diff --git a/.github/workflows/AutoLabelAssign.yml b/.github/workflows/AutoLabelAssign.yml
index 8247aa8e9c..65e87b3d4b 100644
--- a/.github/workflows/AutoLabelAssign.yml
+++ b/.github/workflows/AutoLabelAssign.yml
@@ -14,6 +14,7 @@ on:
 jobs:
     download-payload:
         name: Download and extract payload artifact
+        if: github.repository_owner == 'MicrosoftDocs'
         uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod
         with:
             WorkflowId: ${{ github.event.workflow_run.id }}
@@ -23,6 +24,7 @@ jobs:
 
     label-assign:
         name: Run assign and label
+        if: github.repository_owner == 'MicrosoftDocs'
         needs: [download-payload]
         uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelAssign.yml@workflows-prod
         with:
@@ -32,10 +34,4 @@ jobs:
             ExcludedUserList: '["user1", "user2"]'
             ExcludedBranchList: '["branch1", "branch2"]'
         secrets:
-            AccessToken: ${{ secrets.GITHUB_TOKEN }}
-            
-            
-        
-          
-
-            
+            AccessToken: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/AutoLabelMsftContributor.yml b/.github/workflows/AutoLabelMsftContributor.yml
index c41825acc8..6fcfb6e43e 100644
--- a/.github/workflows/AutoLabelMsftContributor.yml
+++ b/.github/workflows/AutoLabelMsftContributor.yml
@@ -13,7 +13,7 @@ on:
 
 jobs:
     download-payload:
-        if: github.repository_visibility == 'public'
+        if: github.repository_owner == 'MicrosoftDocs' && github.repository_visibility == 'public'
         name: Download and extract payload artifact
         uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod
         with:
@@ -24,7 +24,7 @@ jobs:
 
     label-msft:
         name: Label Microsoft contributors
-        if: github.repository_visibility == 'public'
+        if: github.repository_owner == 'MicrosoftDocs' && github.repository_visibility == 'public'
         needs: [download-payload]
         uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelMsftContributor.yml@workflows-prod
         with:
@@ -32,4 +32,4 @@ jobs:
         secrets:
           AccessToken: ${{ secrets.GITHUB_TOKEN }}
           ClientId: ${{ secrets.M365_APP_CLIENT_ID }}
-          PrivateKey: ${{ secrets.M365_APP_PRIVATE_KEY }}
+          PrivateKey: ${{ secrets.M365_APP_PRIVATE_KEY }}
\ No newline at end of file
diff --git a/.github/workflows/BackgroundTasks.yml b/.github/workflows/BackgroundTasks.yml
index c0389bb252..8dc3ceae0a 100644
--- a/.github/workflows/BackgroundTasks.yml
+++ b/.github/workflows/BackgroundTasks.yml
@@ -9,6 +9,7 @@ on:
 
 jobs:
   upload:
+    if: github.repository_owner == 'MicrosoftDocs'
     runs-on: ubuntu-latest
 
     steps:
@@ -23,4 +24,4 @@ jobs:
       - uses: actions/upload-artifact@v4
         with:
           name: PayloadJson
-          path: pr/
+          path: pr/
\ No newline at end of file
diff --git a/.github/workflows/BuildValidation.yml b/.github/workflows/BuildValidation.yml
index e57844b453..dadccacbef 100644
--- a/.github/workflows/BuildValidation.yml
+++ b/.github/workflows/BuildValidation.yml
@@ -11,11 +11,9 @@ on:
 jobs:
 
   build-status:
+    if: github.repository_owner == 'MicrosoftDocs'
     uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-BuildValidation.yml@workflows-prod
     with:
       PayloadJson: ${{ toJSON(github) }}
     secrets:
       AccessToken: ${{ secrets.GITHUB_TOKEN }}
-
-
-  
diff --git a/.github/workflows/LiveMergeCheck.yml b/.github/workflows/LiveMergeCheck.yml
index faeb2a0ef4..7db35548e9 100644
--- a/.github/workflows/LiveMergeCheck.yml
+++ b/.github/workflows/LiveMergeCheck.yml
@@ -12,11 +12,9 @@ on:
 jobs:
 
   live-merge:
+    if: github.repository_owner == 'MicrosoftDocs'
     uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-LiveMergeCheck.yml@workflows-prod
     with:
       PayloadJson: ${{ toJSON(github) }}
     secrets:
-      AccessToken: ${{ secrets.GITHUB_TOKEN }}
-
-
-  
\ No newline at end of file
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/PrFileCount.yml b/.github/workflows/PrFileCount.yml
index 40f7d61629..17faf7a211 100644
--- a/.github/workflows/PrFileCount.yml
+++ b/.github/workflows/PrFileCount.yml
@@ -12,11 +12,9 @@ on:
 jobs:
 
   file-count:
+    if: github.repository_owner == 'MicrosoftDocs'
     uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-PrFileCount.yml@workflows-prod
     with:
       PayloadJson: ${{ toJSON(github) }}
     secrets:
-      AccessToken: ${{ secrets.GITHUB_TOKEN }}
-
-
-  
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/ProtectedFiles.yml b/.github/workflows/ProtectedFiles.yml
index 007f8f04b1..bbdbbe2e40 100644
--- a/.github/workflows/ProtectedFiles.yml
+++ b/.github/workflows/ProtectedFiles.yml
@@ -10,11 +10,9 @@ on: [pull_request_target]
 jobs:
 
   protected-files:
+    if: github.repository_owner == 'MicrosoftDocs'
     uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ProtectedFiles.yml@workflows-prod
     with:
       PayloadJson: ${{ toJSON(github) }}
     secrets:
-      AccessToken: ${{ secrets.GITHUB_TOKEN }}
-
-
-  
\ No newline at end of file
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/Stale.yml b/.github/workflows/Stale.yml
index 82b6875e28..7f262d325a 100644
--- a/.github/workflows/Stale.yml
+++ b/.github/workflows/Stale.yml
@@ -11,9 +11,10 @@ on:
 
 jobs:
   stale:
+    if: github.repository_owner == 'MicrosoftDocs'
     uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-Stale.yml@workflows-prod
     with:
       RunDebug: false
       RepoVisibility: ${{ github.repository_visibility }}
     secrets:
-      AccessToken: ${{ secrets.GITHUB_TOKEN }}
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/StaleBranch.yml b/.github/workflows/StaleBranch.yml
index 470eadbd32..f55d979291 100644
--- a/.github/workflows/StaleBranch.yml
+++ b/.github/workflows/StaleBranch.yml
@@ -13,6 +13,7 @@ on:
 jobs:
 
   stale-branch:
+    if: github.repository_owner == 'MicrosoftDocs'
     uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-StaleBranch.yml@workflows-prod
     with:
         PayloadJson: ${{ toJSON(github) }}
@@ -22,4 +23,4 @@ jobs:
                              ]'
         ReportOnly: true
     secrets:
-        AccessToken: ${{ secrets.GITHUB_TOKEN }}
+        AccessToken: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/TierManagement.yml b/.github/workflows/TierManagement.yml
index 4078a48fda..47baf0be65 100644
--- a/.github/workflows/TierManagement.yml
+++ b/.github/workflows/TierManagement.yml
@@ -11,11 +11,11 @@ on:
 jobs:
 
   tier-mgmt:
-    if: github.repository_visibility == 'private'
+    if: github.repository_owner == 'MicrosoftDocs' && github.repository_visibility == 'private'
     uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-TierManagement.yml@workflows-prod
     with:
       PayloadJson: ${{ toJSON(github) }}
       EnableWriteSignOff: 1
-      EnableReadOnlySignoff: 0
+      EnableReadOnlySignoff: 1
     secrets:
-      AccessToken: ${{ secrets.GITHUB_TOKEN }}
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md
index caf72cbace..4708cd0e55 100644
--- a/windows/client-management/mdm/policy-csp-windowsai.md
+++ b/windows/client-management/mdm/policy-csp-windowsai.md
@@ -1,7 +1,7 @@
 ---
 title: WindowsAI Policy CSP
 description: Learn more about the WindowsAI Area in Policy CSP.
-ms.date: 03/12/2025
+ms.date: 03/26/2025
 ms.topic: generated-reference
 ---
 
@@ -370,6 +370,8 @@ This policy setting determines which app opens when the user presses the Copilot
 
 <!-- SetCopilotHardwareKey-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+The property value is the Application User Model ID (AUMID) for the target application. For example: the Microsoft 365 Copilot app is `Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub`. For more information, see [Find the application user model ID of an installed app](/windows/configuration/store/find-aumid?tabs=ps%2Cexplorer&pivots=windows-11).
+
 <!-- SetCopilotHardwareKey-Editable-End -->
 
 <!-- SetCopilotHardwareKey-DFProperties-Begin -->
diff --git a/windows/configuration/taskbar/pinned-apps.md b/windows/configuration/taskbar/pinned-apps.md
index 6f93e76b25..f8ec2fe588 100644
--- a/windows/configuration/taskbar/pinned-apps.md
+++ b/windows/configuration/taskbar/pinned-apps.md
@@ -214,7 +214,9 @@ The GPO applies the Start and taskbar layout at the next user sign-in. Each time
 
 ## User experience
 
-After the taskbar layout is applied, the users must sign out and sign in again to see the new layout. Unless prohibited via policy settings, users can pin more apps, change the order, and unpin apps from the taskbar.
+After the taskbar layout is applied, users must sign out and sign in again to see the new layout. Unless prohibited via policy settings, users can pin more apps, change the order, and unpin apps from the taskbar.
+
+Any pins provisioned via policy settings are restored upon the next policy refresh, even when users unpin them.
 
 ### OS install and upgrade experience