Merge branch 'main' into ap-drivers-firmware-release

windows/client-management/mdm/surfacehub-csp.md

@@ -75,6 +75,7 @@ The following list shows the SurfaceHub configuration service provider nodes:
   - [Properties](#properties)
     - [AllowAutoProxyAuth](#propertiesallowautoproxyauth)
     - [AllowSessionResume](#propertiesallowsessionresume)
+    - [DefaultAutomaticFraming](#propertiesdefaultautomaticframing)
     - [DefaultVolume](#propertiesdefaultvolume)
     - [DisableSigninSuggestions](#propertiesdisablesigninsuggestions)
     - [DoNotShowMyMeetingsAndFiles](#propertiesdonotshowmymeetingsandfiles)
@@ -1878,7 +1879,7 @@ The name of the domain admin group to add to the administrators group on the dev
 
 <!-- Device-Management-GroupSid-Description-Begin -->
 <!-- Description-Source-DDF -->
-The sid of the domain admin group to add to the administrators group on the device.
+The side of the domain admin group to add to the administrators group on the device.
 <!-- Device-Management-GroupSid-Description-End -->
 
 <!-- Device-Management-GroupSid-Editable-Begin -->
@@ -2154,6 +2155,46 @@ Specifies whether to allow the ability to resume a session when the session time
 
 <!-- Device-Properties-AllowSessionResume-End -->
 
+<!-- Device-Properties-DefaultAutomaticFraming-Begin -->
+### Properties/DefaultAutomaticFraming
+
+<!-- Device-Properties-DefaultAutomaticFraming-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 20H2 [10.0.19042] and later |
+<!-- Device-Properties-DefaultAutomaticFraming-Applicability-End -->
+
+<!-- Device-Properties-DefaultAutomaticFraming-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/SurfaceHub/Properties/DefaultAutomaticFraming
+```
+<!-- Device-Properties-DefaultAutomaticFraming-OmaUri-End -->
+
+<!-- Device-Properties-DefaultAutomaticFraming-Description-Begin -->
+<!-- Description-Source-DDF -->
+Specifies whether the Surface Hub 2 Smart Camera feature to automatically zoom and keep users centered in the video is enabled.
+<!-- Device-Properties-DefaultAutomaticFraming-Description-End -->
+
+<!-- Device-Properties-DefaultAutomaticFraming-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Properties-DefaultAutomaticFraming-Editable-End -->
+
+<!-- Device-Properties-DefaultAutomaticFraming-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Get, Replace |
+| Default Value  | true |
+<!-- Device-Properties-DefaultAutomaticFraming-DFProperties-End -->
+
+<!-- Device-Properties-DefaultAutomaticFraming-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Properties-DefaultAutomaticFraming-Examples-End -->
+
+<!-- Device-Properties-DefaultAutomaticFraming-End -->
+
 <!-- Device-Properties-DefaultVolume-Begin -->
 ### Properties/DefaultVolume
 

windows/deployment/update/deployment-service-drivers.md

@@ -8,7 +8,7 @@ ms.author: mstewart
 manager: aaroncz
 ms.topic: article
 ms.technology: itpro-updates
-ms.date: 06/16/2023
+ms.date: 06/22/2023
 ---
 
 # Deploy drivers and firmware updates with Windows Update for Business deployment service
@@ -81,7 +81,7 @@ To create a policy without any deployment settings, in the request body specify
    
    {
      "audience": {
-       "@odata.id": "d39ad1ce-0123-4567-89ab-cdef01234567"
+       "id": "d39ad1ce-0123-4567-89ab-cdef01234567"
      }
    }
    ```

windows/deployment/volume-activation/use-vamt-in-windows-powershell.md

@@ -44,7 +44,7 @@ To open PowerShell with administrative credentials, select **Start** and enter `
 For all supported operating systems, you can use the VAMT PowerShell module included with the Windows ADK. By default, the module is installed with the Windows ADK in the VAMT folder. Change directories to the directory where VAMT is located. For example, if the Windows ADK is installed in the default location of `C:\Program Files(x86)\Windows Kits\10`, enter:
 
   ```powershell
-  cd "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT 3.0"
+  cd "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT3"
   ```
 
 ### Import the VAMT PowerShell module

windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md

@@ -1,7 +1,7 @@
 ---
 title: Microsoft 365 Apps for enterprise
 description: This article explains how Windows Autopatch manages Microsoft 365 Apps for enterprise updates
-ms.date: 03/10/2023 
+ms.date: 06/23/2023 
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -41,9 +41,9 @@ For a device to be eligible for Microsoft 365 Apps for enterprise updates (both
 
 ## Update release schedule
 
-All devices registered for Windows Autopatch will receive updates from the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview). This practice provides your users with new features each month, and they'll receive just one update per month on a predictable release schedule. Updates are released on the second Tuesday of the month; these updates can include feature, security, and quality updates. These updates occur automatically and pulled directly from the Office Content Delivery Network (CDN).
+All devices registered for Windows Autopatch receive updates from the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview). This practice provides your users with new features each month, and they receive just one update per month on a predictable release schedule. Updates are released on the second Tuesday of the month; these updates can include feature, security, and quality updates. These updates occur automatically and pulled directly from the Office Content Delivery Network (CDN).
 
-Unlike Windows update, the Office CDN doesn't make the update available to all devices at once. Over the course of the release, the Office CDN gradually makes the update available to the whole population of devices. Windows Autopatch doesn't control the order in which updates are offered to devices across your estate. After the update downloads, there's a seven day [update deadline](/deployoffice/configure-update-settings-microsoft-365-apps) that specifies how long the user has until the user must apply the update.  
+Unlike Windows update, the Office CDN doesn't make the update available to all devices at once. Over the course of the release, the Office CDN gradually makes the update available to the whole population of devices. Windows Autopatch doesn't control the order in which updates are offered to devices across your estate. After the update downloads, there's a seven day [update deadline](../references/windows-autopatch-microsoft-365-policies.md) that specifies how long the user has until the user must apply the update.  
 
 ## Deployment rings
 
@@ -81,7 +81,7 @@ Windows Autopatch doesn't allow you to pause or roll back an update in the Micro
 
 ## Allow or block Microsoft 365 App updates
 
-For organizations seeking greater control, you can allow or block Microsoft 365 App updates for Windows Autopatch-enrolled devices. When the Microsoft 365 App update setting is set to **Block**, Windows Autopatch won't provide Microsoft 365 App updates on your behalf, and your organizations will have full control over these updates. For example, you can continue to receive updates from [channels](/deployoffice/overview-update-channels) other than the default [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview).
+For organizations seeking greater control, you can allow or block Microsoft 365 App updates for Windows Autopatch-enrolled devices. When the Microsoft 365 App update setting is set to **Block**, Windows Autopatch doesn't provide Microsoft 365 App updates on your behalf, and your organizations have full control over these updates. For example, you can continue to receive updates from [channels](/deployoffice/overview-update-channels) other than the default [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview).
 
 **To allow or block Microsoft 365 App updates:**
 
@@ -120,12 +120,12 @@ For organizations seeking greater control, you can allow or block Microsoft 365
 
 [Servicing profiles](/deployoffice/admincenter/servicing-profile) is a feature in the [Microsoft 365 Apps admin center](https://config.office.com/) that provides controlled update management of monthly Office updates, including controls for user and device targeting, scheduling, rollback, and reporting.
 
-A [service profile](/deployoffice/admincenter/servicing-profile#compatibility-with-other-management-tools) takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. The servicing profile will affect all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it will be ineligible for Microsoft 365 App update management.
+A [service profile](/deployoffice/admincenter/servicing-profile#compatibility-with-other-management-tools) takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. The servicing profile affects all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it's ineligible for Microsoft 365 App update management.
 
 However, the device may still be eligible for other managed updates. For more information about a device's eligibility for a given [software update workload](windows-autopatch-update-management.md#software-update-workloads), see the Device eligibility section of each respective software update workload.
 
 ## Incidents and outages
 
-If devices in your tenant aren't meeting the [service level objective](#service-level-objective) for Microsoft 365 Apps for enterprise updates, an incident will be raised. The Windows Autopatch Service Engineering Team will work to bring the devices back into compliance.
+If devices in your tenant aren't meeting the [service level objective](#service-level-objective) for Microsoft 365 Apps for enterprise updates, an incident is raised. The Windows Autopatch Service Engineering Team will work to bring the devices back into compliance.
 
 If you're experiencing issues related to Microsoft 365 Apps for enterprise updates, [submit a support request](../operate/windows-autopatch-support-request.md).

windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md

@@ -1,7 +1,7 @@
 ---
 title: Changes made at tenant enrollment
 description: This reference article details the changes made to your tenant when enrolling into Windows Autopatch
-ms.date: 01/24/2023
+ms.date: 06/23/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: reference
@@ -108,7 +108,7 @@ The following groups target Windows Autopatch configurations to devices and mana
 
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
-| Windows Autopatch - Office Configuration | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>|<ol><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li></ol> |<ol><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><li>Disabled</li><li>Enabled</li></ol> |
+| Windows Autopatch - Office Configuration | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>|<ol><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li><li>Location for updates (Device)</li></ol> |<ol><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><li>Disabled</li><li>Enabled</li><li>`http://officecdn.microsoft.com/pr/55336b82-a18d-4dd6-b5f6-9e5095c314a6`</li></ol> |
 | Windows Autopatch - Office Update Configuration [Test] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<ol><li>Enabled; `Days(Device) == 0 days`</li></li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
 | Windows Autopatch - Office Update Configuration [First] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol> | <ol><li>Enabled; `Days(Device) == 0 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
 | Windows Autopatch - Office Update Configuration [Fast] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ol>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled; `Days(Device) == 3 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|

windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md

@@ -1,7 +1,7 @@
 ---
 title: Microsoft 365 Apps for enterprise update policies
 description: This article explains the Microsoft 365 Apps for enterprise policies in Windows Autopatch
-ms.date: 07/11/2022
+ms.date: 06/23/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -22,14 +22,14 @@ Deploying any of the following policies to a managed device makes that device in
 
 ### Update policies
 
-Window Autopatch deploys mobile device management (MDM) policies to configure Microsoft 365 Apps and requires a specific configuration. If any [Microsoft 365 Apps update settings](/deployoffice/configure-update-settings-microsoft-365-apps) are deployed which conflict with our policies, then the device won't be eligible for management.
+Window Autopatch deploys mobile device management (MDM) policies to configure Microsoft 365 Apps and requires a specific configuration. If any [Microsoft 365 Apps update settings](/deployoffice/configure-update-settings-microsoft-365-apps) are deployed which conflict with our policies, then the device isn't eligible for management.
 
-| Update setting | Value | Usage reason |
-| ----- | ----- | ----- |
-| Set updates to occur automatically | Enabled | Enable automatic updates |
-| Specify a location to look for updates | Blank | Don't use this setting since it overwrites the update branch |
-| Update channel | Monthly Enterprise | Supported channel for Windows Autopatch |
-| Specify the version of Microsoft 365 Apps to update to | Variable | Used to roll back to a previous version if an error occurs |
-| Set a deadline by when updates must be applied | 7 | Update deadline |
-| Hide update notifications from users | Turned off | Users should be notified when Microsoft 365 Apps are being updated |
-| Hide the option to turn on or off automatic Office updates | Turned on | Prevents users from disabling automatic updates |
+| Setting name | Test | First | Fast | Broad | Usage reason |
+| ----- | ----- | ----- | ----- | ----- | ----- |
+| Set updates to occur automatically | Turned on | Turned on | Turned on | Turned on | Turn on automatic updates |
+| Specify a location to look for updates | Blank | Blank | Blank | Blank | Don't use this setting because it overwrites the update branch |
+| Specify the version of Microsoft Apps to update to | Variable | Variable | Variable | Variable | Used to roll back to a previous version if an error occurs |
+| Set a deadline when updates must be applied | 7 | 7 | 7 | 7 | Updates must be applied by the specified deadline |
+| Sets the Office update deferral | 0 | 0 | 3 | 7| Delay downloading and installing updates for Office |
+| Hide update notifications from end users | Turned off | Turned off |  Turned off |  Turned off | End users should be notified when Microsoft 365 Apps are being updated |
+| Hide the option to turn on or off automatic Office updates | Turned on | Turned on | Turned on | Turned on | Prevents end users from turning off automatic updates |

windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md

@@ -1,7 +1,7 @@
 ---
 title: What's new 2023
 description: This article lists the 2023 feature releases and any corresponding Message center post numbers.
-ms.date: 06/12/2023
+ms.date: 06/26/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: whats-new
@@ -21,9 +21,27 @@ This article lists new and updated feature releases, and service releases, with
 
 Minor corrections such as typos, style, or formatting issues aren't listed.
 
+## June 2023
+
+### June feature releases or updates
+
+| Article | Description |
+| ----- | ----- |
+| [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) | Added Location for updates (Device) setting and value to the [Windows Autopatch - Office Configuration policy](../references/windows-autopatch-changes-to-tenant.md#microsoft-office-update-policies) |
+| [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) | Updated [deadline link](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#behavior-during-updates) |
+| [Microsoft 365 Apps for enterprise update policies](../references/windows-autopatch-microsoft-365-policies.md) | Updated the [Update policies](../references/windows-autopatch-microsoft-365-policies.md#update-policies) section |
+
+### June service releases
+
+| Message center post number | Description |
+| ----- | ----- |
+| [MC604889](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Expanding Windows Autopatch availability in August 2023 |
+| [MC602590](https://admin.microsoft.com/adminportal/home#/MessageCenter) | June 2023 Windows Autopatch baseline configuration update |
+| [MC591864](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Updated ticket categories to reduce how long it takes to resolve support requests |
+
 ## May 2023
 
-### May 2023 feature release
+### May feature releases or updates
 
 | Article | Description |
 | ----- | ----- |
@@ -51,7 +69,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 | [Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md) | Add new Policy health and remediation feature. This feature is in public preview |
 | [Windows Autopatch groups public preview addendum](../references/windows-autopatch-groups-public-preview-addendum.md) | Added addendum for the Windows Autopatch groups public preview |
 
-## May service release
+### May service releases
 
 | Message center post number | Description |
 | ----- | ----- |
@@ -65,7 +83,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 | ----- | ----- |
 | [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) | Updated the [Deployment rings for Windows 10 and later](../references/windows-autopatch-changes-to-tenant.md#deployment-rings-for-windows-10-and-later) section |
 
-### April service release
+### April service releases
 
 | Message center post number | Description |
 | ----- | ----- |
@@ -83,7 +101,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 | [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) | <ul><li>Added support for subscription versions of Microsoft Project and Visio desktop apps</li><li>Updated device eligibility criteria</li><li>Clarified update controls</li></ul> |
 | [Customize Windows Update settings](../operate/windows-autopatch-windows-update.md) | New [Customize Windows Update settings](../operate/windows-autopatch-windows-update.md) feature. This feature is in public preview<ul><li>[MC524715](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul>|
 
-### March service release
+### March service releases
 
 | Message center post number | Description |
 | ----- | ----- |
@@ -107,7 +125,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 | [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) | Updated Feature update policies section with Windows Autopatch - DSS Policy [deployment ring] |
 | [Register your devices](../deploy/windows-autopatch-register-devices.md) |<ul><li>Updated the [Built-in roles required for registration](../deploy/windows-autopatch-register-devices.md#built-in-roles-required-for-device-registration) section</li><li>Added more information about assigning less-privileged user accounts</li></ul> |
 
-### February service release
+### February service releases
 
 | Message center post number | Description |
 | ----- | ----- |
@@ -126,7 +144,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 | [Submit a tenant enrollment support request](../prepare/windows-autopatch-enrollment-support-request.md) | Added the Submit a tenant enrollment support request section. You can submit a tenant enrollment support request through the Tenant enrollment tool if you're running into issues with enrollment |
 | [Submit a support request](../operate/windows-autopatch-support-request.md) | Added Premier and Unified support options section |
 
-### January service release
+### January service releases
 
 | Message center post number | Description |
 | ----- | ----- |

windows/hub/TOC.yml

@@ -1,28 +0,0 @@
-- name: Windows
-  href: index.yml
-  items: 
-    - name: What's new
-      expanded: true
-      items:
-        - name: What's new in Windows
-          href: /windows/whats-new
-        - name: Windows 11
-          href: /windows/whats-new/windows-11
-    - name: Release information
-      href: /windows/release-health
-    - name: Deployment
-      href: /windows/deployment
-    - name: Configuration
-      href: /windows/configuration
-    - name: Client management
-      href: /windows/client-management
-    - name: Application management
-      href: /windows/application-management
-    - name: Security
-      href: /windows/security
-    - name: Privacy
-      href: /windows/privacy
-    - name: Troubleshooting
-      href: /windows/client-management/windows-10-support-solutions
-    - name: Previous Windows versions
-      href: /previous-versions/windows

windows/hub/breadcrumb/toc.yml

@@ -37,9 +37,13 @@ items:
             tocHref: /windows/security/
             topicHref: /windows/security/
             items:
-              - name: Windows Hello for Business
-                tocHref: /windows/security/identity-protection/hello-for-business/
-                topicHref: /windows/security/identity-protection/hello-for-business/
+              - name: Identity protection
+                tocHref: /windows/security/identity-protection/
+                topicHref: /windows/security/identity-protection/
+                items:
+                - name: Windows Hello for Business
+                  tocHref: /windows/security/identity-protection/hello-for-business/
+                  topicHref: /windows/security/identity-protection/hello-for-business
               - name: Security auditing
                 tocHref: /windows/security/threat-protection/auditing/
                 topicHref: /windows/security/threat-protection/auditing/security-auditing-overview
@@ -52,6 +56,13 @@ items:
               - name: Application Control for Windows
                 tocHref: /windows/security/threat-protection/windows-defender-application-control/
                 topicHref: /windows/security/threat-protection/windows-defender-application-control/
+              - name: OS
+                tocHref: /windows/security/operating-system-security/
+                topicHref: /windows/security/operating-system-security/
+              - name: Network
+                tocHref: /windows/security/operating-system-security/network-security/
+                topicHref: /windows/security/operating-system-security/network-security/
               - name: Windows Defender Firewall
-                tocHref: /windows/security/threat-protection/windows-firewall/
-                topicHref: /windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security
+                tocHref: /windows/security/operating-system-security/network-security/windows-firewall/
+                topicHref: /windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security
+                

windows/hub/images/accessprotection.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:#0070c0;}.cls-3,.cls-4{fill:none;stroke:#0070c0;stroke-miterlimit:10;}.cls-3{stroke-width:3.02px;}.cls-4{stroke-width:3px;}</style></defs><title>AccessProtection</title><g id="Icons"><polygon class="cls-2" points="52.5 18 36 18 36 1.5 39 1.5 39 15 52.5 15 52.5 18"/><path class="cls-2" d="M9,57V3H36.88L51,17.12V28.2a10.09,10.09,0,0,1,3,1.15V15.88L38.12,0H6V60H35V57Z"/><rect class="cls-3" x="39.5" y="43.5" width="19" height="15"/><path class="cls-4" d="M43.5,43.5V38a5.5,5.5,0,0,1,11,0v5.5"/></g></svg>

windows/hub/images/applicationmanagement.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}</style></defs><title>ApplicationManagement</title><g id="Icons"><polyline class="cls-2" points="50.75 46.5 58.5 46.5 58.5 5.5 9.5 5.5 9.5 13.5"/><rect class="cls-2" x="1.5" y="13.5" width="49" height="41"/><line class="cls-2" x1="1.5" y1="21.5" x2="50.5" y2="21.5"/><rect class="cls-2" x="8.5" y="28.5" width="16" height="19"/><line class="cls-2" x1="30" y1="28.5" x2="45" y2="28.5"/><line class="cls-2" x1="30" y1="36.5" x2="45" y2="36.5"/><line class="cls-2" x1="30" y1="44.5" x2="40" y2="44.5"/></g></svg>

windows/hub/images/clientmanagement.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}.cls-3{fill:#0070c0;}</style></defs><title>ClientManagement</title><g id="Icons"><path class="cls-2" d="M1.5,48.5a2.09,2.09,0,0,0,2,2h53a2.09,2.09,0,0,0,2-2,5.1,5.1,0,0,0-.84-3l-6.16-7H8.5l-6.16,7A5.1,5.1,0,0,0,1.5,48.5Z"/><rect class="cls-2" x="8.5" y="9.5" width="43" height="29"/><circle class="cls-3" cx="30" cy="15" r="1.75"/></g></svg>

windows/hub/images/configuration.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}</style></defs><title>Configuration</title><g id="Icons"><path class="cls-2" d="M50.63,30c0-.64,0-1.28-.1-1.91l7.25-4.52-3.59-8.66-8.32,1.92a20.87,20.87,0,0,0-2.7-2.7l1.92-8.32L36.43,2.22,31.91,9.47c-.63-.06-1.27-.09-1.91-.09s-1.28,0-1.91.09L23.57,2.22,14.91,5.81l1.92,8.32a20.87,20.87,0,0,0-2.7,2.7L5.81,14.91,2.22,23.57l7.25,4.52c-.06.63-.09,1.27-.09,1.91s0,1.28.09,1.91L2.22,36.43l3.59,8.66,8.32-1.92a20.87,20.87,0,0,0,2.7,2.7l-1.92,8.32,8.66,3.59,4.52-7.25c.63.06,1.27.1,1.91.1s1.28,0,1.91-.1l4.52,7.25,8.66-3.59-1.92-8.32a20.87,20.87,0,0,0,2.7-2.7l8.32,1.92,3.59-8.66-7.25-4.52C50.59,31.28,50.63,30.64,50.63,30ZM20.5,30A9.5,9.5,0,1,1,30,39.5,9.5,9.5,0,0,1,20.5,30Z"/></g></svg>

windows/hub/images/deployment.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2,.cls-3{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}.cls-3{stroke-dasharray:2.4 2.4;}.cls-4{mask:url(#mask);}.cls-5{filter:url(#luminosity-noclip);}</style><filter id="luminosity-noclip" x="-3" y="3" width="66" height="54" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB"><feFlood flood-color="#fff" result="bg"/><feBlend in="SourceGraphic" in2="bg"/></filter><mask id="mask" x="-3" y="3" width="66" height="54" maskUnits="userSpaceOnUse"><g class="cls-5"><rect x="-3" y="18" width="24" height="24"/><rect x="39" y="3" width="24" height="24"/><rect x="39" y="33" width="24" height="24"/></g></mask></defs><title>Deployment</title><g id="Icons"><rect class="cls-2" x="1.5" y="22.5" width="15" height="15"/><polyline class="cls-2" points="58.5 21 58.5 22.5 57 22.5"/><line class="cls-3" x1="54.6" y1="22.5" x2="46.2" y2="22.5"/><polyline class="cls-2" points="45 22.5 43.5 22.5 43.5 21"/><line class="cls-3" x1="43.5" y1="18.6" x2="43.5" y2="10.2"/><polyline class="cls-2" points="43.5 9 43.5 7.5 45 7.5"/><line class="cls-3" x1="47.4" y1="7.5" x2="55.8" y2="7.5"/><polyline class="cls-2" points="57 7.5 58.5 7.5 58.5 9"/><line class="cls-3" x1="58.5" y1="11.4" x2="58.5" y2="19.8"/><polyline class="cls-2" points="58.5 51 58.5 52.5 57 52.5"/><line class="cls-3" x1="54.6" y1="52.5" x2="46.2" y2="52.5"/><polyline class="cls-2" points="45 52.5 43.5 52.5 43.5 51"/><line class="cls-3" x1="43.5" y1="48.6" x2="43.5" y2="40.2"/><polyline class="cls-2" points="43.5 39 43.5 37.5 45 37.5"/><line class="cls-3" x1="47.4" y1="37.5" x2="55.8" y2="37.5"/><polyline class="cls-2" points="57 37.5 58.5 37.5 58.5 39"/><line class="cls-3" x1="58.5" y1="41.4" x2="58.5" y2="49.8"/><g class="cls-4"><line class="cls-2" x1="16.5" y1="22.5" x2="43.5" y2="14.5"/><line class="cls-2" x1="16.5" y1="37.5" x2="43.5" y2="45.5"/></g></g></svg>

windows/hub/images/deviceSecurity.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:#0070c0;}.cls-3{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}</style></defs><title>DeviceSecurity</title><g id="Icons"><path class="cls-2" d="M29.89,49H3.5a.62.62,0,0,1-.5-.5,3.88,3.88,0,0,1,.47-2L9.18,40H28V37H10V11H50V26.7a11.62,11.62,0,0,1,3,1.42h0V8H7V37.93l-5.82,6.6A6.62,6.62,0,0,0,0,48.5,3.6,3.6,0,0,0,3.5,52H31.64A22.74,22.74,0,0,1,29.89,49Z"/><path class="cls-3" d="M58.5,33.5V41c0,6.25-4.65,12.38-12.14,16.31l-.86.45-.86-.45C37.15,53.38,32.5,47.25,32.5,41V33.5h2a11.13,11.13,0,0,0,6-1.66,9.85,9.85,0,0,1,10,0,11.17,11.17,0,0,0,6,1.62Z"/></g></svg>

windows/hub/images/threatprotection.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:#0070c0;}.cls-3{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}</style></defs><title>ThreatProtection</title><g id="Icons"><rect class="cls-2" x="28" y="41" width="3" height="3"/><rect class="cls-2" x="28" y="11" width="3" height="26"/><path class="cls-3" d="M55.5,21.5c0,13.78-9.93,26.31-26,35.34-16.07-9-26-21.56-26-35.34V9.5A30.48,30.48,0,0,0,20.21,4.29,15.89,15.89,0,0,1,29.5,1.5a15.89,15.89,0,0,1,9.29,2.79A30.48,30.48,0,0,0,55.5,9.5Z"/></g></svg>

windows/hub/images/whatsnew.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2,.cls-3{fill:none;stroke:#107c10;stroke-miterlimit:10;stroke-width:3px;}.cls-3{stroke-linecap:round;}</style></defs><title>WhatsNew</title><g id="Icons"><path class="cls-2" d="M58.5,41.5a6,6,0,0,1-6,6H7.5a6,6,0,0,1-6-6V9.5h49v7h8Z"/><line class="cls-3" x1="50.5" y1="16.5" x2="50.5" y2="39.5"/><line class="cls-2" x1="45" y1="16.5" x2="7" y2="16.5"/><line class="cls-2" x1="45" y1="40.5" x2="29" y2="40.5"/><line class="cls-2" x1="45" y1="32.5" x2="29" y2="32.5"/><line class="cls-2" x1="45" y1="24.5" x2="29" y2="24.5"/><rect class="cls-2" x="8.5" y="24.5" width="15" height="16"/></g></svg>

windows/hub/images/winlogo.svg

@@ -1,96 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<!-- Generated by Microsoft Visio, SVG Export winlogo.svg Page-1 -->
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
-		xmlns:v="http://schemas.microsoft.com/visio/2003/SVGExtensions/" width="6.06944in" height="6.09028in"
-		viewBox="0 0 437 438.5" xml:space="preserve" color-interpolation-filters="sRGB" class="st2">
-	<v:documentProperties v:langID="1033" v:viewMarkup="false"/>
-
-	<style type="text/css">
-	<![CDATA[
-		.st1 {fill:none;stroke:none;stroke-width:0.25}
-		.st2 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
-	]]>
-	</style>
-
-	<g v:mID="0" v:index="1" v:groupContext="foregroundPage">
-		<title>Page-1</title>
-		<v:pageProperties v:drawingScale="1" v:pageScale="1" v:drawingUnits="0" v:shadowOffsetX="9" v:shadowOffsetY="-9"/>
-		<g id="shape1-1" v:mID="1" v:groupContext="shape" transform="translate(0.25,-0.25)">
-			<title>Sheet.1</title>
-			<rect v:rectContext="foreign" x="0" y="0.500011" width="436.5" height="438" class="st1"/>
-			<image x="0" y="0.500011" width="436.5" height="438" preserveAspectRatio="none" xlink:href="data:image/png;base64,iV
-						BORw0KGgoAAAANSUhEUgAAAkYAAAJICAYAAACE1yscAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAFiUAABYlAU
-						lSJPAAABTLSURBVHhe7dYxTiBQDENBjs1B9z6shL4r3EREaZgnTe/SH1+SJEn6zjGSJEl6OUaSJEkvx0iSJOnlGEmSJL1+HKOPz38Av3
-						Jd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bAD
-						CRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2
-						DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQ
-						PARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEco
-						yAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117
-						UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8
-						kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l
-						3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AE
-						wkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCF
-						h3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2w
-						AwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHC
-						Ng3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW
-						0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARH
-						KMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdd
-						e1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNAB
-						PJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAt
-						Zd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNg
-						BMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxw
-						hYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3Xd
-						sAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkR
-						wjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3X
-						VtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwE
-						RyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgH
-						XXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQ
-						ATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQ
-						LWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1z
-						YATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJM
-						cIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd1
-						3bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJ
-						EcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN
-						11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8
-						BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjI
-						B117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BE+nGMJEmS/mqOkSRJ0ssxkiRJejlGkiRJL8dIkiTp5RhJkiS9HCNJkqSXYy
-						RJkvRyjCRJkl6OkSRJ0ssxkiRJejlGkiRJL8dIkiTp5RhJkiS9HCNJkqSXYyRJkvRyjCRJkl6OkSRJ0ssxkiRJejlGkiRJL8dIkiTp5R
-						hJkiS9HCNJkqSXYyRJkvRyjCRJkl6OkSRJ0ssxkiRJejlGkiRJrx/H6OPzH8CvXNc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQ
-						ATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQ
-						LWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1z
-						YATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJM
-						cIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd1
-						3bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJ
-						EcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN
-						11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8
-						BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjI
-						B117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ
-						0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyT
-						EC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXd
-						c2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATC
-						THCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWH
-						dd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bAD
-						CRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2
-						DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQ
-						PARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEco
-						yAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117
-						UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8
-						kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l
-						3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AE
-						wkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCF
-						h3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2w
-						AwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHC
-						Ng3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW
-						0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARH
-						KMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdd
-						e1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNAB
-						PJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAt
-						Zd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNg
-						BMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxw
-						hYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3Xd
-						sAMJF+HCNJkqS/mmMkSZL0cowkSZK++/r6DwqOoucNyrLNAAAAAElFTkSuQmCC"/>
-			<rect v:rectContext="foreign" x="0" y="0.500011" width="436.5" height="438" class="st1"/>
-		</g>
-	</g>
-</svg>

windows/hub/index.yml

@@ -1,255 +1,168 @@
 ### YamlMime:Hub
 
-title: Windows client documentation for IT Pros # < 60 chars
-summary: Evaluate, plan, deploy, secure, and manage devices running Windows 10 and Windows 11. # < 160 chars
-# brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-apps | power-automate | power-bi | power-platform | power-virtual-agents | sql | sql-server | vs | visual-studio | windows | xamarin
+title: Windows client documentation for IT Pros
+summary: Learn how to deploy, secure, and manage Windows clients for your organization.
 brand: windows
 
 metadata:
-  title: Windows client documentation for IT Pros # Required; page title displayed in search results. Include the brand. < 60 chars.
-  description: Evaluate, plan, deploy, secure, and manage devices running Windows 10 and Windows 11. # Required; article description that is displayed in search results. < 160 chars.
+  title: Windows client documentation
+  description: Learn how to deploy, secure, and manage Windows clients for your organization.
   ms.topic: hub-page
   ms.prod: windows-client
   ms.collection:
     - highpri
     - tier1
-  author: aczechowski #Required; your GitHub user alias, with correct capitalization.
-  ms.author: aaroncz #Required; microsoft alias of author; optional team alias.
-  ms.date: 10/01/2021 #Required; mm/dd/yyyy format.
-  localization_priority: medium
+  author: paolomatarazzo
+  ms.author: paoloma
+  manager: aaroncz
+  ms.date: 06/20/2023
 
-# highlightedContent section (optional)
-# Maximum of 8 items
 highlightedContent:
-# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
   items:
-    # Card
-    - title: Become a Windows Insider
-      itemType: overview
-      url: https://insider.windows.com
-    # Card
-    - title: See what's new in Windows release health
-      itemType: overview
-      url: /windows/release-health/
-    # Card
-    - title: Empower your hybrid workforce
-      itemType: overview
-      url: https://www.microsoft.com/microsoft-365/blog/2021/10/04/empower-your-hybrid-workforce-today-with-windows-11/
+  - title: Get started with Windows 11
+    itemType: get-started
+    url: /windows/whats-new/windows-11-overview
+  - title: Windows 11, version 22H2
+    itemType: whats-new
+    url: /windows/whats-new/whats-new-windows-11-version-22H2
+  - title: Windows 11, version 22H2 group policy settings reference 
+    itemType: download
+    url: https://www.microsoft.com/en-us/download/details.aspx?id=104594
+  - title: Windows release health
+    itemType: whats-new
+    url: /windows-insider/get-started
+  - title: Windows commercial licensing
+    itemType: overview
+    url: /windows/whats-new/windows-licensing
+  - title: Windows 365 documentation
+    itemType: overview
+    url: /windows-365
+  - title: Explore all Windows trainings and learning paths for IT pros
+    itemType: learn
+    url: https://learn.microsoft.com/en-us/training/browse/?products=windows&roles=administrator
+  - title: Enroll Windows client devices in Microsoft Intune
+    itemType: how-to-guide
+    url: /mem/intune/fundamentals/deployment-guide-enrollment-windows
 
-# productDirectory section (optional)
 productDirectory:
-  title: Get to know Windows 11 # < 60 chars (optional)
-  summary: Learn more about what's new, what's updated, and what you get in Windows 11 # < 160 chars (optional)
+  title: Get started
   items:
-  # Card
-    - title: Windows 11 overview
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: Get more information about features and improvements that are important to admins
-      url: /windows/whats-new/windows-11-overview
-    - title: Windows 11 requirements
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: See the system requirements for Windows 11, including running Windows 11 on a virtual machine
-      url: /windows/whats-new/windows-11-requirements
-    - title: Learn more about Windows 11 Enterprise
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: Get more information on the features, security, and licensing plans designed for organizations
-      url: https://www.microsoft.com/microsoft-365/windows/windows-11-enterprise
-    - title: FAQ - Upgrade to Windows 11
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: See some common questions and answers when upgrading to Windows 11
-      url: https://support.microsoft.com/windows/upgrade-to-windows-11-faq-fb6206a2-1a0f-448a-80f1-8668ee5b2bf9
-    - title: Windows 11 chip to cloud protection - Security challenges of hybrid work
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: Blog from the Microsoft Windows Security Team
-      url: https://www.microsoft.com/security/blog/2021/10/04/windows-11-offers-chip-to-cloud-protection-to-meet-the-new-security-challenges-of-hybrid-work
-    - title: Trusted Platform Module (TPM)
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: Learn more about TPM, and why it's a good thing
-      url: /windows/security/information-protection/tpm/trusted-platform-module-overview
-      
-# conceptualContent section (optional)
-conceptualContent:
-# Supports up to 3 sections
-# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
 
-  title: Windows client resources and documentation for IT Pros 
-  summary: Plan, deploy, secure, and manage devices running Windows 10 and Windows 11.
-  items:
-  # card
-    - title: Overview
+    - title: Learn how to deploy Windows
+      imageSrc: /media/common/i_deploy.svg
       links:
-        - url: /windows/whats-new/windows-11-overview
-          itemType: overview
-          text: Windows 11 overview
-        - url: /windows/whats-new/windows-11-plan
-          itemType: overview
-          text: Plan for Windows 11
-        - url: /windows/whats-new/windows-11-prepare
-          itemType: overview
-          text: Prepare for Windows 11
-        - url: /windows/whats-new/whats-new-windows-10-version-21H1
-          itemType: overview
-          text: What's new in Windows 10, version 21H1
-        - url:  /windows/release-health/release-information
-          itemType: overview
-          text: Windows release information
-
-  # Card (optional)
-    - title: Configuration
-      links:
-        - url: /windows/configuration/index
-          itemType: overview
-          text: Configure Windows
-        - url: /windows/configuration/provisioning-packages/provisioning-packages
-          itemType: how-to-guide
-          text: Use Provisioning packages to configure new devices
-        - url: /windows/configuration/windows-accessibility-for-itpros
-          itemType: overview
-          text: Accessibility information for IT Pros
-        - url: /windows/configuration/customize-start-menu-layout-windows-11
-          itemType: how-to-guide
-          text: Customize the Start menu layout
-        - url: /windows/configuration/stop-employees-from-using-microsoft-store
-          itemType: how-to-guide
-          text: Control access to Microsoft Store
-        - url: /windows/configuration/set-up-shared-or-guest-pc
-          itemType: how-to-guide
-          text: Set up a shared or guest PC
-
-  # Card (optional)
-    - title: Deployment
-      links:
-        - url: /windows/deployment/index      
-          itemType: deploy
-          text: Deploy and update Windows
-        - url: /windows/deployment/windows-10-deployment-scenarios
-          itemType: deploy
-          text: Windows deployment scenarios
-        - url: /windows/deployment/update/create-deployment-plan
-          itemType: deploy
-          text: Create a deployment plan
-        - url: /windows/deployment/update/prepare-deploy-windows
-          itemType: deploy
-          text: Prepare to deploy Windows client
+        - url: /mem/autopilot/
+          text: Windows Autopilot overview
+        - url: /mem/autopilot/tutorial/autopilot-scenarios
+          text: "Tutorial: Windows Autopilot scenarios"
+        - url: /windows/deployment/do/
+          text: Delivery optimization
+        - url: /windows/deployment/update/deployment-service-overview
+          text: Windows Update for Business deployment service
         - url: /windows/deployment/windows-autopatch
-          itemType: deploy
-          text: Windows Autopatch
- 
-  # Card
-    - title: App management
-      links:
-        - url: /windows/application-management/index
-          itemType: overview
-          text: Windows application management
-        - url: /windows/application-management/apps-in-windows-10
-          itemType: overview
-          text: Learn more about the different apps types for Windows
-        - url: /windows/application-management/private-app-repository-mdm-company-portal-windows-11
-          itemType: how-to-guide
-          text: Use the private app repo on Windows 11
-        - url:  /windows/application-management/remove-provisioned-apps-during-update
-          itemType: how-to-guide
-          text: Keep removed apps from returning during an update
-        - url:  https://blogs.windows.com/windowsdeveloper/2021/10/04/developing-for-windows-11/
-          itemType: overview
-          text: Blog - Develop apps for Windows 11
+          text: Windows Autopatch overview
+        - url: /windows/deployment
+          text: Learn more about Windows deployment >
 
-  # Card
-    - title: Client management
+    - title: Learn how to secure Windows
+      imageSrc: /media/common/i_security-management.svg
       links:
+        - url: /windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines
+          text: Windows security baselines
+        - url: /windows/security/identity-protection/credential-guard/credential-guard-how-it-works
+          text: Windows Defender Credential Guard
+        - url: /windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust
+          text: Windows Hello for Business cloud Kerberos trust
+        - url: /education/windows/tutorial-school-deployment/windows/security/threat-protection/windows-defender-application-control/
+          text: Windows Defender Application Control (WDAC)
+        - url: /windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview
+          text: Microsoft Defender Application Guard
+        - url: /windows/security
+          text: Learn more about Windows security >
 
-        - url: /windows/client-management/index
-          itemType: overview
-          text: Windows client management
+    - title: Learn about privacy in Windows
+      imageSrc: /media/common/i_lock.svg
+      links:
+        - url: /windows/privacy/required-diagnostic-events-fields-windows-11-22h2
+          text: Windows 11 required diagnostic data
+        - url: /windows/privacy/configure-windows-diagnostic-data-in-your-organization
+          text: Configure Windows diagnostic data in your organization
+        - url: /windows/privacy/diagnostic-data-viewer-overview
+          text: Diagnostic Data Viewer
+        - url: /windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services
+          text: Manage connections to Microsoft services
+        - url: /windows/privacy/windows-10-and-privacy-compliance
+          text: Windows privacy compliance guide
+        - url: /windows/privacy
+          text: Learn more about privacy in Windows >
+
+    - title: Learn how to manage Windows
+      imageSrc: /media/common/i_management.svg
+      links:
+        - url: /windows/client-management/mobile-device-enrollment
+          text: MDM enrollment
+        - url: /windows/client-management/mdm/
+          text: Configuration Service Provider (CSP)
         - url: /windows/client-management/administrative-tools-in-windows-10
-          itemType: overview
-          text: Administrative tools 
-        - url: /windows/client-management/mandatory-user-profile
-          itemType: how-to-guide
-          text: Create mandatory user profiles
-        - url: /windows/client-management/new-policies-for-windows-10
-          itemType: overview
-          text: New policies for Windows 10
-        - url: /windows/client-management/mdm/configuration-service-provider-reference
-          itemType: reference
-          text: Configuration service provider reference
+          text: Windows administrative tools
+        - url: /windows/client-management/client-tools/quick-assist
+          text: Use Quick Assist to help users
+        - url: /windows/application-management/index
+          text: Learn more about application management >
+        - url: /windows/client-management
+          text: Learn more about Windows management >
 
-  # Card (optional)
-    - title: Security and Privacy
+    - title: Learn how to configure Windows
+      imageSrc: /media/common/i_config-tools.svg
       links:
-        - url: /windows/security/index    
-          itemType: overview
-          text: Windows Enterprise Security
-        - url: /windows/security/hardware
-          itemType: overview
-          text: Hardware security
-        - url: /windows/security/operating-system
-          itemType: overview
-          text: Operating system security
-        - url: /windows/security/apps         
-          itemType: overview
-          text: Application security
-        - url: /windows/security/identity
-          itemType: overview
-          text: Identity and privacy
-        - url: /windows/security/cloud
-          itemType: overview
-          text: Cloud services
-        - url: /windows/privacy/index
-          itemType: overview
-          text: Windows Privacy
+        - url: /windows/configuration/windows-accessibility-for-itpros
+          text: Accessibility information
+        - url: /windows/configuration/provisioning-packages/provisioning-packages
+          text: Use Provisioning packages to configure new devices
+        - url: /windows/configuration/customize-start-menu-layout-windows-11
+          text: Customize the Start menu layout
+        - url: /windows/configuration/set-up-shared-or-guest-pc
+          text: Set up a shared or guest PC
+        - url: /windows/configuration/kiosk-methods
+          text: Configure kiosks and digital signs
+        - url: /windows/configuration
+          text: Learn more about Windows configuration >
+
+    - title: Learn about Windows for Education
+      imageSrc: /media/common/i_advanced.svg
+      links:
+        - url: /education/windows/windows-11-se-overview
+          text: Windows 11 SE Overview
+        - url: /education/windows/federated-sign-in
+          text: Configure federated sign-in for Windows devices
+        - url: /education/windows/get-minecraft-for-education
+          text: Get and deploy Minecraft Education
+        - url: /education/windows/tutorial-school-deployment/
+          text: "Tutorial: deploy and manage Windows devices in a school"
+        - url: /education/windows/tutorial-deploy-apps-winse/
+          text: "Tutorial: deploy applications to Windows 11 SE"
+        - url: /education/Windows
+          text: Learn more about Windows for Education >
 
-# additionalContent section (optional)
-# Card with summary style
 additionalContent:
-  # Supports up to 4 subsections
   sections:
-    - title: More Windows resources # < 60 chars (optional)
+    - title: More Windows resources
       items:
-        # Card
-        - title: Windows product site
-          summary: Find out how Windows enables your business to do more
-          url: https://www.microsoft.com/microsoft-365/windows
-        - title: "Windows 11: A new era for the PC begins today"
-          summary: Blog article that describes how Windows 11 empowers you to produce and inspires you to create
-          url: https://blogs.windows.com/windowsexperience/2021/10/04/windows-11-a-new-era-for-the-pc-begins-today/
-        - title: Windows IT Pro blogs
-          summary: The latest Windows blog articles for the IT Pro 
-          url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog
-        - title: Windows blogs
-          summary: Keep up with the latest news about Windows
-          url: https://blogs.windows.com/
-        - title: Participate in the Tech Community
-          summary: Learn how to be part of the Windows Tech Community
-          url: https://techcommunity.microsoft.com/t5/windows/ct-p/Windows10
-        - title: Ask the community
-          summary: Get help, and help others
-          url: https://answers.microsoft.com/windows/forum
 
-    - title: Other resources
-      items:
-        - title: Microsoft endpoint management with Intune
+        - title: Windows hardware
           links:
-            - text: Intune is a family of products
-              url: /mem/endpoint-manager-overview
-            - text: What is Microsoft Intune?
-              url: /mem/intune/fundamentals/what-is-intune
-            - text: Microsoft Intune services simplify upgrades to Windows 11
-              url: https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/endpoint-manager-simplifies-upgrades-to-windows-11/ba-p/2771886
-            - text: Understanding readiness for Windows 11 with Microsoft Intune services
-              url: https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/understanding-readiness-for-windows-11-with-microsoft-endpoint/ba-p/2770866
-            - text: Microsoft endpoint management blog
-              url: https://aka.ms/memblog
-        - title: Windows 365
-          links:
-            - text: Windows 365 documentation
-              url: /windows-365
-            - text: What is Windows 365
-              url: /windows-365/overview
-            - text: Windows 365 Enterprise now supports Windows 11
-              url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-365-enterprise-now-supports-windows-11/ba-p/2810334              
-            - text: Windows 365 blog
-              url: https://www.microsoft.com/microsoft-365/blog/
+            - text: Windows hardware developer documentation
+              url: /windows-hardware/drivers/
+            - text: Get started with building Windows devices
+              url: /windows-hardware/get-started
+            - text: Download the Windows Driver Kit
+              url: /windows-hardware/drivers/download-the-wdk
+            - text: Device and driver installation
+              url: /windows-hardware/drivers/install/overview-of-device-and-driver-installation
+            - text: Windows Driver Frameworks
+              url: /windows-hardware/drivers/wdf/
+            - text: Kernel-mode driver architecture design guide
+              url: /windows-hardware/drivers/kernel/
 
         - title: Windows Server
           links:
@@ -257,7 +170,27 @@ additionalContent:
               url: /windows-server
             - text: What's new in Windows Server 2022?
               url: /windows-server/get-started/whats-new-in-windows-server-2022
-            - text: Get started with Windows Server
-              url: /windows-server/get-started/get-started-with-windows-server
             - text: Windows Server blog
               url: https://cloudblogs.microsoft.com/windowsserver/
+
+        - title: Windows product site and blogs
+          links:
+            - text: Find out how Windows enables your business to do more
+              url: https://www.microsoft.com/microsoft-365/windows
+            - text: Windows blogs
+              url: https://blogs.windows.com/
+            - text: Windows IT Pro blog
+              url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog
+            - text: Microsoft Intune blog
+              url: https://techcommunity.microsoft.com/t5/microsoft-intune-blog/bg-p/MicrosoftEndpointManagerBlog
+            - text: "Windows help & learning: end-user documentation"
+              url: https://support.microsoft.com/windows
+
+        - title: Participate in the community
+          links:
+            - text: Windows community
+              url: https://techcommunity.microsoft.com/t5/windows/ct-p/Windows10
+            - text: Microsoft Intune community
+              url: https://techcommunity.microsoft.com/t5/microsoft-intune/bd-p/Microsoft-Intune
+            - text: Microsoft Support community
+              url: https://answers.microsoft.com/windows/forum

windows/privacy/configure-windows-diagnostic-data-in-your-organization.md

@@ -368,21 +368,12 @@ If you don’t sign up for any of these enterprise services, Microsoft will act
 > - Windows 10, versions 1809, 1903, 1909, and 2004.
 > - Newer versions of Windows 10 and Windows 11 that have not updated yet to at least the January 2023 preview cumulative update.
 
-Use the instructions below to enable Windows diagnostic data processor configuration using a single setting, through Group Policy, or an MDM solution.
+To enable Windows diagnostic data processor configuration, you can use Group Policy or a custom setting in an MDM solution, such as Microsoft Intune.
 
-In Group Policy, to enable Windows diagnostic data processor configuration, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** and switch the **Allow commercial data pipeline** setting to **enabled**.
+- For Group Policy, you can use the “Allow commercial data pipeline” policy, which is also available in the Intune [settings catalog](/mem/intune/configuration/settings-catalog).
+- For an MDM solution, you can use the AllowCommercialDataPipeline setting in the System Policy configuration service provider (CSP).
 
-If you wish to disable, at any time, switch the same setting to **disabled**. The default state of the above setting is **disabled**.
-
-To use an MDM solution, such as [Microsoft Intune](/mem/intune/configuration/custom-settings-windows-10), to deploy the Windows diagnostic data processor configuration to your supported devices, use the following custom OMA-URI setting configuration:
-
- - **Name:** System/AllowCommercialDataPipeline
- - **OMA-URI:** ./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline
- - **Data type:** Integer
-
-Under **Value**, use **1** to enable the service.
-
-If you wish to disable, at any time, switch the same setting to **0**. The default value is **0**.
+For more information about AllowCommercialDataPipeline and the “Allow commercial data pipeline” policy, [review this information](/windows/client-management/mdm/policy-csp-system#allowcommercialdatapipeline).
 
 ## Change privacy settings on a single server
 

windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

@@ -1916,9 +1916,13 @@ Add a REG_DWORD value named **DisableOneSettingsDownloads** to **HKEY_LOCAL_MACH
 
 Widgets is a news and feeds service that can be customized by the user. If you turn off this service, apps using this service may stop working.
 
-You can turn off Widgets by setting the following registry entries:
+To turn off Widgets, you can use Group Policy or a custom setting in an MDM solution, such as Microsoft Intune.
+
+- For Group Policy, you can use the “Allow widgets” policy, which is also available in the Intune [settings catalog](/mem/intune/configuration/settings-catalog).
+- For an MDM solution, you can use the AllowNewsAndInterests setting in the NewsandInterests configuration service provider (CSP).
+
+For more information about AllowNewsAndInterests and the “Allow widgets” policy, [review this information](/windows/client-management/mdm/policy-csp-newsandinterests#allownewsandinterests).
 
-Add a REG_DWORD value named **AllowWidgets** to **HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Widgets** and set the value to **0**.
 
 ### <a href="" id="bkmk-allowedtraffic"></a> Allowed traffic list for Windows Restricted Traffic Limited Functionality Baseline
 

windows/privacy/manage-windows-11-endpoints.md

@@ -6,8 +6,8 @@ ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: dougeby
-ms.date: 01/18/2018
+manager: laurawi
+ms.date: 06/23/2023
 ms.topic: reference
 ---
 
@@ -26,15 +26,15 @@ Some Windows components, app, and related services transfer data to Microsoft ne
 - Using your location to show a weather forecast.
 
 Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
-Where applicable, each endpoint covered in this topic includes a link to the specific details on how to control that traffic.
+Where applicable, each endpoint covered in this article includes a link to the specific details on how to control that traffic.
 
 The following methodology was used to derive these network endpoints:
 
 1. Set up the latest version of Windows 11 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
+2. Leave the device(s) running idle for a week ("idle" means a user isn't interacting with the system/device).
 3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
 4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
+5. The test virtual machine(s) was logged into using a local account, and wasn't joined to a domain or Azure Active Directory.
 6. All traffic was captured in our lab using an IPV4 network. Therefore, no IPV6 traffic is reported here.
 7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
 8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
@@ -42,109 +42,125 @@ The following methodology was used to derive these network endpoints:
 > [!NOTE]
 > Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
 
+To view endpoints for non-Enterprise Windows 11 editions, see [Windows 11 connection endpoints for non-Enterprise editions](windows-11-endpoints-non-enterprise-editions.md).
 
 ## Windows 11 Enterprise connection endpoints
 
 |Area|Description|Protocol|Destination|
 |----------------|----------|----------|------------|
-|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-||The following endpoint is used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS/HTTP|cdn.onenote.net|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS|evoke-windowsservices-tas.msedge.net|
-|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or is not trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br> <br>If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
-|||TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com|
-|Cortana and Live Tiles|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
-||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you will block updates to Cortana greetings, tips, and Live Tiles.|TLSv1.2/HTTPS/HTTP|www.bing.com*|
+|Apps|||[Learn how to turn off traffic to the following endpoint(s) for apps.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
+||The following endpoint is used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTP|tile-service.weather.microsoft.com|
+||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS/HTTP|cdn.onenote.net|
+||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS|evoke-windowsservices-tas.msedge.net|
+|Certificates|||[Learn how to turn off traffic to all of the following endpoint(s) for certificates.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
+||Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or isn't trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br> <br>If automatic updates are turned off, applications and websites may stop working because they didn't receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device. |TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com|
+|Cortana and Live Tiles|||[Learn how to turn off traffic to all of the following endpoint(s) for Cortana and Live Tiles.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
+||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you'll block updates to Cortana greetings, tips, and Live Tiles.|TLSv1.2/HTTPS/HTTP|www.bing.com*|
+|||HTTPS|business.bing.com|
+|||HTTP|c.bing.com|
+|||HTTP|th.bing.com|
+|||HTTP|c-ring.msedge.net|
 |||TLSv1.2/HTTPS/HTTP|fp.msedge.net|
 |||TLSv1.2|I-ring.msedge.net|
-|||HTTPS|s-ring.msedge.net|
-|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-||The following endpoint is used to authenticate a device. If you turn off traffic for this endpoint, the device will not be authenticated.|HTTPS|login.live.com*|
-|Device metadata|The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata will not be updated for the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval)|
-|||HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+|||HTTPS/HTTP|s-ring.msedge.net|
+|||HTTP|dual-s-ring.msedge.net|
+|||HTTP|creativecdn.com|
+|||HTTP|edgeassetservice.azureedge.net|
+|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s) for device authentication.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+||The following endpoint is used to authenticate a device. If you turn off traffic for this endpoint, the device won't be authenticated.|HTTPS|login.live.com*|
+|Device metadata|||[Learn how to turn off traffic to all of the following endpoint(s) for device metadata.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval)|
+||The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata won't be updated for the device.|HTTP|dmd.metaservices.microsoft.com|
+|Diagnostic Data| ||[Learn how to turn off traffic to all of the following endpoint(s) for diagnostic data.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+||The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, won't be sent back to Microsoft.|TLSv1.2/HTTP|self.events.data.microsoft.com|
 |||TLSv1.2/HTTPS/HTTP|v10.events.data.microsoft.com|
-||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft.|TLSv1.2|telecommand.telemetry.microsoft.com|
+||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information won't be sent back to Microsoft.|TLSv1.2|telecommand.telemetry.microsoft.com|
 |||TLS v1.2/HTTPS/HTTP|watson.*.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand. If you turn off traffic for these endpoints, you will not be able to download fonts on demand.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#6-font-streaming)|
-|||HTTPS|fs.microsoft.com|
-|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
-|||TLSv1.2/HTTPS/HTTP|licensing.mp.microsoft.com|
-|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
-||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated.|TLSv1.2/HTTPS/HTTP|maps.windows.com|
-|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
-||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users cannot sign in with Microsoft accounts. |TLSv1.2/HTTPS|login.live.com|
-|Microsoft Edge|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge)|
+|||TLSv1.2|www.telecommandsvc.microsoft.com|
+|Font Streaming|||[Learn how to turn off traffic to all of the following endpoint(s) for font streaming.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#6-font-streaming)|
+||The following endpoint is used to download fonts on demand. If you turn off traffic for these endpoints, you won't be able to download fonts on demand.|HTTPS|fs.microsoft.com|
+|Licensing|||[Learn how to turn off traffic to all of the following endpoint(s) for licensing.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
+||The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.|TLSv1.2/HTTPS/HTTP|licensing.mp.microsoft.com|
+|Location|||[Learn how to turn off traffic to all of the following endpoint(s) for location.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#182-location)|
+||The following endpoint is used for location data. If you turn off traffic for this endpoint, apps can't use location data.|TLSv1.2|inference.location.live.net|
+|Maps|||[Learn how to turn off traffic to all of the following endpoint(s) for maps.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
+||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps won't be updated.|TLSv1.2/HTTPS/HTTP|maps.windows.com|
+|||HTTP|ecn.dev.virtualearth.net|
+|||HTTP|ecn-us.dev.virtualearth.net|
+|||HTTPS|weathermapdata.blob.core.windows.net|
+|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s) for Microsoft account.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
+||The following endpoint is used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users can't sign in with Microsoft accounts. |TLSv1.2/HTTPS/HTTP|login.live.com|
+|Microsoft Edge|||[Learn how to turn off traffic to all of the following endpoint(s) for Microsoft Edge.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge)|
+|||TLSv1.2/HTTP|edge.microsoft.com|
+|||TLSv1.2/HTTP|windows.msn.com|
 ||This network traffic is related to the Microsoft Edge browser. The Microsoft Edge browser requires this endpoint to contact external websites.|HTTPS|iecvlist.microsoft.com|
 ||The following endpoint is used by Microsoft Edge Update service to check for new updates. If you disable this endpoint, Microsoft Edge won’t be able to check for and apply new edge updates.|TLSv1.2/HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is needed to load the content in the Microsoft Store app.|HTTPS|livetileedge.dsx.mp.microsoft.com|
+|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s) for Microsoft Store.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+||The following endpoints are used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps can't be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|TLSv1.2/HTTPS|img-prod-cms-rt-microsoft-com.akamaized.net|
+|||HTTP|img-s-msn-com.akamaized.net|
+||The following endpoints are needed to load the content in the Microsoft Store app.|HTTPS|livetileedge.dsx.mp.microsoft.com|
+|||HTTP|storeedgefd.dsx.mp.microsoft.com|
 ||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
+||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps cannot be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|displaycatalog.mp.microsoft.com|
-|||HTTPS|pti.store.microsoft.com|
+||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|displaycatalog.mp.microsoft.com|
 |||HTTP|share.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
-||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTPS|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTPS|www.office.com|
+|Microsoft To Do|||[Learn how to turn off traffic to all of the following endpoint(s) for Microsoft To Do.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+||The following endpoints are used for the Microsoft To Do app.|HTTP|staging.to-do.officeppe.com|
+|||HTTP|staging.to-do.microsoft.com|
+|||TLSv1.2/HTTP|to-do.microsoft.com|
+|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s) for Network Connection Status Indicator (NCSI).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
+||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the internet, and the network status tray icon will show a warning.|HTTPS|www.msftconnecttest.com*|
+|||HTTP|ipv6.msftconnecttest.com|
+|Office|||[Learn how to turn off traffic to all of the following endpoint(s) for Office.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+||The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.|HTTPS|www.office.com|
 |||HTTPS|blobs.officehome.msocdn.com|
 |||HTTPS|officehomeblobs.blob.core.windows.net|
 |||HTTPS|self.events.data.microsoft.com|
 |||TLSv1.2/HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
-|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
-|||TLSv1.2/HTTPS/HTTP|g.live.com|
+|||HTTP|officeclient.microsoft.com|
+|||HTTP|ecs.nel.measure.office.net|
+|||HTTPS/HTTP|telecommandstorageprod.blob.core.windows.net|
+|OneDrive|||[Learn how to turn off traffic to all of the following endpoint(s) for OneDrive.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
+||The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.|TLSv1.2/HTTPS/HTTP|g.live.com|
+|||HTTP|onedrive.live.com|
 |||TLSv1.2/HTTPS/HTTP|oneclient.sfx.ms|
 |||HTTPS| logincdn.msauth.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com|
+|Settings|||[Learn how to turn off traffic to all of the following endpoint(s) for settings.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+||The following endpoints are used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.|TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com|
 |||HTTPS|settings.data.microsoft.com|
-|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-|||HTTPS/HTTP|*.pipe.aria.microsoft.com|
+|Skype|||[Learn how to turn off traffic to all of the following endpoint(s) for Skype.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
+||The following endpoints are used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS/HTTP|*.pipe.aria.microsoft.com|
 |||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.||[Learn how to turn off traffic to all of the following endpoint(s).]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Microsoft Defender Antivirus|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device will not use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
-|||HTTPS/TLSv1.2|wdcp.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications will not appear.|HTTPS|*smartscreen-prod.microsoft.com|
+|Teams|||[Learn how to turn off traffic to all of the following endpoint(s) for Teams.]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+||The following endpoints are used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
+|||HTTP|teams.live.com|
+|||TLSv1.2/HTTP|teams.events.data.microsoft.com|
+|Microsoft Defender Antivirus|||[Learn how to turn off traffic to all of the following endpoint(s) for Microsoft Defender Antivirus.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
+||The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.|HTTPS/TLSv1.2|wdcp.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*smartscreen-prod.microsoft.com|
 |||HTTPS/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
-|||TLSv1.2/HTTPS/HTTP|arc.msn.com|
+|Windows Spotlight|||[Learn how to turn off traffic to all of the following endpoint(s) for Windows Spotlight.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
+||The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. |TLSv1.2/HTTPS/HTTP|arc.msn.com|
 |||HTTPS|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
-|||TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
+|||TLSv1.2/HTTP|api.msn.com|
+|||TLSv1.2/HTTP|assets.msn.com|
+|||HTTP|c.msn.com|
+|||HTTP|ntp.msn.com|
+|||HTTP|srtb.msn.com|
+|||TLSv1.2/HTTP|www.msn.com|
+|||TLSv1.2/HTTP|fd.api.iris.microsoft.com|
+|Windows Update|||[Learn how to turn off traffic to all of the following endpoint(s) for Windows Update.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
+||The following endpoints are used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads won't be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network won't use peer devices for bandwidth reduction.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
 |||HTTP|emdl.ws.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device will not be able to download updates for the operating system.|TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
+||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device won't be able to download updates for the operating system.|TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
 |||HTTP|*.windowsupdate.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
+||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device won't be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device won't be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
 |||TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
 ||The following endpoint is used for compatibility database updates for Windows.|HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoint is used for Xbox Live.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTPS|dlassets-ssl.xboxlive.com|
-
-
-## Other Windows 10 editions
-
-To view endpoints for other versions of Windows 10 Enterprise, see:
-
-- [Manage connection endpoints for Windows 10, version 21H1](manage-windows-21H1-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 21H2](manage-windows-21H2-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 2004](manage-windows-2004-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
-
-To view endpoints for non-Enterprise Windows 10 editions, see:
-
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md)
-- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
-- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
+||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint, and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
+|Xbox Live|||[Learn how to turn off traffic to all of the following endpoint(s) for Xbox Live.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+||The following endpoint is used for Xbox Live.|HTTPS|dlassets-ssl.xboxlive.com|
 
 ## Related links
 

windows/privacy/windows-11-endpoints-non-enterprise-editions.md

@@ -68,7 +68,6 @@ The following methodology was used to derive the network endpoints:
 ||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
 ||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
 ||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|pti.store.microsoft.com|
 |||HTTPS|storesdk.dsx.mp.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
 ||The following endpoints are used get images that are used for Microsoft Store suggestions|TLSv1.2|store-images.s-microsoft.com|
@@ -139,7 +138,6 @@ The following methodology was used to derive the network endpoints:
 ||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
 ||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
 ||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|pti.store.microsoft.com|
 |||HTTPS|storesdk.dsx.mp.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
 |Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
@@ -210,7 +208,6 @@ The following methodology was used to derive the network endpoints:
 ||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
 |||TLSv1.2/HTTPS/HTTP|1storecatalogrevocation.storequality.microsoft.com|
 ||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|pti.store.microsoft.com|
 |||HTTPS|storesdk.dsx.mp.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
 |Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|

windows/security/identity-protection/hello-for-business/hello-faq.yml

@@ -124,6 +124,15 @@ sections:
       - question: What is Event ID 300?
         answer: |
           This event is created when Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD). Applications or services can trigger actions on this event. For example, a certificate provisioning service can listen to this event and trigger a certificate request. This is a normal condition and no further action is required.
+      - question: What happens when an unauthorized user gains possession of a device enrolled in Windows Hello for Business?
+        answer: |
+          The unauthorized user won't be able to utilize any biometric options and will have the only option to enter a PIN.
+
+          If the user attempts to unlock the device by entering random PINs, after three unsuccessful attempts the credential provider will display the following message: **You've entered an incorrect PIN several times. To try again, enter A1B2C3 below**.
+          Upon entering the challenge phrase *A1B2C3*, the user will be granted one more opportunity to enter the PIN. If unsuccessful, the provider will be disabled, leaving the user with the only option to reboot the device. Following the reboot, the aforementioned pattern repeats.
+          
+          If unsuccessful attempts continue, the device will enter a lockout state, lasting for 1 minute after the first reboot, 2 minutes after the fourth reboot, and 10 minutes after the fifth reboot. The duration of each lockout increases accordingly. This behavior is a result of the TPM 2.0 anti-hammering feature.
+          For more information about the TPM anti-hammering feature, see [TPM 2.0 anti-hammering](/windows/security/information-protection/tpm/tpm-fundamentals#tpm-20-anti-hammering).
 
   - name: Design and planning
     questions:
@@ -165,7 +174,7 @@ sections:
         answer: |
           A user will be prompted to set up a Windows Hello for Business key on an Azure AD registered devices  if the feature is enabled by policy. If the user has an existing Windows Hello container, the Windows Hello for Business key will be enrolled in that container and will be protected using existing gestures.
 
-          If a user has signed into their Azure AD registered device with Windows Hello, their Windows Hello for Business key will be used to authenticate the user's work identity when they try to use Azure AD resources. The Windows Hello for Business key meets Azure AD multi-factor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. 
+          If a user has signed into their Azure AD registered device with Windows Hello, their Windows Hello for Business key will be used to authenticate the user's work identity when they try to use Azure AD resources. The Windows Hello for Business key meets Azure AD multifactor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. 
 
           It's possible to Azure AD register a domain joined device. If the domain joined device has a convenience PIN, sign in with the convenience PIN will no longer work. This configuration isn't supported by Windows Hello for Business. 
 
@@ -176,12 +185,12 @@ sections:
       - question: Does Windows Hello for Business work with Azure Active Directory Domain Services (Azure AD DS) clients?
         answer: |
           No, Azure AD DS is a separately managed environment in Azure, and hybrid device registration with cloud Azure AD isn't available for it via Azure AD Connect. Hence, Windows Hello for Business doesn't work with Azure AD DS.
-      - question: Is Windows Hello for Business considered multi-factor authentication?
+      - question: Is Windows Hello for Business considered multifactor authentication?
         answer: |
           Windows Hello for Business is two-factor authentication based on the observed authentication factors of: *something you have*, *something you know*, and *something that's part of you*. Windows Hello for Business incorporates two of these factors: something you have (the user's private key protected by the device's security module) and something you know (your PIN). With the proper hardware, you can enhance the user experience by introducing biometrics. By using biometrics, you can replace the "something you know" authentication factor with the "something that is part of you" factor, with the assurances that users can fall back to the "something you know factor".
 
           > [!NOTE]
-          > The Windows Hello for Business key meets Azure AD multi-factor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. For more information, see [What is a Primary Refresh Token](/azure/active-directory/devices/concept-primary-refresh-token#when-does-a-prt-get-an-mfa-claim).
+          > The Windows Hello for Business key meets Azure AD multifactor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. For more information, see [What is a Primary Refresh Token](/azure/active-directory/devices/concept-primary-refresh-token#when-does-a-prt-get-an-mfa-claim).
       - question: Which is a better or more secure for of authentication, key or certificate?
         answer: |
           Both types of authentication provide the same security; one is not more secure than the other.
@@ -216,7 +225,7 @@ sections:
           Windows Hello for Business credentials need access to device state, which is not available in private browser mode or incognito mode. Hence it can't be used in private browser or Incognito mode.
       - question: Can I use both a PIN and biometrics to unlock my device?
         answer: |
-          You can use *multi-factor unlock* to require users to provide an extra factor to unlock their device. Authentication remains two-factor, but another factor is required before Windows allows the user to reach the desktop. To learn more, see [Multifactor Unlock](feature-multifactor-unlock.md).
+          You can use *multifactor unlock* to require users to provide an extra factor to unlock their device. Authentication remains two-factor, but another factor is required before Windows allows the user to reach the desktop. To learn more, see [Multifactor Unlock](feature-multifactor-unlock.md).
 
   - name: Cloud Kerberos trust
     questions:

windows/security/images/icons/certificate.svg

@@ -0,0 +1,3 @@
+<svg width="18" height="18" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path d="M4.75 3C3.23122 3 2 4.23122 2 5.75V10.9995C2.91223 9.78534 4.3644 9 6 9C8.76142 9 11 11.2386 11 14C11 15.1258 10.6279 16.1647 10 17.0005V18H19.25C20.7688 18 22 16.7688 22 15.25V5.75C22 4.23122 20.7688 3 19.25 3H4.75ZM6.75 7H17.25C17.6642 7 18 7.33579 18 7.75C18 8.16421 17.6642 8.5 17.25 8.5H6.75C6.33579 8.5 6 8.16421 6 7.75C6 7.33579 6.33579 7 6.75 7ZM12 12.75C12 12.3358 12.3358 12 12.75 12H17.25C17.6642 12 18 12.3358 18 12.75C18 13.1642 17.6642 13.5 17.25 13.5H12.75C12.3358 13.5 12 13.1642 12 12.75ZM5.99967 10C3.79017 10 1.99902 11.7911 1.99902 14.0006C1.99902 16.2101 3.79017 18.0013 5.99967 18.0013C8.20916 18.0013 10.0003 16.2101 10.0003 14.0006C10.0003 11.7911 8.20916 10 5.99967 10ZM9.00076 18.001C8.16487 18.6291 7.12573 19.0013 5.99967 19.0013C4.8745 19.0013 3.83612 18.6297 3.00058 18.0025L3.0001 21.2487C3.0001 21.8195 3.6046 22.1681 4.09019 21.9176L4.17966 21.8635L6.00002 20.5912L7.81967 21.8635C8.28757 22.1904 8.91959 21.8946 8.99232 21.353L8.99923 21.2487L9.00076 18.001Z" fill="#0078D4" />
+</svg>

windows/security/images/icons/license.svg

@@ -0,0 +1,3 @@
+<svg width="18" height="18" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path d="M2 3.75C2 2.7835 2.7835 2 3.75 2H9.25C10.2165 2 11 2.7835 11 3.75V10H14V11.5C14 12.8807 12.8807 14 11.5 14H4.5C3.11929 14 2 12.8807 2 11.5V3.75ZM11 13H11.5C12.3284 13 13 12.3284 13 11.5V11H11V13ZM4.5 5.5C4.5 5.77614 4.72386 6 5 6H8C8.27614 6 8.5 5.77614 8.5 5.5C8.5 5.22386 8.27614 5 8 5H5C4.72386 5 4.5 5.22386 4.5 5.5ZM5 7.5C4.72386 7.5 4.5 7.72386 4.5 8C4.5 8.27614 4.72386 8.5 5 8.5H8C8.27614 8.5 8.5 8.27614 8.5 8C8.5 7.72386 8.27614 7.5 8 7.5H5ZM4.5 10.5C4.5 10.7761 4.72386 11 5 11H6.5C6.77614 11 7 10.7761 7 10.5C7 10.2239 6.77614 10 6.5 10H5C4.72386 10 4.5 10.2239 4.5 10.5Z"  fill="#0078D4"  />
+</svg>

windows/security/index.yml

@@ -145,7 +145,7 @@ landingContent:
       - linkListType: overview
         links:
         - text: Overview
-          url: security-foundations.md
+          url: security-foundations/index.md
       - linkListType: reference
         links:
           - text: Microsoft Security Development Lifecycle

windows/security/introduction/security-features-edition-requirements.md

@@ -1,26 +0,0 @@
----
-title: Windows security features and edition requirements
-description: Learn about Windows edition requirements for the feature included in Windows.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
-ms.collection:
-- tier3
-ms.topic: conceptual
-ms.date: 05/04/2023
-appliesto:
-- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-ms.technology: itpro-security
----
-
-# Windows security features and edition requirements
-
-This article lists the security features that are available in Windows, and the Windows editions that support them.
-
-> [!NOTE]
-> The **Windows edition** requirements listed in the following table may be different from the **licensing** requirements. If you're looking for licensing requirements, see [Windows security features and licensing requirements](security-features-licensing-requirements.md).
-
-[!INCLUDE [_edition-requirements](../../../includes/licensing/_edition-requirements.md)]
-
-For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing).

windows/security/introduction/security-features-licensing-requirements.md

@@ -1,26 +0,0 @@
----
-title: Windows security features and licensing requirements
-description: Learn about Windows features and licensing requirements for the feature included in Windows.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
-ms.collection:
-- tier3
-ms.topic: conceptual
-ms.date: 04/24/2023
-appliesto:
-- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-ms.technology: itpro-security
----
-
-# Windows security features and licensing requirements
-
-This article lists the security features that are available in Windows, and the licensing requirements to use them.
-
-> [!NOTE]
-> The **licensing** requirements listed in the following table may be different from the **Windows edition** requirements. If you're looking for Windows edition requirements, see [Windows security features and edition requirements](security-features-edition-requirements.md).
-
-[!INCLUDE [_licensing-requirements](../../../includes/licensing/_licensing-requirements.md)]
-
-For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing).

windows/security/licensing-and-edition-requirements.md

@@ -0,0 +1,31 @@
+---
+title: Windows security features licensing and edition requirements
+description: Learn about Windows licensing and edition requirements for the features included in Windows.
+ms.collection:
+- tier2
+ms.topic: conceptual
+ms.date: 06/15/2023
+appliesto:
+- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+ms.author: paoloma
+author: paolomatarazzo
+ms.prod: windows-client
+---
+
+# Windows security features licensing and edition requirements
+
+This article lists the security features that are available in Windows.
+
+Select one of the two tabs to learn about licensing requirements to use the security features, or to learn about the Windows edition requirements that support them:
+
+#### [:::image type="icon" source="images/icons/certificate.svg" border="false"::: **Licensing requirements**](#tab/licensing)
+
+[!INCLUDE [licensing-requirements](../../includes/licensing/_licensing-requirements.md)]
+
+#### [:::image type="icon" source="images/icons/windows-os.svg" border="false"::: **Edition requirements**](#tab/edition)
+
+[!INCLUDE [_edition-requirements](../../includes/licensing/_edition-requirements.md)]
+
+---
+
+For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing).

windows/security/security-foundations/index.md

@@ -1,18 +1,15 @@
 ---
 title: Windows security foundations
 description: Get an overview of security foundations, including the security development lifecycle, common criteria, and the bug bounty program.
-ms.reviewer: 
-ms.topic: article
-ms.author: paoloma
+ms.topic: conceptual
+ms.date: 06/15/2023
 author: paolomatarazzo
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.date: 12/31/2017
+ms.author: paoloma
 ---
 
 # Windows security foundations
 
-Microsoft is committed to continuously invest in improving our software development process, building highly secure-by-design software, and addressing security compliance requirements. At Microsoft, we embed security and privacy considerations from the earliest life-cycle phases of all our software development processes. We build in security from the ground for powerful defense in today’s threat environment.
+Microsoft is committed to continuously invest in improving our software development process, building highly secure-by-design software, and addressing security compliance requirements. At Microsoft, we embed security and privacy considerations from the earliest life-cycle phases of all our software development processes. We build in security from the ground for powerful defense in today's threat environment.
 
 Our strong security foundation uses Microsoft Security Development Lifecycle (SDL) Bug Bounty, support for product security standards and certifications, and Azure Code signing. As a result, we improve security by producing software with fewer defects and vulnerabilities instead of relying on applying updates after vulnerabilities have been identified.
 
@@ -20,7 +17,7 @@ Use the links in the following table to learn more about the security foundation
 
 | Concept | Description |
 |:---|:---|
-| FIPS 140-2 Validation | The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products. Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001. <br/><br/>Learn more about [FIPS 140-2 Validation](threat-protection/fips-140-validation.md). |
-| Common Criteria Certifications |  Microsoft supports the Common Criteria certification program, ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles, and completes Common Criteria certifications of Microsoft Windows products. <br/><br/>Learn more about [Common Criteria Certifications](threat-protection/windows-platform-common-criteria.md). |
-| Microsoft Security Development Lifecycle | The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. The SDL has played a critical role in embedding security and privacy in software and culture at Microsoft.<br/><br/>Learn more about [Microsoft SDL](threat-protection/msft-security-dev-lifecycle.md).|
+| FIPS 140-2 Validation | The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products. Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001. <br/><br/>Learn more about [FIPS 140-2 Validation](../threat-protection/fips-140-validation.md). |
+| Common Criteria Certifications |  Microsoft supports the Common Criteria certification program, ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles, and completes Common Criteria certifications of Microsoft Windows products. <br/><br/>Learn more about [Common Criteria Certifications](../threat-protection/windows-platform-common-criteria.md). |
+| Microsoft Security Development Lifecycle | The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. The SDL has played a critical role in embedding security and privacy in software and culture at Microsoft.<br/><br/>Learn more about [Microsoft SDL](../threat-protection/msft-security-dev-lifecycle.md).|
 | Microsoft Bug Bounty Program | If you find a vulnerability in a Microsoft product, service, or device, we want to hear from you! If your vulnerability report affects a product or service that is within scope of one of our bounty programs below, you could receive a bounty award according to the program descriptions.<br/><br/>Learn more about the [Microsoft Bug Bounty Program](https://www.microsoft.com/en-us/msrc/bounty?rtc=1). |

windows/security/security-foundations/toc.yml

@@ -1,6 +1,6 @@
 items:
 - name: Overview
-  href: ../security-foundations.md
+  href: index.md
 - name: Microsoft Security Development Lifecycle
   href: ../threat-protection/msft-security-dev-lifecycle.md
 - name: Certification

windows/security/toc.yml

@@ -8,10 +8,8 @@
     href: introduction/index.md
   - name: Zero Trust and Windows
     href: zero-trust-windows-device-health.md
-  - name: Security features and edition requirements
-    href: introduction/security-features-edition-requirements.md
-  - name: Security features and licensing requirements
-    href: introduction/security-features-licensing-requirements.md
+  - name: Security features licensing and edition requirements
+    href: licensing-and-edition-requirements.md
 - name: Hardware security
   href: hardware-security/toc.yml
 - name: Operating system security