy to disable specific Windows features, such as XPS Viewer. If you want to disable specific features, use [Windows PowerShell](#use-windows-powershell-to-disable-specific-features).
-
-You can't use Group Policy to disable specific Windows Features, such as XPS Viewer. If you want to disable specific features, use [Windows PowerShell](#use-windows-powershell-to-disable-specific-features) (in this article).
 
 If you want to hide the entire **Apps** feature in the Settings app, use the `User Configuration\Administrative Template\Control Panel\Programs\Hide "Programs and Features" page` policy.
 
 ### MDM
 
-Using Microsoft Intune, you can use [Administrative Templates](/mem/intune/configuration/administrative-templates-windows) (opens another Microsoft web site) or the [Settings Catalog](/mem/intune/configuration/settings-catalog) (opens another Microsoft web site) to hide Windows Features.
+Using Microsoft Intune, you can use [administrative templates](/mem/intune/configuration/administrative-templates-windows) or the [settings catalog](/mem/intune/configuration/settings-catalog) to hide Windows features.
 
-If you want to hide the entire **Apps** feature in the Settings app, you can use a configuration policy on Intune enrolled devices. For more information on the Control Panel settings you can configure, see [Control Panel settings in Microsoft Intune](/mem/intune/configuration/device-restrictions-windows-10#control-panel-and-settings).
+If you want to hide the entire **Apps** feature in the Settings app, you can use a configuration policy on Intune enrolled devices. For more information on the settings you can configure, see [Control Panel and Settings device restrictions in Microsoft Intune](/mem/intune/configuration/device-restrictions-windows-10#control-panel-and-settings).
 
 ## Use Windows PowerShell to disable specific features
 
-To disable specific features, you can use the Windows PowerShell [Disable-WindowsOptionalFeature](/powershell/module/dism/disable-windowsoptionalfeature) command. There isn't a Group Policy that disables specific Windows Features.
+To disable specific features, use the Windows PowerShell [Disable-WindowsOptionalFeature](/powershell/module/dism/disable-windowsoptionalfeature) cmdlet.
 
-If you're looking to automate disabling specific features, you can create a scheduled task. Then, use the scheduled task to run your Windows PowerShell script. For more information about Task Scheduler, see [Task Scheduler for developers](/windows/win32/taskschd/task-scheduler-start-page).
+> [!NOTE]
+> There isn't a group policy that disables specific Windows features.
 
-Microsoft Intune can also execute Windows PowerShell scripts. For more information, see [Use PowerShell scripts on Windows client devices in Intune](/mem/intune/apps/intune-management-extension).
+To automate disabling specific features, create a scheduled task to run a PowerShell script. For more information about Windows task scheduler, see [Task Scheduler for developers](/windows/win32/taskschd/task-scheduler-start-page).
 
-## Restore Windows features
+Microsoft Intune can also run PowerShell scripts. For more information, see [Use PowerShell scripts on Windows client devices in Intune](/mem/intune/apps/intune-management-extension).
 
-- If you use Group Policy or MDM to hide Windows Features or the entire Apps feature, you can set the policy to **Not configured**. Then, deploy your policy. When the device receives the policy, the features are configurable.
+To enable specific features, use the [Enable-WindowsOptionalFeature](/powershell/module/dism/enable-windowsoptionalfeature) cmdlet.
-- Using Windows PowerShell, you can also enable specific features using the [Enable-WindowsOptionalFeature](/powershell/module/dism/enable-windowsoptionalfeature) command.
+
+Another useful PowerShell cmdlet is [Get-WindowsOptionalFeature](/powershell/module/dism/get-windowsoptionalfeature). Use this cmdlet to view information about optional features in the current OS or a mounted image. This cmdlet returns the current state of features, and whether a restart may be required when the state changes.
+
+## Related articles
+
+- [Features on Demand overview](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities)
+
+- [Available Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod)
+
+- [Language and region Features on Demand (FOD)](/windows-hardware/manufacture/desktop/features-on-demand-language-fod)

windows/application-management/apps-in-windows-10.md

@@ -1,25 +1,22 @@
 ---
-title: Learn about the different app types in Windows 10/11 | Microsoft Docs
+title: Overview of apps on Windows client devices
 description: Learn more and understand the different types of apps that run on Windows 10 and Windows 11. For example, learn more about UWP, WPF, Win32, and Windows Forms apps, including the best way to install these apps.
 author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
 ms.date: 02/09/2023
-ms.topic: article
+ms.topic: overview
 ms.prod: windows-client
 ms.technology: itpro-apps
 ms.localizationpriority: medium
 ms.collection: tier2
-ms.reviewer:
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
 # Overview of apps on Windows client devices
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
-
 ## Before you begin
 
 As organizations become more global, and to support employees working from anywhere, it's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. You can use the Microsoft Intune family of products. This family includes Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.

windows/application-management/index.yml

@@ -1,39 +1,46 @@
 ### YamlMime:Landing
 
 title: Windows application management
-summary: Learn about managing applications in Windows client, including how to remove background task resource restrictions.
+summary: Learn about managing applications in Windows client, including common app types.
 
 metadata:
   title: Windows application management
-  description: Learn about managing applications in Windows 10 and Windows 11.
+  description: Learn about managing applications in Windows client.
   author: aczechowski
   ms.author: aaroncz
   manager: aaroncz
-  ms.date: 08/24/2021
+  ms.date: 08/18/2023
   ms.topic: landing-page
   ms.prod: windows-client
   ms.collection:
     - tier1
     - highpri
 
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | tutorial | overview | quickstart | reference | sample | tutorial | video | whats-new
+
 landingContent:
-# Cards and links should be based on top customer tasks or top subjects
+  - title: Manage applications
-# Start card title with a verb
-  # Card (optional)
-  - title: Manage Windows applications
     linkLists:
-      - linkListType: overview
+      - linkListType: how-to-guide
         links:
-          - text: Understand apps in Windows client OS
+          - text: Overview of apps in Windows
             url: apps-in-windows-10.md
-          - text: How to add features
+          - text: Add or hide Windows features
             url: add-apps-and-features.md
           - text: Sideload LOB apps
             url: sideload-apps-in-windows-10.md
           - text: Keep removed apps from returning during an update
             url: remove-provisioned-apps-during-update.md
 
-  # Card (optional)
+  - title: Manage services
+    linkLists:
+      - linkListType: reference
+        links:
+          - text: Per-user services in Windows
+            url: per-user-services-in-windows.md
+          - text: Changes to Service Host grouping in Windows 10
+            url: svchost-service-refactoring.md
+
   - title: Application Virtualization (App-V) 
     linkLists:
       - linkListType: overview
@@ -52,15 +59,3 @@ landingContent:
             url: app-v/appv-troubleshooting.md
           - text: Technical Reference for App-V
             url: app-v/appv-technical-reference.md
-
-  # Card (optional)
-  - title: Windows System Services
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: Changes to Service Host grouping in Windows 10
-            url: svchost-service-refactoring.md
-          - text: Per-user services in Windows
-            url: per-user-services-in-windows.md
-          - text: Per-user services in Windows
-            url: per-user-services-in-windows.md

windows/application-management/per-user-services-in-windows.md

@@ -1,24 +1,21 @@
 ---
-title: Per-user services in Windows 10 and Windows Server
+title: Per-user services
 description: Learn about per-user services, how to change the template service Startup Type, and manage per-user services through Group Policy and security templates.
 author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
 ms.date: 09/14/2017
-ms.topic: article
+ms.topic: how-to
 ms.prod: windows-client
 ms.technology: itpro-apps
 ms.localizationpriority: medium
 ms.collection: tier2
-ms.reviewer:
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server</a>
 ---
 
-# Per-user services in Windows 10 and Windows Server 
+# Per-user services in Windows
-
-**Applies to**:
-
-- Windows 10
-- Windows Server
 
 Per-user services are services that are created when a user signs into Windows or Windows Server and are stopped and deleted when that user signs out. These services run in the security context of the user account - this provides better resource management than the previous approach of running these kinds of services in Explorer, associated with a preconfigured account, or as tasks. 
 
@@ -82,7 +79,7 @@ You can manage the CDPUserSvc and OneSyncSvc per-user services with a [security
 
 For example:
 
-```
+```ini
 [Unicode]
 Unicode=yes
 [Version]
@@ -128,7 +125,7 @@ If you can't use Group Policy Preferences to manage the per-user services, you c
 To disable the Template Services, change the Startup Type for each service to 4 (disabled). 
 For example:
 
-```code
+```cmd
 REG.EXE ADD HKLM\System\CurrentControlSet\Services\CDPUserSvc /v Start /t REG_DWORD /d 4 /f
 REG.EXE ADD HKLM\System\CurrentControlSet\Services\OneSyncSvc /v Start /t REG_DWORD /d 4 /f
 REG.EXE ADD HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc /v Start /t REG_DWORD /d 4 /f
@@ -163,9 +160,10 @@ You can create a script to change the Startup Type for the per-user services. Th
 
 Sample script using [sc.exe](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc990290(v=ws.11)?f=255&MSPPError=-2147217396):
 
-```
+```cmd
 sc.exe configure <service name> start= disabled
 ```
+
 The space after "=" is intentional.
 
 Sample script using the [Set-Service PowerShell cmdlet](/previous-versions/windows/it-pro/windows-powershell-1.0/ee176963(v=technet.10)):

windows/application-management/remove-provisioned-apps-during-update.md

@@ -1,22 +1,21 @@
 ---
-title: How to keep apps removed from Windows 10 from returning during an update
+title: Keep removed apps from returning during an update
-description: How to keep provisioned apps that were removed from your machine from returning during an update.
+description: When you remove provisioned apps from devices, this article explains how to keep those apps from returning during an update.
 author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
 ms.date: 05/25/2018
-ms.topic: article
+ms.topic: how-to
 ms.prod: windows-client
 ms.technology: itpro-apps
 ms.localizationpriority: medium
 ms.collection: tier1
-ms.reviewer:
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
-# How to keep apps removed from Windows 10 from returning during an update
 
-**Applies to**:
+# Keep removed apps from returning during an update
 
-- Windows 10
 
 When you update a computer running Windows 10, version 1703 or 1709, you might see provisioned apps that you previously removed post-update. This can happen if the computer was offline when you removed the apps. Windows 10, version 1803 has fixed this issue.
 
@@ -97,7 +96,7 @@ You're now ready to update your computer. After the update, check the list of ap
 
 ## Registry keys for provisioned apps
 
-```syntax
+```console
 Windows Registry Editor Version 5.00
 ;1709 Registry Keys
 

windows/application-management/sideload-apps-in-windows-10.md

@@ -1,24 +1,21 @@
 ---
-title: Sideload LOB apps in Windows client OS | Microsoft Docs
+title: Sideload line of business apps
-description: Learn how to sideload line-of-business (LOB) apps in Windows client operating systems, including Windows 10/11. When you sideload an app, you deploy a signed app package to a device.
+description: Learn how to sideload line-of-business (LOB) apps in Windows client operating systems. When you sideload an app, you deploy a signed app package to a device.
 author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
 ms.date: 12/07/2017
-ms.topic: article
+ms.topic: how-to
 ms.prod: windows-client
 ms.technology: itpro-apps
 ms.localizationpriority: medium
 ms.collection: tier2
-ms.reviewer:
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
-# Sideload line of business (LOB) apps in Windows client devices
+# Sideload line of business (LOB) apps
-
-**Applies to**:
-
-- Windows 10
-- Windows 11
 
 > [!NOTE]
 > Starting with Windows 10 2004, sideloading is enabled by default. You can deploy a signed package onto a device without a special configuration.
@@ -27,7 +24,7 @@ Sideloading apps is when you install apps that aren't from an official source, s
 
 When you sideload an app, you deploy a signed app package to a device. You maintain the signing, hosting, and deployment of these apps. Sideloading was also available with Windows 8 and Windows 8.1
 
-Starting with Windows 10, sideloading is different than earlier versions of Windows:
+Starting with Windows 10, sideloading is different than earlier versions of Windows:
 
 - You can unlock a device for sideloading using an enterprise policy, or through the **Settings** app.
 - License keys aren't required.

windows/application-management/svchost-service-refactoring.md

@@ -1,23 +1,20 @@
 ---
-title: Service Host service refactoring in Windows 10 version 1703
+title: Service host grouping in Windows 10
-description: Learn about the SvcHost Service Refactoring introduced in Windows 10 version 1703.
+description: Learn about the Service Host (SvcHost) service refactoring introduced in Windows 10 version 1703.
 author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
 ms.date: 07/20/2017
-ms.topic: article
+ms.topic: concept-article
 ms.prod: windows-client
 ms.technology: itpro-apps
 ms.localizationpriority: medium
-ms.colletion: tier1
+ms.colletion: tier2
-ms.reviewer:
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
-# Changes to Service Host grouping in Windows 10
+# Service host grouping in Windows 10
-
-**Applies to**:
-
-- Windows 10
 
 The **Service Host (svchost.exe)** is a shared-service process that serves as a shell for loading services from DLL files. Services are organized into related host groups, and each group runs inside a different instance of the Service Host process. In this way, a problem in one instance doesn't affect other instances. Service Host groups are determined by combining the services with matching security requirements. For example:
 

windows/application-management/toc.yml

@@ -3,18 +3,22 @@ items:
   href: index.yml
 - name: Application management
   items:
-    - name: Common app types
+    - name: Overview of apps in Windows
       href: apps-in-windows-10.md
-    - name: Add features in Windows client
+    - name: Add or hide Windows features
       href: add-apps-and-features.md
-    - name: Sideload apps
+    - name: Sideload line of business (LOB) apps
       href: sideload-apps-in-windows-10.md
     - name: Private app repo on Windows 11
       href: private-app-repository-mdm-company-portal-windows-11.md
     - name: Remove background task resource restrictions
       href: enterprise-background-activity-controls.md
-    - name: Enable or block Windows Mixed Reality apps in the enterprise
+    - name: Service host grouping in Windows 10
-      href: /windows/mixed-reality/enthusiast-guide/manage-windows-mixed-reality
+      href: svchost-service-refactoring.md
+    - name: Per-user services in Windows
+      href: per-user-services-in-windows.md
+    - name: Keep removed apps from returning during an update
+      href: remove-provisioned-apps-during-update.md
 - name: Application Virtualization (App-V)
   items: 
     - name: App-V for Windows overview
@@ -251,14 +255,3 @@ items:
               href: app-v/appv-viewing-appv-server-publishing-metadata.md
             - name: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
               href: app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
-
-- name: Reference
-  items: 
-    - name: Service Host process refactoring
-      href: svchost-service-refactoring.md
-    - name: Per-user services in Windows
-      href: per-user-services-in-windows.md
-    - name: Disabling System Services in Windows Server
-      href: /windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server
-    - name: How to keep apps removed from Windows from returning during an update
-      href: remove-provisioned-apps-during-update.md

windows/configuration/customize-taskbar-windows-11.md

@@ -11,7 +11,7 @@ ms.collection:
  - highpri
  - tier1
 ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 08/17/2023
 ms.topic: article
 ---
 

windows/configuration/shared-devices-concepts.md

@@ -1,14 +1,12 @@
 ---
 title: Manage multi-user and guest Windows devices
 description: options to optimize Windows devices used in shared scenarios, such touchdown spaces in an enterprise, temporary customer use in retail or shared devices in a school.
-ms.date: 10/15/2022
+ms.date: 08/18/2023
 ms.prod: windows-client
 ms.technology: itpro-configure
-ms.topic: conceptual
+ms.topic: concept-article
-ms.localizationpriority: medium
 author: paolomatarazzo
 ms.author: paoloma
-ms.reviewer: 
 manager: aaroncz
 ms.collection: tier2
 appliesto: 

windows/deployment/do/TOC.yml

@@ -13,6 +13,8 @@
     items:
     - name: Set up Delivery Optimization for Windows
       href: waas-delivery-optimization-setup.md
+    - name: Monitor Delivery Optimization for Windows
+      href: waas-delivery-optimization-monitor.md
     - name: Configure Delivery Optimization settings using Microsoft Intune
       href: /mem/intune/configuration/delivery-optimization-windows
   - name: Resources for Delivery Optimization
@@ -36,11 +38,13 @@
       - name: Requirements
         href: mcc-enterprise-prerequisites.md
       - name: Deploy Microsoft Connected Cache
-        href: mcc-enterprise-deploy.md
+        href: mcc-enterprise-portal-deploy.md
       - name: Update or uninstall MCC
         href: mcc-enterprise-update-uninstall.md
       - name: Appendix
         href: mcc-enterprise-appendix.md
+      - name: MCC for Enterprise and Education (early preview)
+        href: mcc-enterprise-deploy.md      
     - name: MCC for ISPs
       items:
       - name: MCC for ISPs Overview

windows/deployment/do/delivery-optimization-proxy.md

@@ -10,6 +10,7 @@ ms.topic: article
 ms.technology: itpro-updates
 ms.date: 12/31/2017
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
 # Using a proxy with Delivery Optimization

windows/deployment/do/delivery-optimization-workflow.md

@@ -10,6 +10,7 @@ ms.topic: article
 ms.technology: itpro-updates
 ms.date: 12/31/2017
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
 # Delivery Optimization client-service communication explained

windows/deployment/do/includes/get-azure-subscription.md

@@ -1,6 +1,7 @@
 ---
-author: amymzhou
+ms.author: carmenf
-ms.author: amyzhou
+author: cmknox
+ms.reviewer: mstewart
 manager: aaroncz
 ms.date: 10/18/2022
 ms.prod: windows-client

windows/deployment/do/includes/mcc-prerequisites.md

@@ -1,6 +1,7 @@
 ---
-author: amyzhou
+ms.author: carmenf
-ms.author: amyzhou
+author: cmknox
+ms.reviewer: mstewart
 manager: aaroncz
 ms.prod: windows-client
 ms.technology: itpro-deploy

windows/deployment/do/index.yml

@@ -41,10 +41,10 @@ landingContent:
     linkLists:
       - linkListType: how-to-guide
         links:
-          - text: Delivery Optimization settings
+          - text: Delivery Optimization recommended settings
             url: waas-delivery-optimization-setup.md#recommended-delivery-optimization-settings
-          - text: Windows PowerShell for Delivery Optimization
+          - text: Monitor Delivery Optimization for Windows
-            url: waas-delivery-optimization-setup.md#windows-powershell-cmdlets
+            url: waas-delivery-optimization-monitor.md
           - text: Troubleshoot Delivery Optimization
             url: waas-delivery-optimization-setup.md#troubleshooting
           - text: Delivery Optimization Frequently Asked Questions

windows/deployment/do/mcc-ent-edu-overview.md

@@ -3,12 +3,13 @@ title: MCC for Enterprise and Education Overview
 manager: aaroncz
 description: Overview of Microsoft Connected Cache (MCC) for Enterprise and Education.
 ms.prod: windows-client
-author: amymzhou
+ms.author: carmenf
-ms.author: amyzhou
+author: cmknox
 ms.topic: article
 ms.date: 05/09/2023
 ms.technology: itpro-updates
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
 # Microsoft Connected Cache for Enterprise and Education Overview
@@ -37,9 +38,9 @@ Connected Cache (early preview) supports the following scenarios:
 
 When clients download cloud-managed content, they use Delivery Optimization from the cache server installed on a Windows server or VM. Cloud-managed content includes the following types:
 
-- Windows Update for Business: Windows feature and quality updates
+- Windows updates: Windows feature and quality updates
 - Office Click-to-Run apps: Microsoft 365 Apps and updates
-- Client apps: Microsoft Store apps and updates
+- Client apps: Intune, store apps, and updates
 - Endpoint protection: Windows Defender definition updates
 
 For the full list of content endpoints that Microsoft Connected Cache for Enterprise and Education supports, see [Microsoft Connected Cache content and services endpoints](delivery-optimization-endpoints.md).

windows/deployment/do/mcc-enterprise-appendix.md

@@ -3,8 +3,9 @@ title: Appendix
 manager: aaroncz
 description: Appendix on Microsoft Connected Cache (MCC) for Enterprise and Education.
 ms.prod: windows-client
-author: amymzhou
+ms.author: carmenf
-ms.author: amyzhou
+author: cmknox
+ms.reviewer: mstewart
 ms.topic: article
 ms.date: 12/31/2017
 ms.technology: itpro-updates

windows/deployment/do/mcc-enterprise-deploy.md

@@ -1,17 +1,18 @@
 ---
-title: Deploying your cache node
+title: MCC for Enterprise and Education (early preview)
 manager: aaroncz
-description: How to deploy Microsoft Connected Cache (MCC) for Enterprise and Education cache node
+description: How to deploy a Microsoft Connected Cache (MCC) for Enterprise and Education cache node
 ms.prod: windows-client
-author: amymzhou
+ms.author: carmenf
-ms.author: amyzhou
+author: cmknox
+ms.reviewer: mstewart
 ms.topic: article
 ms.date: 12/31/2017
 ms.technology: itpro-updates
 ms.collection: tier3
 ---
 
-# Deploying your cache node
+# Deploying your enterprise cache node
 
 **Applies to**
 
@@ -129,7 +130,7 @@ Installing MCC on your Windows device is a simple process. A PowerShell script p
 - Downloads, installs, and deploys EFLOW
 - Enables Microsoft Update so EFLOW can stay up to date
 - Creates a virtual machine
-- Enables the firewall and opens ports 80 and 22 for inbound and outbound traffic. Port 80 is used by MCC, and port 22 is used for SSH communications.
+- Enables the firewall and opens ports 80 for inbound and outbound traffic. Port 80 is used by MCC.
 - Configures Connected Cache tuning settings.
 - Creates the necessary *FREE* Azure resource - IoT Hub/IoT Edge.
 - Deploys the MCC container to server.

windows/deployment/do/mcc-enterprise-portal-deploy.md

@@ -0,0 +1,145 @@
+---
+title: Deploying your cache node
+manager: aaroncz
+description: How to deploy Microsoft Connected Cache (MCC) for Enterprise and Education cache node
+ms.prod: windows-client
+ms.author: carmenf
+author: cmknox
+ms.reviewer: mstewart
+ms.topic: article
+ms.date: 12/31/2017
+ms.technology: itpro-updates
+ms.collection: tier3
+---
+
+# Deploying your cache node
+
+**Applies to**
+
+- Windows 10
+- Windows 11
+
+## Create the Microsoft Connected Cache resource
+
+1. Navigate to Azure portal by using the [following link](https://aka.ms/mcc-enterprise-preview): 
+    > [!IMPORTANT]
+    > You must access Azure portal using this link (https://aka.ms/mcc-enterprise-preview) in order to find the correct Microsoft Connected Cache resource.
+
+    ![Screenshot of Azure portal "Create a resource" page, where you search for the Microsoft Connected Cache resource](images/ent-mcc-portal-create.png)
+
+1. In the search bar by **Get Started**, search for `Microsoft Connected Cache for Enterprise`.
+    ![Screenshot of Azure portal after searching for the Microsoft Connected Cache resource](images/ent-mcc-portal-resource.png)
+1. Select **Create** to create your Microsoft Connected Cache resource. When prompted, choose the subscription, resource group, and location of your cache node. Also, enter a name for your cache node.
+1. The creation of the cache node may take a few minutes. After a successful creation, you'll see a “Deployment complete” page as below. Select **Go to resource**.
+![Screenshot of Azure portal after the deployment is complete](images/ent-mcc-deployment-complete.png)
+
+## Create, provision, and deploy the cache node in Azure portal
+
+To create, provision, and deploy the cache node in Azure portal, follow these steps:
+1.	Open Azure portal and navigate to the Microsoft Connected Cache for Enterprise (preview) resource.
+1.	Navigate to **Settings** > **Cache nodes** and select **Create Cache Node**.
+1.	Provide a name for your cache node and select **Create** to create your cache node. 
+1.	You may need to refresh to see the cache node. Select the cache node to configure it. 
+1.	Fill out the Basics and Storage fields. Enter the cache drive size in GB - this has a minimum size of 50 GB.
+
+    ![Screenshot of Azure portal on the Provisioning page, where the user can configure their cache node.](images/ent-mcc-provisioning.png)
+Once complete, select **Save** at the top of the page and select **Provision server**.
+1.	To deploy your cache node, download the installer by selecting **Download provisioning package**.
+1.	Run the provided provisioning script - note that this is unique to each cache node. 
+
+## Verify proper functioning MCC server
+
+#### Verify client side
+
+Connect to the EFLOW VM and check if MCC is properly running:
+
+1. Open PowerShell as an Administrator.
+2. Enter the following commands:
+
+   ```powershell
+   Connect-EflowVm
+   sudo -s
+   iotedge list
+   ```
+
+   :::image type="content" source="./images/ent-mcc-connect-eflowvm.png" alt-text="Screenshot of running connect-EflowVm, sudo -s, and iotedge list from PowerShell." lightbox="./images/ent-mcc-connect-eflowvm.png":::
+
+You should see MCC, edgeAgent, and edgeHub running. If you see edgeAgent or edgeHub but not MCC, try this command in a few minutes. The MCC container can take a few minutes to deploy.
+
+#### Verify server side
+
+For a validation of properly functioning MCC, execute the following command in the EFLOW VM or any device in the network. Replace <CacheServerIP\> with the IP address of the cache server.
+
+```powershell
+wget [http://<CacheServerIP>/mscomtest/wuidt.gif?cacheHostOrigin=au.download.windowsupdate.com]
+```
+
+A successful test result will display a status code of 200 along with additional information.
+
+:::image type="content" source="./images/ent-mcc-verify-server-ssh.png" alt-text="Screenshot of a successful wget with an SSH client." lightbox="./images/ent-mcc-verify-server-ssh.png":::
+
+ :::image type="content" source="./images/ent-mcc-verify-server-powershell.png" alt-text="Screenshot of a successful wget using PowerShell." lightbox="./images/ent-mcc-verify-server-powershell.png":::
+
+Similarly, enter the following URL from a browser in the network:
+
+`http://<YourCacheServerIP>/mscomtest/wuidt.gif?cacheHostOrigin=au.download.windowsupdate.com`
+
+If the test fails, see the [common issues](#common-issues) section for more information.
+
+### Monitoring your metrics
+
+To view the metrics associated with your cache nodes, navigate to the **Overview** > **Monitoring** tab within the Azure portal.
+
+:::image type="content" source="./images/mcc-isp-metrics.png" alt-text="Screenshot of the Azure portal displaying the metrics view in the Overview tab.":::
+
+You can choose to monitor the health and performance of all cache nodes or one at a time by using the dropdown menu. The **Egress bits per second** graph shows your inbound and outbound traffic of your cache nodes over time. You can change the time range (1 hour, 12 hours, 1 day, 7 days, 14 days, and 30 days) by selecting the time range of choice on the top bar.
+
+If you're unable to view metrics for your cache node, it may be that your cache node is unhealthy, inactive, or hasn't been fully configured.
+
+
+### Intune (or other management software) configuration for MCC
+
+For an [Intune](/mem/intune/) deployment, create a **Configuration Profile** and include the Cache Host eFlow IP Address or FQDN:
+
+:::image type="content" source="./images/ent-mcc-intune-do.png" alt-text="Screenshot of Intune showing the Delivery Optimization cache server host names.":::
+
+## Common Issues
+
+#### PowerShell issues
+
+If you're seeing errors similar to this error: `The term Get-<Something> isn't recognized as the name of a cmdlet, function, script file, or operable program.`
+
+1. Ensure you're running Windows PowerShell version 5.x.
+
+1. Run \$PSVersionTable and ensure you're running version 5.x and *not version 6 or 7*.
+
+1. Ensure you have Hyper-V enabled:
+
+    **Windows 10:** [Enable Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v)
+
+    **Windows Server:** [Install the Hyper-V role on Windows Server](/windows-server/virtualization/hyper-v/get-started/install-the-hyper-v-role-on-windows-server)
+
+#### Verify Running MCC Container
+
+Connect to the Connected Cache server and check the list of running IoT Edge modules using the following commands:
+
+```bash
+Connect-EflowVm
+sudo iotedge list
+```
+
+:::image type="content" source="./images/ent-mcc-iotedge-list.png" alt-text="Screenshot of the iotedge list command." lightbox="./images/ent-mcc-iotedge-list.png":::
+
+If edgeAgent and edgeHub containers are listed, but not "MCC", you may view the status of the IoT Edge security manager by using the command:
+
+```bash
+sudo journalctl -u iotedge -f
+```
+
+This command will provide the current status of the starting, stopping of a container, or the container pull and start.  
+
+:::image type="content" source="./images/ent-mcc-journalctl.png" alt-text="Screenshot of the output from journalctl -u iotedge -f." lightbox="./images/ent-mcc-journalctl.png":::
+
+
+> [!NOTE]
+> You should consult the IoT Edge troubleshooting guide ([Common issues and resolutions for Azure IoT Edge](/azure/iot-edge/troubleshoot)) for any issues you may encounter configuring IoT Edge, but we've listed a few issues that we encountered during our internal validation.

windows/deployment/do/mcc-enterprise-prerequisites.md

@@ -3,8 +3,9 @@ title: Requirements for Microsoft Connected Cache (MCC) for Enterprise and Educa
 manager: aaroncz
 description: Overview of requirements for Microsoft Connected Cache (MCC) for Enterprise and Education.
 ms.prod: windows-client
-author: amymzhou
+ms.author: carmenf
-ms.author: amyzhou
+author: cmknox
+ms.reviewer: mstewart
 ms.topic: article
 ms.date: 12/31/2017
 ms.technology: itpro-updates

windows/deployment/do/mcc-enterprise-update-uninstall.md

@@ -3,8 +3,9 @@ title: Update or uninstall Microsoft Connected Cache for Enterprise and Educatio
 manager: aaroncz
 description: Details on updating or uninstalling Microsoft Connected Cache (MCC) for Enterprise and Education.
 ms.prod: windows-client
-author: amymzhou
+ms.author: carmenf
-ms.author: amyzhou
+author: cmknox
+ms.reviewer: mstewart
 ms.topic: article
 ms.date: 12/31/2017
 ms.technology: itpro-updates

windows/deployment/do/mcc-isp-cache-node-configuration.md

@@ -3,8 +3,9 @@ title: Cache node configuration
 manager: aaroncz
 description: Configuring a cache node on Azure portal
 ms.prod: windows-client
-author: amymzhou
+ms.author: carmenf
-ms.author: amyzhou
+author: cmknox
+ms.reviewer: mstewart
 ms.topic: article
 ms.date: 12/31/2017
 ms.technology: itpro-updates

windows/deployment/do/mcc-isp-create-provision-deploy.md

@@ -9,6 +9,7 @@ ms.topic: article
 ms.date: 05/09/2023
 ms.technology: itpro-updates
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
 # Create, configure, provision, and deploy the cache node in Azure portal
@@ -82,7 +83,7 @@ To set up and enable BGP routing for your cache node, follow the steps below:
 1. Under **Routing information**, select the routing method you would like to use. For more information, see [Client routing](#client-routing).
 
     - If you choose **Manual routing**, enter your address range/CIDR blocks.  
-    - If you choose **BGP routing**, enter the ASN and IP addresses of the neighborship.  
+    - If you choose **BGP routing**, enter the ASN and IP addresses of the neighborship. Use your ASN, the one used to sign up for MCC. MCC will be automatically assigned as the same ASN as the neighbor.
     > [!NOTE]
     > **Prefix count** and **IP Space** will stop displaying `0` when BGP is successfully established.
 

windows/deployment/do/mcc-isp-faq.yml

@@ -2,8 +2,9 @@
 metadata:
   title: Microsoft Connected Cache Frequently Asked Questions
   description: The following article is a list of frequently asked questions for Microsoft Connected Cache.
-  author: amymzhou
+  ms.author: carmenf
-  ms.author: amyzhou
+  author: cmknox
+  ms.reviewer: mstewart
   manager: aaroncz
   ms.collection:
     - highpri

windows/deployment/do/mcc-isp-overview.md

@@ -3,8 +3,9 @@ title: MCC for ISPs Overview
 manager: aaroncz
 description: Overview for Microsoft Connected Cache for ISPs
 ms.prod: windows-client
-author: amymzhou
+ms.author: carmenf
-ms.author: amyzhou
+author: cmknox
+ms.reviewer: mstewart
 ms.topic: article
 ms.date: 07/27/2023
 ms.technology: itpro-updates
@@ -31,9 +32,9 @@ Microsoft Connected Cache (preview) supports the following scenarios:
 
 Microsoft Connected Cache uses Delivery Optimization as the backbone for Microsoft content delivery. Microsoft Connected Cache caches the following types:
 
-- Windows Update for Business: Windows feature and quality updates
+- Windows updates: Windows feature and quality updates
 - Office Click-to-Run apps: Microsoft 365 Apps and updates
-- Client apps: Microsoft Store apps and updates
+- Client apps: Intune, store apps, and updates
 - Endpoint protection: Windows Defender definition updates
 - Xbox: Xbox Game Pass (PC only)
 

windows/deployment/do/mcc-isp-signup.md

@@ -9,6 +9,7 @@ ms.topic: article
 ms.date: 12/31/2017
 ms.technology: itpro-updates
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
 # Operator sign up and service onboarding for Microsoft Connected Cache

windows/deployment/do/mcc-isp-support.md

@@ -9,6 +9,7 @@ ms.topic: reference
 ms.date: 12/31/2017
 ms.technology: itpro-updates
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
 # Support and troubleshooting

windows/deployment/do/mcc-isp-update.md

@@ -3,8 +3,9 @@ title: Update or uninstall your cache node
 manager: aaroncz
 description: How to update or uninstall your cache node
 ms.prod: windows-client
-author: amymzhou
+ms.author: carmenf
-ms.author: amyzhou
+author: cmknox
+ms.reviewer: mstewart
 ms.topic: article
 ms.date: 12/31/2017
 ms.technology: itpro-updates

windows/deployment/do/mcc-isp-verify-cache-node.md

@@ -3,8 +3,9 @@ title: Verify cache node functionality and monitor health and performance
 manager: aaroncz
 description: How to verify the functionality of a cache node
 ms.prod: windows-client
-author: amymzhou
+ms.author: carmenf
-ms.author: amyzhou
+author: cmknox
+ms.reviewer: mstewart
 ms.topic: article
 ms.date: 12/31/2017
 ms.technology: itpro-updates

windows/deployment/do/mcc-isp-vm-performance.md

@@ -3,8 +3,9 @@ title: Enhancing cache performance
 manager: aaroncz
 description: How to enhance performance on a virtual machine used with Microsoft Connected Cache for ISPs
 ms.prod: windows-client
-author: amymzhou
+ms.author: carmenf
-ms.author: amyzhou
+author: cmknox
+ms.reviewer: mstewart
 ms.topic: reference
 ms.technology: itpro-updates
 ms.date: 12/31/2017

windows/deployment/do/mcc-isp.md

@@ -4,9 +4,9 @@ description: Details on Microsoft Connected Cache (MCC) for Internet Service Pro
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.localizationpriority: medium
-author: amymzhou
+ms.author: carmenf
-ms.author: amyzhou
+author: cmknox
-ms.reviewer: carmenf
+ms.reviewer: mstewart
 manager: aaroncz
 ms.topic: how-to
 ms.date: 05/20/2022

windows/deployment/do/waas-delivery-optimization-monitor.md

@@ -1,22 +1,36 @@
 ---
-author: mestew
-ms.author: mstewart
 manager: aaroncz
+title: Monitor Delivery Optimization
+description: How to monitor Delivery Optimization
+ms.collection:
+  - tier3
 ms.prod: windows-client
-ms.technology: itpro-deploy
+ms.technology: itpro-updates
-ms.topic: include
+ms.topic: reference
-ms.date: 07/31/2023
+ms.date: 08/13/2023
 ms.localizationpriority: medium
+ms.author: carmenf
+author: cmknox
+ms.reviewer: mstewart
 ---
-<!--This file is shared by do/waas-delivery-optimization-setup.md and the update/update-compliance-get-started.md articles -->
 
-## Monitor Delivery Optimization
+# Monitor Delivery Optimization
 
-### Windows PowerShell cmdlets
+To monitor Delivery Optimization, you can use either the Windows Update for Business Delivery Optimization Report or Windows PowerShell cmdlets.
+
+## Monitor with Windows Update for Business Delivery Optimization Report
+
+Windows Update for Business Delivery Optimization Report provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer, Microsoft Connected Cache (MCC), HTTP source/CDN distribution over the past 28 days.
+
+:::image type="content" source="../update/media/wufb-do-overview.png" alt-text="This screenshot shows the Windows Update for Business report, Delivery Optimization status in Update Compliance." lightbox= "../update/media/wufb-do-overview.png":::
+
+For details, see [Windows Update for Business Delivery Optimization Report](/windows/deployment/update/wufb-reports-overview).
+
+## Windows PowerShell cmdlets
 
 **Starting in Windows 10, version 1703**, you can use new PowerShell cmdlets to check the performance of Delivery Optimization.
 
-#### Analyze usage
+### Analyze usage
 
 `Get-DeliveryOptimizationStatus` returns a real-time snapshot of all current Delivery Optimization jobs.
 
@@ -112,7 +126,7 @@ Using the `-Verbose` option returns additional information:
 
 Starting in Windows 10, version 1803, `Get-DeliveryOptimizationPerfSnapThisMonth` returns data similar to data from `Get-DeliveryOptimizationPerfSnap` but limited to the current calendar month.
 
-#### Manage the Delivery Optimization cache
+### Manage the Delivery Optimization cache
 
 **Starting in Windows 10, version 1903:**
 
@@ -132,7 +146,7 @@ You can now "pin" files to keep them persistent in the cache, only with files th
 - `-IncludePinnedFiles` deletes all files that are pinned.
 - `-Force` deletes the cache with no prompts.
 
-#### Work with Delivery Optimization logs
+### Work with Delivery Optimization logs
 
 **Starting in Windows 10, version 2004:**
 
@@ -183,18 +197,19 @@ The provider is listed as "Default Provider" if it's using the Delivery Optimiza
 
 The cmdlet returns the following data:
 
-- BatteryPctToSeed: Corresponds to the [DOMinBatteryPercentageAllowedToUpload](../waas-delivery-optimization-reference.md#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) policy.
+- BatteryPctToSeed: Corresponds to the [DOMinBatteryPercentageAllowedToUpload](waas-delivery-optimization-reference.md#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) policy.
 - WorkingDirectory: The local folder containing the Delivery Optimization cache.
-- MinTotalDiskSize: Corresponds to the [DOMinDiskSizeAllowedToPeer](../waas-delivery-optimization-reference.md#minimum-disk-size-allowed-to-use-peer-caching) policy.
+- MinTotalDiskSize: Corresponds to the [DOMinDiskSizeAllowedToPeer](waas-delivery-optimization-reference.md#minimum-disk-size-allowed-to-use-peer-caching) policy.
-- MinTotalRAM: Corresponds to the [DOMinRAMAllowedToPeer](../waas-delivery-optimization-reference.md#minimum-ram-inclusive-allowed-to-use-peer-caching) policy.
+- MinTotalRAM: Corresponds to the [DOMinRAMAllowedToPeer](waas-delivery-optimization-reference.md#minimum-ram-inclusive-allowed-to-use-peer-caching) policy.
-- VpnPeerCachingAllowed: Corresponds to the [DOAllowVPNPeerCaching](../waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy.
+- VpnPeerCachingAllowed: Corresponds to the [DOAllowVPNPeerCaching](waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy.
 - VpnKeywords: List of keywords used to identify a VPN adapter.
-- SetHoursToLimitDownloadBackground: Corresponds to the [DOSetHoursToLimitBackgroundDownloadBandwidth](../waas-delivery-optimization-reference.md#set-business-hours-to-limit-background-download-bandwidth) policy.
+- SetHoursToLimitDownloadBackground: Corresponds to the [DOSetHoursToLimitBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#set-business-hours-to-limit-background-download-bandwidth) policy.
-- SetHoursToLimitDownloadForeground: Corresponds to the [DOSetHoursToLimitForegroundDownloadBandwidth](../waas-delivery-optimization-reference.md#set-business-hours-to-limit-foreground-download-bandwidth) policy.
+- SetHoursToLimitDownloadForeground: Corresponds to the [DOSetHoursToLimitForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#set-business-hours-to-limit-foreground-download-bandwidth) policy.
-- DownloadMode: Corresponds to the [DODownloadMode](../waas-delivery-optimization-reference.md#download-mode) policy.
+- DownloadMode: Corresponds to the [DODownloadMode](waas-delivery-optimization-reference.md#download-mode) policy.
-- DownBackLimitBps: Corresponds to the [DOMaxBackgroundDownloadBandwidth](../waas-delivery-optimization-reference.md#maximum-background-download-bandwidth-in-kbs) policy.
+- DownBackLimitBps: Corresponds to the [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-background-download-bandwidth-in-kbs) policy.
-- DownloadForegroundLimitBps: Corresponds to the [DOMaxForegroundDownloadBandwidth](../waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) policy.
+- DownloadForegroundLimitBps: Corresponds to the [DOMaxForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) policy.
-- DownBackLimitPct: Corresponds to the [DOPercentageMaxBackgroundBandwidth](../waas-delivery-optimization-reference.md#maximum-background-download-bandwidth) policy.
+- DownBackLimitPct: Corresponds to the [DOPercentageMaxBackgroundBandwidth](waas-delivery-optimization-reference.md#maximum-background-download-bandwidth) policy.
-- DownloadForegroundLimitPct: Corresponds to the [DOPercentageMaxForegroundBandwidth](../waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth) policy.
+- DownloadForegroundLimitPct: Corresponds to the [DOPercentageMaxForegroundBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth) policy.
-- MaxUploadRatePct: Corresponds to the [DOMaxUploadBandwidth](../waas-delivery-optimization-reference.md#max-upload-bandwidth) policy (deprecated in Windows 10, version 2004).
+- MaxUploadRatePct: Corresponds to the [DOMaxUploadBandwidth](waas-delivery-optimization-reference.md#max-upload-bandwidth) policy (deprecated in Windows 10, version 2004).
-- UploadLimitMonthlyGB: Corresponds to the [DOMonthlyUploadDataCap](../waas-delivery-optimization-reference.md#monthly-upload-data-cap) policy.
+- UploadLimitMonthlyGB: Corresponds to the [DOMonthlyUploadDataCap](waas-delivery-optimization-reference.md#monthly-upload-data-cap) policy.
+

windows/deployment/do/waas-delivery-optimization-reference.md

@@ -10,6 +10,7 @@ ms.topic: reference
 ms.technology: itpro-updates
 ms.date: 07/31/2023
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
 # Delivery Optimization reference
@@ -323,7 +324,7 @@ The device can download from peers while on battery regardless of this policy.
 
 MDM Setting: **DOCacheHost**
 
-Set this policy to designate one or more Microsoft Connected Cache servers to be used by Delivery Optimization. You can set one or more FQDNs or IP Addresses that are comma-separated, for example: myhost.somerandomhost.com,myhost2.somerandomhost.com,10.10.1.7. **By default, this policy has no value.**
+Set this policy to designate one or more Microsoft Connected Cache servers to be used by Delivery Optimization. You can set one or more FQDNs or IP Addresses that are comma-separated, for example: myhost.somerandomhost.com,myhost2.somerandomhost.com,10.10.1.7. **By default, this policy has no value.** Delivery Optimization client will connect to the listed Microsoft Connected Cache servers in the order as they are listed. When multiple FQDNs or IP Addresses are listed, the Microsoft Connected Cache server priority order is determined based on the order as they are listed. If the first server fails, it will move the the next one. When the last server fails, it will fallback to the CDN.
 
 >[!IMPORTANT]
 > Any value will signify that the policy is set. For example, an empty string ("") isn't considered empty.

windows/deployment/do/waas-delivery-optimization-setup.md

@@ -110,17 +110,6 @@ Using MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** an
 
 [Learn more](delivery-optimization-test.md) about Delivery Optimization testing scenarios.
 
-<!--Using include file, waas-delivery-optimization-monitor.md, for shared content on DO monitoring-->
-[!INCLUDE [Monitor Delivery Optimization](includes/waas-delivery-optimization-monitor.md)]
-
-### Monitor with Windows Update for Business Delivery Optimization Report
-
-Windows Update for Business Delivery Optimization Report provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer, Microsoft Connected Cache (MCC), HTTP source/CDN distribution over the past 28 days.
-
-:::image type="content" source="/windows/deployment/update/images/wufb-do-overview.png" alt-text="This screenshot shows the Windows Update for Business report, Delivery Optimization status in Update Compliance." lightbox="/windows/deployment/update/images/wufb-do-overview.png":::
-
-For details, see [Windows Update for Business Delivery Optimization Report](../update/wufb-reports-overview.md).
-
 ## Troubleshooting
 
 This section summarizes common problems and some solutions to try.

windows/deployment/do/waas-delivery-optimization.md

@@ -12,6 +12,7 @@ ms.collection:
   - highpri
 ms.topic: overview
 ms.date: 12/31/2017
+ms.reviewer: mstewart
 ---
 
 # What is Delivery Optimization?

windows/deployment/do/waas-microsoft-connected-cache.md

@@ -10,6 +10,7 @@ ms.topic: article
 ms.technology: itpro-updates
 ms.date: 05/09/2023
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
 # What is Microsoft Connected Cache?

windows/deployment/do/waas-optimize-windows-10-updates.md

@@ -3,8 +3,9 @@ title: Optimize Windows update delivery
 description: Two methods of peer-to-peer content distribution are available, Delivery Optimization and BranchCache.
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: mestew
+ms.author: carmenf
-ms.author: mstewart
+author: cmknox
+ms.reviewer: mstewart
 manager: aaroncz
 ms.topic: article
 ms.technology: itpro-updates

windows/deployment/do/whats-new-do.md

@@ -10,6 +10,7 @@ ms.topic: article
 ms.technology: itpro-updates
 ms.date: 12/31/2017
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
 # What's new in Delivery Optimization

windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md

@@ -1,7 +1,7 @@
 ---
 title: What's new 2023
 description: This article lists the 2023 feature releases and any corresponding Message center post numbers.
-ms.date: 08/08/2023 
+ms.date: 08/17/2023 
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: whats-new
@@ -27,7 +27,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 
 | Article | Description |
 | ----- | ----- |
-| [Exclude a device](../operate/windows-autopatch-exclude-device.md) | Renamed Deregister a device to [Exclude a device](../operate/windows-autopatch-exclude-device.md). Added the [Restore device](../operate/windows-autopatch-exclude-device.md#restore-a-device-or-multiple-devices-previously-excluded) feature |
+| [Exclude a device](../operate/windows-autopatch-exclude-device.md) | Renamed Deregister a device to [Exclude a device](../operate/windows-autopatch-exclude-device.md). Added the [Restore device](../operate/windows-autopatch-exclude-device.md#restore-a-device-or-multiple-devices-previously-excluded) feature <ul><li>[MC667662](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
 | [Device alerts](../operate/windows-autopatch-device-alerts.md) | Added `'InstallSetupBlock'` to the [Alert resolutions section](../operate/windows-autopatch-device-alerts.md#alert-resolutions) |
 
 ## July 2023

windows/security/application-security/application-control/user-account-control/how-it-works.md

@@ -4,7 +4,7 @@ description: Learn about User Account Control (UAC) components and how it intera
 ms.collection: 
   - highpri
   - tier2
-ms.topic: conceptual
+ms.topic: concept-article
 ms.date: 05/24/2023
 ---
 

windows/security/application-security/application-control/user-account-control/index.md

@@ -4,7 +4,7 @@ description: Learn how User Account Control (UAC) helps to prevent unauthorized
 ms.collection: 
   - highpri
   - tier2
-ms.topic: conceptual
+ms.topic: overview
 ms.date: 05/24/2023
 ---
 

windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md

@@ -41,8 +41,6 @@ The blocklist is updated with each new major release of Windows, typically 1-2 t
 
 Customers who always want the most up-to-date driver blocklist can also use Windows Defender Application Control (WDAC) to apply the latest recommended driver blocklist contained in this article. For your convenience, we've provided a download of the most up-to-date vulnerable driver blocklist along with instructions to apply it on your computer at the end of this article. Otherwise, you can use the XML provided below to create your own custom WDAC policies.
 
-[!INCLUDE [microsoft-vulnerable-driver-blocklist](../../../../../../includes/licensing/microsoft-vulnerable-driver-blocklist.md)]
-
 ## Blocking vulnerable drivers using WDAC
 
 Microsoft recommends enabling [HVCI](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) or S mode to protect your devices against security threats. If this setting isn't possible, Microsoft recommends blocking [this list of drivers](#vulnerable-driver-blocklist-xml) within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can cause devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) and review the audit block events.

windows/security/cloud-security/index.md

@@ -2,7 +2,7 @@
 title: Windows and cloud security
 description: Get an overview of cloud security features in Windows
 ms.date: 08/02/2023
-ms.topic: conceptual
+ms.topic: overview
 author: paolomatarazzo
 ms.author: paoloma
 ---

windows/security/identity-protection/access-control/local-accounts.md

@@ -2,7 +2,7 @@
 ms.date: 08/03/2023
 title: Local Accounts
 description: Learn how to secure and manage access to the resources on a standalone or member server for services or users.
-ms.topic: conceptual
+ms.topic: concept-article
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>

windows/security/identity-protection/enterprise-certificate-pinning.md

@@ -1,7 +1,7 @@
 ---
 title: Enterprise certificate pinning
 description: Enterprise certificate pinning is a Windows feature for remembering, or pinning, a root issuing certificate authority, or end-entity certificate to a domain name.
-ms.topic: conceptual
+ms.topic: concept-article
 ms.date: 05/24/2023
 ---
 

windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md

@@ -2,7 +2,7 @@
 title: How Windows Hello for Business works - Provisioning
 description: Explore the provisioning flows for Windows Hello for Business, from within a variety of environments.
 ms.date: 2/15/2022
-ms.topic: article
+ms.topic: overview
 ---
 # Windows Hello for Business Provisioning
 

windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md

@@ -2,7 +2,7 @@
 title: How Windows Hello for Business works - technology and terms
 description: Explore technology and terms associated with Windows Hello for Business. Learn how Windows Hello for Business works.
 ms.date: 10/08/2018
-ms.topic: article
+ms.topic: glossary
 ---
 
 # Technology and terms

windows/security/identity-protection/hello-for-business/hello-how-it-works.md

@@ -2,7 +2,7 @@
 title: How Windows Hello for Business works
 description: Learn how Windows Hello for Business works, and how it can help your users authenticate to services.
 ms.date: 05/05/2018
-ms.topic: article
+ms.topic: overview
 ---
 # How Windows Hello for Business works in Windows Devices
 

windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md

@@ -2,7 +2,7 @@
 title: Configure single sign-on (SSO) for Azure AD joined devices
 description: Learn how to configure single sign-on to on-premises resources for Azure AD-joined devices, using Windows Hello for Business.
 ms.date: 12/30/2022
-ms.topic: article
+ms.topic: how-to
 ---
 # Configure single sign-on for Azure AD joined devices
 

windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md

@@ -5,7 +5,7 @@ ms.collection:
   - highpri
   - tier1
 ms.date: 2/15/2022
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Manage Windows Hello for Business in your organization

windows/security/identity-protection/hello-for-business/hello-planning-guide.md

@@ -2,7 +2,7 @@
 title: Planning a Windows Hello for Business Deployment
 description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure.
 ms.date: 09/16/2020
-ms.topic: article
+ms.topic: overview
 ---
 # Planning a Windows Hello for Business Deployment
 

windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md

@@ -2,7 +2,7 @@
 title: Prepare people to use Windows Hello 
 description: When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization.
 ms.date: 08/19/2018
-ms.topic: article
+ms.topic: end-user-help
 ---
 # Prepare people to use Windows Hello
 

windows/security/identity-protection/hello-for-business/hello-videos.md

@@ -2,7 +2,7 @@
 title: Windows Hello for Business Videos
 description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10 and Windows 11.
 ms.date: 03/09/2023
-ms.topic: article
+ms.topic: get-started
 ---
 # Windows Hello for Business Videos
 ## Overview of Windows Hello for Business and Features

windows/security/identity-protection/hello-for-business/index.md

@@ -4,7 +4,7 @@ description: Learn how Windows Hello for Business replaces passwords with strong
 ms.collection: 
   - highpri
   - tier1
-ms.topic: conceptual
+ms.topic: overview
 ms.date: 04/24/2023
 ---
 # Windows Hello for Business Overview

windows/security/identity-protection/hello-for-business/webauthn-apis.md

@@ -2,7 +2,7 @@
 title: WebAuthn APIs
 description: Learn how to use WebAuthn APIs to enable passwordless authentication for your sites and apps.
 ms.date: 07/27/2023
-ms.topic: article
+ms.topic: how-to
 ---
 # WebAuthn APIs for passwordless authentication on Windows
 <!--MAXADO-6021798-->

windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md

@@ -2,7 +2,7 @@
 ms.date: 09/24/2021
 title: Smart Card and Remote Desktop Services 
 description: This topic for the IT professional describes the behavior of Remote Desktop Services when you implement smart card sign-in.
-ms.topic: article
+ms.topic: conceptual
 ms.reviewer: ardenw
 ---
 # Smart Card and Remote Desktop Services

windows/security/identity-protection/smart-cards/smart-card-architecture.md

@@ -2,7 +2,7 @@
 title: Smart Card Architecture 
 description: This topic for the IT professional describes the system architecture that supports smart cards in the Windows operating system.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: reference-architecture
 ms.date: 09/24/2021
 ---
 

windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md

@@ -2,7 +2,7 @@
 title: Certificate Propagation Service 
 description: This topic for the IT professional describes the certificate propagation service (CertPropSvc), which is used in smart card implementation.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: concept-article
 ms.date: 08/24/2021
 ---
 

windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md

@@ -2,7 +2,7 @@
 title: Certificate Requirements and Enumeration 
 description: This topic for the IT professional and smart card developers describes how certificates are managed and used for smart card sign-in.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: concept-article
 ms.date: 09/24/2021
 ---
 

windows/security/identity-protection/smart-cards/smart-card-debugging-information.md

@@ -5,7 +5,7 @@ ms.reviewer: ardenw
 ms.collection: 
   - highpri
   - tier2
-ms.topic: article
+ms.topic: troubleshooting
 ms.date: 09/24/2021
 ---
 

windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md

@@ -2,7 +2,7 @@
 title: Smart Card Group Policy and Registry Settings 
 description: Discover the Group Policy, registry key, local security policy, and credential delegation policy settings that are available for configuring smart cards.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: reference
 ms.date: 11/02/2021
 ---
 

windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md

@@ -2,7 +2,7 @@
 title: How Smart Card Sign-in Works in Windows
 description: This topic for IT professional provides links to resources about the implementation of smart card technologies in the Windows operating system.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: overview
 ms.date: 09/24/2021
 ---
 

windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md

@@ -2,7 +2,7 @@
 title: Smart Card Removal Policy Service 
 description: This topic for the IT professional describes the role of the removal policy service (ScPolicySvc) in smart card implementation.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: concept-article
 ms.date: 09/24/2021
 ---
 

windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md

@@ -2,7 +2,7 @@
 title: Smart Cards for Windows Service 
 description: This topic for the IT professional and smart card developers describes how the Smart Cards for Windows service manages readers and application interactions.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: concept-article
 ms.date: 09/24/2021
 ---
 

windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md

@@ -2,7 +2,7 @@
 title: Smart Card Tools and Settings 
 description: This topic for the IT professional and smart card developer links to information about smart card debugging, settings, and events.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: conceptual
 ms.date: 09/24/2021
 ---
 

windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md

@@ -2,7 +2,7 @@
 title: Smart Card Technical Reference 
 description: Learn about the Windows smart card infrastructure for physical smart cards, and how smart card-related components work in Windows.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: reference
 ms.date: 09/24/2021
 ---
 

windows/security/operating-system-security/data-protection/bitlocker/index.md

@@ -13,7 +13,7 @@ ms.date: 08/03/2023
 Bitlocker is a Windows disk encryption feature, designed to protect data by providing encryption for entire volumes.\
 BitLocker addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned devices.
 
-BitLocker provides maximum protection when used with a Trusted Platform Module (TPM). A TPM is a hardware component installed in many devices ant it works with BitLocker to help protect user data and to ensure that a computer hasn't been tampered with while the system is offline.
+BitLocker provides maximum protection when used with a Trusted Platform Module (TPM). A TPM is a hardware component installed in many devices and it works with BitLocker to help protect user data and to ensure that a computer hasn't been tampered with while the system is offline.
 
 On devices that don't have a TPM, BitLocker can still be used to encrypt the Windows operating system drive. However, this implementation requires the user to insert a USB startup key to start the device or resume from hibernation. An operating system volume password can be used to protect the operating system volume on a computer without TPM. Both options don't provide the pre-startup system integrity verification offered by BitLocker with a TPM.
 

windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md

@@ -1,7 +1,7 @@
 ---
 title: Optimize Microsoft 365 traffic for remote workers with the Windows VPN client
 description: Learn how to optimize Microsoft 365 traffic for remote workers with the Windows VPN client
-ms.topic: article
+ms.topic: how-to
 ms.date: 08/03/2023
 ---
 # Optimize Microsoft 365 traffic for remote workers with the Windows VPN client

windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md

@@ -6,7 +6,7 @@ ms.date: 11/09/2022
 ms.collection: 
   - highpri
   - tier3
-ms.topic: article
+ms.topic: best-practice
 ---
 
 # Best practices for configuring Windows Defender Firewall

windows/security/security-foundations/certification/fips-140-validation.md

@@ -2,14 +2,14 @@
 title: Federal Information Processing Standard (FIPS) 140 Validation
 description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140.
 ms.prod: windows-client
-ms.date: 11/03/2022
+ms.date: 08/18/2023
 manager: aaroncz
 ms.author: paoloma
 author: paolomatarazzo
 ms.collection: 
   - highpri
   - tier3
-ms.topic: article
+ms.topic: reference
 ms.localizationpriority: medium
 ms.reviewer: 
 ms.technology: itpro-security

windows/security/security-foundations/certification/windows-platform-common-criteria.md

@@ -5,7 +5,7 @@ ms.prod: windows-client
 ms.author: sushmanemali
 author: s4sush
 manager: aaroncz
-ms.topic: article
+ms.topic: reference
 ms.localizationpriority: medium
 ms.date: 11/4/2022
 ms.reviewer: paoloma

windows/security/security-foundations/index.md

@@ -1,7 +1,7 @@
 ---
 title: Windows security foundations
 description: Get an overview of security foundations, including the security development lifecycle, common criteria, and the bug bounty program.
-ms.topic: conceptual
+ms.topic: overview
 ms.date: 06/15/2023
 author: paolomatarazzo
 ms.author: paoloma

windows/security/security-foundations/msft-security-dev-lifecycle.md

@@ -4,7 +4,7 @@ description: Download the Microsoft Security Development Lifecycle white paper t
 author: paolomatarazzo
 ms.author: paoloma
 manager: aaroncz
-ms.topic: article
+ms.topic: conceptual
 ms.date: 07/31/2023
 ---
 

windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md

@@ -48,6 +48,7 @@ By default, the members of the following groups have this right on domain contro
 -   Account Operators
 -   Administrators
 -   Backup Operators
+-   Enterprise Domain Controllers
 -   Print Operators
 -   Server Operators
 
@@ -62,14 +63,14 @@ Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Local Pol
 
 ### Default values
 
-The following table lists the actual and effective default policy values for the most recent supported versions of Windows. Default values are also listed on the policy’s property page.
+The following table lists the actual and effective default policy values for the most recent supported versions of Windows. Default values are also listed on the policy's property page.
 
 | Server type or GPO | Default value |
 | - | - |
 | Default Domain Policy| Not Defined |
-| Default Domain Controller Policy | Account Operators<br>Administrators<br>Backup Operators<br>Print Operators<br>Server Operators |
+| Default Domain Controller Policy | Account Operators<br>Administrators<br>Backup Operators<br>Enterprise Domain Controllers<br>Print Operators<br>Server Operators |
 | Stand-Alone Server Default Settings| Administrators<br>Backup Operators<br>Users |
-| Domain Controller Effective Default Settings | Account Operators<br>Administrators<br>Backup Operators<br>Print Operators<br>Server Operators |
+| Domain Controller Effective Default Settings | Account Operators<br>Administrators<br>Backup Operators<br>Enterprise Domain Controllers<br>Print Operators<br>Server Operators |
 | Member Server Effective Default Settings | Administrators<br>Backup Operators<br>Users |
 | Client Computer Effective Default Settings | Administrators<br>Backup Operators<br>Users |
 

windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md

@@ -42,7 +42,7 @@ This policy setting allows you to specify an ACL in two different ways. You can
 
 -   Blank
 
-    This value represents how the local security policy deletes the policy enforcement key. This value deletes the policy and then sets it as Not defined. The Blank value is set by using the ACL editor to empty the list, and then pressing OK.
+    This value represents how the local security policy deletes the policy enforcement key. This value deletes the policy and then sets it as Not defined. To set a blank value, select "Define this policy setting" and leave the Security descriptor empty, and then select OK.
 
 ### Location
 

windows/whats-new/windows-licensing.md

@@ -7,7 +7,7 @@ ms.author: paoloma
 manager: aaroncz
 ms.collection:
 - tier2
-ms.topic: conceptual
+ms.topic: overview
 ms.date: 05/04/2023
 appliesto:
 - ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>