Merge pull request #8307 from paolomatarazzo/pm-20230522-security-network-restructure

[Security docset] network restructure

.openpublishing.redirection.json

@@ -20814,6 +20814,631 @@
       "source_path": "windows/security/information-protection/index.md",
       "redirect_url": "/windows/security/encryption-data-protection",
       "redirect_document_id": false
-    }
+    },
+    {
+      "source_path":  "windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-authentication.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-authentication",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-auto-trigger-profile",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-conditional-access.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-connection-type.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-connection-type",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-guide.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-guide",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-name-resolution.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-name-resolution",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-office-365-optimization.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-profile-options.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-profile-options",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-routing.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-routing",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-security-features.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-security-features",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/basic-firewall-policy-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/best-practices-configuring.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/boundary-zone-gpos",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/boundary-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/boundary-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design-example",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/change-rules-from-request-to-require-mode",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-basic-firewall-settings",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-boundary-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-encryption-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-isolated-domain",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-group-policy-objects",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-inbound-firewall-rules",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-outbound-firewall-rules",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-basic-firewall-policy-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-domain-isolation-policy-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/configure-authentication-methods.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/configure-authentication-methods",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/configure-data-protection-quick-mode-settings",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/configure-key-exchange-main-mode-settings",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/configure-the-rules-to-require-encryption",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/configure-the-workstation-authentication-certificate-template",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/confirm-that-certificates-are-deployed-correctly",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/copy-a-gpo-to-create-a-new-gpo",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-account-in-active-directory",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-exemption-list-rule",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-request-rule",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-icmp-rule",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-program-or-service-rule",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-port-rule",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-program-or-service-rule",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-inbound-rules-to-support-rpc",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-windows-firewall-rules-in-intune",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/determining-the-trusted-state-of-your-devices",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/documenting-the-zones.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/documenting-the-zones",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design-example",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-inbound-rules",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-outbound-rules",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/encryption-zone-gpos",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/encryption-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/encryption-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/exempt-icmp-from-authentication",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/exemption-list.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/exemption-list",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/filter-origin-documentation.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/firewall-gpos.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/firewall-gpos",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/firewall-policy-design-example",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/firewall-settings-lost-on-upgrade",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-active-directory-deployment",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-current-network-infrastructure",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-devices",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gathering-other-relevant-information",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gathering-the-information-you-need",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-boundary",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-encryption",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-firewall",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-clients",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-servers",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/isolated-domain-gpos",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/isolated-domain.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/isolated-domain",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/isolating-apps-on-your-network",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/link-the-gpo-to-the-domain",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/open-windows-firewall-with-advanced-security",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-certificate-based-authentication",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-domain-isolation-zones",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-gpo-deployment",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-isolation-groups-for-the-zones",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-network-access-groups.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-network-access-groups",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-server-isolation-zones",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-settings-for-a-basic-firewall-policy",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-the-gpos.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-the-gpos",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-your-windows-firewall-with-advanced-security-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/protect-devices-from-unwanted-network-traffic",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/quarantine.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/quarantine",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/require-encryption-when-accessing-sensitive-network-resources",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-specified-users-or-devices",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-trusted-devices",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/restrict-server-access-to-members-of-a-group-only",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/server-isolation-gpos.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-gpos",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design-example",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/verify-that-network-traffic-is-authenticated",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-deployment-guide",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-design-guide",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security",
+      "redirect_document_id":  false
+  }
   ]
 }

windows/security/docfx.json

@@ -71,11 +71,13 @@
     "fileMetadata": {
       "author":{
         "identity-protection/**/*.md": "paolomatarazzo",
-        "threat-protection/windows-firewall/**/*.md": "aczechowski"
+        "operating-system-security/network-security/**/*.md": "paolomatarazzo",
+        "operating-system-security/network-security/windows-firewall/**/*.md": "ngangulyms"
       },
       "ms.author":{
         "identity-protection/**/*.md": "paoloma",
-        "threat-protection/windows-firewall/*.md": "aaroncz"
+        "operating-system-security/network-security/**/*.md": "paoloma",
+        "operating-system-security/network-security/windows-firewall/*.md": "nganguly"
       },
       "appliesto":{
         "identity-protection/**/*.md": [
@@ -109,14 +111,21 @@
         "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
         "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
         "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
+        ],
+        "operating-system-security/network-security/windows-firewall/**/*.md": [
+        "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
+        "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
+        "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
+        "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
+        "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
         ]
       },
       "ms.reviewer":{
         "identity-protection/hello-for-business/*.md": "erikdau",
         "identity-protection/credential-guard/*.md": "zwhittington",
         "identity-protection/access-control/*.md": "sulahiri",
-        "threat-protection/windows-firewall/*.md": "paoloma",
-        "identity-protection/vpn/*.md": "pesmith"
+        "operating-system-security/network-security/windows-firewall/*.md": "paoloma",
+        "operating-system-security/network-security/vpn/*.md": "pesmith"
       },
       "ms.collection":{
         "identity-protection/hello-for-business/*.md": "tier1",
@@ -126,7 +135,7 @@
         "information-protection/tpm/*.md": "tier1",
         "threat-protection/auditing/*.md": "tier3",
         "threat-protection/windows-defender-application-control/*.md": "tier3",
-        "threat-protection/windows-firewall/*.md": "tier3"
+        "operating-system-security/network-security/windows-firewall/*.md": "tier3"
       }
     },
     "template": [],

windows/security/identity-protection/user-account-control/user-account-control-overview.md

@@ -1,14 +1,14 @@
 ---
-title: User Account Control (Windows)
-description: User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop.
+title: User Account Control overview
+description: Learn about User Account Control (UAC) and how it helps preventing malware from damaging a device and helps organizations deploy a better-managed desktop.
 ms.collection: 
   - highpri
   - tier2
-ms.topic: article
-ms.date: 09/24/2011
+ms.topic: conceptual
+ms.date: 05/18/2023
 ---
 
-# User Account Control
+# User Account Control overview
 
 User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.
 
@@ -24,8 +24,9 @@ When an app needs to run with more than standard user rights, UAC allows users t
 
 Admin Approval Mode in UAC helps prevent malware from silently installing without an administrator's knowledge. It also helps protect from inadvertent system-wide changes. Lastly, it can be used to enforce a higher level of compliance where administrators must actively consent or provide credentials for each administrative process.
 
+## Next steps
 
-## In this section
+Learn more about UAC and how to configure it for your organization.
 
 | Topic | Description |
 | - | - |
@@ -33,5 +34,3 @@ Admin Approval Mode in UAC helps prevent malware from silently installing withou
 | [User Account Control security policy settings](user-account-control-security-policy-settings.md) | You can use security policies to configure how User Account Control works in your organization. They can be configured locally by using the Local Security Policy snap-in (secpol.msc) or configured for the domain, OU, or specific groups by Group Policy. |
 | [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Here's a list of UAC  Group Policy and registry key settings that your organization can use to manage UAC. |
  
-
-

windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md

@@ -1,94 +0,0 @@
----
-title: VPN auto-triggered profile options (Windows 10 and Windows 11)
-description: Learn about the types of auto-trigger rules for VPNs in Windows, which start a VPN when it is needed to access a resource.
-ms.date: 09/23/2021
-ms.topic: conceptual
----
-
-# VPN auto-triggered profile options
-
-In Windows 10 and Windows 11, a number of features have been added to auto-trigger VPN so users won't have to manually connect when VPN is needed to access necessary resources. There are three different types of auto-trigger rules: 
-
-- App trigger
-- Name-based trigger
-- Always On
-
-> [!NOTE]
-> Auto-triggered VPN connections will not work if Folder Redirection for AppData is enabled. Either Folder Redirection for AppData must be disabled or the auto-triggered VPN profile must be deployed in system context, which changes the path to where the rasphone.pbk file is stored.
-
-
-## App trigger
-
-VPN profiles in Windows 10 or Windows 11 can be configured to connect automatically on the launch of a specified set of applications. You can configure desktop or Universal Windows Platform (UWP) apps to trigger a VPN connection. You can also configure per-app VPN and specify traffic rules for each app. See [Traffic filters](vpn-security-features.md#traffic-filters) for more details.
-
-The app identifier for a desktop app is a file path. The app identifier for a UWP app is a package family name.
-
-[Find a package family name (PFN) for per-app VPN configuration](/mem/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
-
-## Name-based trigger
-
-You can configure a domain name-based rule so that a specific domain name triggers the VPN connection.
- 
-Name-based auto-trigger can be configured using the VPNv2/*ProfileName*/DomainNameInformationList/dniRowId/AutoTrigger setting in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp).
-
-There are four types of name-based triggers:
-
-- Short name: for example, if **HRweb** is configured as a trigger and the stack sees a DNS resolution request for **HRweb**, the VPN will be triggered.
-- Fully-qualified domain name (FQDN): for example, if **HRweb.corp.contoso.com** is configured as a trigger and the stack sees a DNS resolution request for **HRweb.corp.contoso.com**, the VPN will be triggered.
-- Suffix: for example, if **.corp.contoso.com** is configured as a trigger and the stack sees a DNS resolution request with a matching suffix (such as **HRweb.corp.contoso.com**), the VPN will be triggered. For any short name resolution, VPN will be triggered and the DNS server will be queried for the *ShortName*.**corp.contoso.com**.
-- All: if used, all DNS resolution should trigger VPN.
-
-
-## Always On
-
-Always On is a feature in Windows 10 and Windows 11 which enables the active VPN profile to connect automatically on the following triggers: 
-
-- User sign-in 
-- Network change 
-- Device screen on 
-
-When the trigger occurs, VPN tries to connect. If an error occurs or any user input is needed, the user is shown a toast notification for additional interaction.
-
-
-When a device has multiple profiles with Always On triggers, the user can specify the active profile in **Settings** > **Network & Internet** > **VPN** > *VPN profile* by selecting the **Let apps automatically use this VPN connection** checkbox. By default, the first MDM-configured profile is marked as **Active**. Devices with multiple users have the same restriction: only one profile and therefore only one user will be able to use the Always On triggers.
-
-## Preserving user Always On preference
-
-Windows has a feature to preserve a user's AlwaysOn preference.  In the event that a user manually unchecks the "Connect automatically" checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value **AutoTriggerDisabledProfilesList**.  
-
-Should a management tool remove or add the same profile name back and set **AlwaysOn** to **true**, Windows will not check the box if the profile name exists in the following registry value in order to preserve user preference.
-
-**Key:** HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config<br/>
-**Value:** AutoTriggerDisabledProfilesList<br/>
-**Type:** REG_MULTI_SZ
-
-
-## Trusted network detection
-
-This feature configures the VPN such that it would not get triggered if a user is on a trusted corporate network. The value of this setting is a list of DNS suffixes. The VPN stack will look at the network name of the physical interface connection profile and if it matches any in the configured list and the network is private or provisioned by MDM, then VPN will not get triggered.
-
-Trusted network detection can be configured using the VPNv2/*ProfileName*/TrustedNetworkDetection setting in the [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp).
-
-
-## Configure app-triggered VPN
-
-See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration. 
-
-The following image shows associating an app to a VPN connection in a VPN Profile configuration policy using Microsoft Intune.
-
-![Add an app for the VPN connection.](images/vpn-app-trigger.png)
-
-After you add an associated app, if you select the **Only these apps can use this VPN connection (per-app VPN)** checkbox, the app becomes available in **Corporate Boundaries**, where you can configure rules for the app. See [Traffic filters](vpn-security-features.md#traffic-filters) for more details. 
-
-![Configure rules for the app.](images/vpn-app-rules.png)
-
-## Related topics
-
-- [VPN technical guide](vpn-guide.md)
-- [VPN connection types](vpn-connection-type.md)
-- [VPN routing decisions](vpn-routing.md)
-- [VPN authentication options](vpn-authentication.md)
-- [VPN and conditional access](vpn-conditional-access.md)
-- [VPN name resolution](vpn-name-resolution.md)
-- [VPN security features](vpn-security-features.md)
-- [VPN profile options](vpn-profile-options.md)

windows/security/identity-protection/vpn/vpn-connection-type.md

@@ -1,75 +0,0 @@
----
-title: VPN connection types (Windows 10 and Windows 11)
-description: Learn about Windows VPN platform clients and the VPN connection-type features that can be configured.
-ms.date: 08/23/2021
-ms.topic: conceptual
----
-
-# VPN connection types
-
-Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called *tunneling protocols*, to make a virtual call to a virtual port on a VPN server. In a typical VPN deployment, a client initiates a virtual point-to-point connection to a remote access server over the Internet. The remote access server answers the call, authenticates the caller, and transfers data between the VPN client and the organization's private network.
-
-There are many options for VPN clients. In Windows 10 and Windows 11, the built-in plug-in and the Universal Windows Platform (UWP) VPN plug-in platform are built on top of the Windows VPN platform. This guide focuses on the Windows VPN platform clients and the features that can be configured. 
-
-![VPN connection types.](images/vpn-connection.png)
-
-## Built-in VPN client
-
-- Tunneling protocols
-
-    - [Internet Key Exchange version 2 (IKEv2)](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687731(v=ws.10))
-
-      Configure the IPsec/IKE tunnel cryptographic properties using the **Cryptography Suite** setting in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp).
-           
-    - [L2TP](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687761(v=ws.10))
-
-      L2TP with pre-shared key (PSK) authentication can be configured using the **L2tpPsk** setting in the [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp).
-    
-    - [PPTP](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687676(v=ws.10))
-
-    - [SSTP](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687819(v=ws.10))
-
-        SSTP is supported for Windows desktop editions only. SSTP cannot be configured using mobile device management (MDM), but it is one of the protocols attempted in the **Automatic** option.
-
-        > [!NOTE]
-        > When a VPN plug-in is used, the adapter will be listed as an SSTP adapter, even though the VPN protocol used is the plug-in's protocol.
-        
-- Automatic
-
-    The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt from most secure to least secure. 
-
-    Configure **Automatic** for the **NativeProtocolType** setting in the [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp).
-    
-  
- 
-## Universal Windows Platform VPN plug-in
-
-The Universal Windows Platform (UWP) VPN plug-ins were introduced in Windows 10 and Windows 11, although there was originally separate version available for the Windows 8.1 PC platform. Using the UWP platform, third-party VPN providers can create app-containerized plug-ins using WinRT APIs, eliminating the complexity and problems often associated with writing to system-level drivers.  
-
-There are a number of Universal Windows Platform VPN applications, such as Pulse Secure, Cisco AnyConnect, F5 Access, Sonicwall Mobile Connect, and Check Point Capsule. If you want to use a UWP VPN plug-in, work with your vendor for any custom settings needed to configure your VPN solution.
-
-## Configure connection type
-
-See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration. 
-
-The following image shows connection options in a VPN Profile configuration policy using Microsoft Intune:
-
-> [!div class="mx-imgBorder"]
-> ![Available connection types.](images/vpn-connection-intune.png)
-     
-In Intune, you can also include custom XML for third-party plug-in profiles:
-
-> [!div class="mx-imgBorder"]
-> ![Custom XML.](images/vpn-custom-xml-intune.png)
-
-
-## Related topics
-
-- [VPN technical guide](vpn-guide.md)
-- [VPN routing decisions](vpn-routing.md)
-- [VPN authentication options](vpn-authentication.md)
-- [VPN and conditional access](vpn-conditional-access.md)
-- [VPN name resolution](vpn-name-resolution.md)
-- [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
-- [VPN security features](vpn-security-features.md)
-- [VPN profile options](vpn-profile-options.md)

windows/security/identity-protection/vpn/vpn-name-resolution.md

@@ -1,74 +0,0 @@
----
-title: VPN name resolution (Windows 10 and Windows 11)
-description: Learn how the name resolution setting in the VPN profile configures how name resolution works when a VPN client connects to a VPN server.
-ms.date: 09/23/2021
-ms.topic: conceptual
----
-
-# VPN name resolution
-
-When the VPN client connects to the VPN server, the VPN client receives the client IP address. The client may also receive the IP address of the Domain Name System (DNS) server and the IP address of the Windows Internet Name Service (WINS) server.
-
-The name resolution setting in the VPN profile configures how name resolution should work on the system when VPN is connected. The networking stack first looks at the Name Resolution Policy table (NRPT) for any matches and tries a resolution in the case of a match. If no match is found, the DNS suffix on the most preferred interface based on the interface metric is appended to the name (in the case of a short name) and a DNS query is sent out on the preferred interface. If the query times out, the DNS suffix search list is used in order and DNS queries are sent on all interfaces. 
-
-## Name Resolution Policy table (NRPT)
- 
-The NRPT is a table of namespaces that determines the DNS client's behavior when issuing name resolution queries and processing responses. It is the first place that the stack will look after the DNSCache.
-
-There are 3 types of name matches that can  set up for NRPT:
-
-- Fully qualified domain name (FQDN) that can be used for direct matching to a name
-
-- Suffix match results in either a comparison of suffixes (for FQDN resolution) or the appending of the suffix (in case of a short name)
-
-- Any resolution should attempt to first resolve with the proxy server/DNS server with this entry
-
-NRPT is set using the **VPNv2/*ProfileName*/DomainNameInformationList** node of the [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp). This node also configures Web proxy server or domain name servers. 
-
-[Learn more about NRPT](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee649207(v=ws.10))
-
- 
-## DNS suffix
-
-This setting is used to configure the primary DNS suffix for the VPN interface and the suffix search list after the VPN connection is established.
-
-Primary DNS suffix is set using the **VPNv2/*ProfileName*/DnsSuffix** node.
-
-
-
-[Learn more about primaryDNS suffix](/previous-versions/windows/it-pro/windows-2000-server/cc959611(v=technet.10))
-
-## Persistent
-
-You can also configure *persistent* name resolution rules. Name resolution for specified items will only be performed over the VPN.
-
-Persistent name resolution is set using the **VPNv2/*ProfileName*/DomainNameInformationList//*dniRowId*/Persistent** node.
-
-
-
-## Configure name resolution
-
-See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration. 
-
-The following image shows name resolution options in a VPN Profile configuration policy using Microsoft Intune.
-
-![Add DNS rule.](images/vpn-name-intune.png)
-
-The fields in **Add or edit DNS rule** in the Intune profile correspond to the XML settings shown in the following table.
-
-| Field | XML |
-| --- | --- |
-| **Name** | **VPNv2/*ProfileName*/DomainNameInformationList/*dniRowId*/DomainName**  |
-| **Servers (comma separated)** | **VPNv2/*ProfileName*/DomainNameInformationList/*dniRowId*/DnsServers**  |
-| **Proxy server** |  **VPNv2/*ProfileName*/DomainNameInformationList/*dniRowId*/WebServers**  |
-
-## Related topics
-
-- [VPN technical guide](vpn-guide.md)
-- [VPN connection types](vpn-connection-type.md)
-- [VPN routing decisions](vpn-routing.md)
-- [VPN authentication options](vpn-authentication.md)
-- [VPN and conditional access](vpn-conditional-access.md)
-- [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
-- [VPN security features](vpn-security-features.md)
-- [VPN profile options](vpn-profile-options.md)

windows/security/identity-protection/vpn/vpn-routing.md

@@ -1,59 +0,0 @@
----
-ms.date: 09/23/2021
-title: VPN routing decisions
-description: Learn about approaches that either send all data through a VPN or only selected data. The one you choose impacts capacity planning and security expectations.
-ms.topic: conceptual
----
-# VPN routing decisions
-
-Network routes are required for the stack to understand which interface to use for outbound traffic. One of the most important decision points for VPN configuration is whether you want to send all the data through VPN (*force tunnel*) or only some data through the VPN (*split tunnel*). This decision impacts the configuration and the capacity planning, as well as security expectations from the connection. 
-
-## Split tunnel configuration
-
-In a split tunnel configuration, routes can be specified to go over VPN and all other traffic will go over the physical interface. 
-
-Routes can be configured using the VPNv2/*ProfileName*/RouteList setting in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp).
- 
-For each route item in the list, the following can be specified: 
-
-- **Address**: VPNv2/*ProfileName*/RouteList/*routeRowId*/Address
-- **Prefix size**: VPNv2/*ProfileName*/RouteList/*routeRowId*/Prefix
-- **Exclusion route**: VPNv2/*ProfileName*/RouteList/*routeRowId*/ExclusionRoute
-   
-   Windows VPN platform now supports the ability to specify exclusion routes that specifically should not go over the physical interface. 
-
-Routes can also be added at connect time through the server for UWP VPN apps.  
-
-## Force tunnel configuration
-
-In a force tunnel configuration, all traffic will go over VPN. This is the default configuration and takes effect if no routes are specified. 
-
-The only implication of this setting is the manipulation of routing entries. In the case of a force tunnel, VPN V4 and V6 default routes (for example. 0.0.0.0/0) are added to the routing table with a lower metric than ones for other interfaces. This sends traffic through the VPN as long as there isn't a specific route on the physical interface itself. 
-
-For built-in VPN, this decision is controlled using the MDM setting **VPNv2/ProfileName/NativeProfile/RoutingPolicyType**.
-
-For a UWP VPN plug-in, this property is directly controlled by the app. If the VPN plug-in indicates the default route for IPv4 and IPv6 as the only two Inclusion routes, the VPN platform marks the connection as Force Tunneled. 
-
-## Configure routing
-
-See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration. 
-
-When you configure a VPN profile in Microsoft Intune, you select a checkbox to enable split tunnel configuration.
-
-![split tunnel.](images/vpn-split.png)
-
-Next, in **Corporate Boundaries**, you add the routes that should use the VPN connection.   
-  
-![add route for split tunnel.](images/vpn-split-route.png)
-
-
-## Related topics
-
-- [VPN technical guide](vpn-guide.md)
-- [VPN connection types](vpn-connection-type.md)
-- [VPN authentication options](vpn-authentication.md)
-- [VPN and conditional access](vpn-conditional-access.md)
-- [VPN name resolution](vpn-name-resolution.md)
-- [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
-- [VPN security features](vpn-security-features.md)
-- [VPN profile options](vpn-profile-options.md)

windows/security/identity-protection/vpn/vpn-security-features.md

@@ -1,84 +0,0 @@
----
-title: VPN security features
-description: Learn about security features for VPN, including LockDown VPN, Windows Information Protection integration with VPN, and traffic filters.
-ms.date: 07/21/2022
-ms.topic: conceptual
----
-
-# VPN security features
-
-## Hyper-V based containers and VPN
-
-Windows supports different kinds of Hyper-V based containers. This support includes, but isn't limited to, Microsoft Defender Application Guard and Windows Sandbox. When you use 3rd party VPN solutions, these Hyper-V based containers may not be able to seamlessly connect to the internet. Additional configurational changes might be needed to resolve connectivity issues.
-
-For example, for more information on a workaround for Cisco AnyConnect VPN, see [Cisco AnyConnect Secure Mobility Client Administrator Guide: Connectivity issues with VM-based subsystems](https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect410/administration/guide/b-anyconnect-admin-guide-4-10/troubleshoot-anyconnect.html#Cisco_Task_in_List_GUI.dita_3a9a8101-f034-4e9b-b24a-486ee47b5e9f).
-
-## Windows Information Protection (WIP) integration with VPN
-
-Windows Information Protection provides capabilities allowing the separation and protection of enterprise data against disclosure across both company and personally owned devices, without requiring additional changes to the environments or the apps themselves. Additionally, when used with Rights Management Services (RMS), WIP can help to protect enterprise data locally.
-
-The **EdpModeId** node in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) allows a Windows 10 or Windows 11 VPN client to integrate with WIP, extending its functionality to remote devices. Use case scenarios for WIP include:
-
-- Core functionality: File encryption and file access blocking
-- UX policy enforcement: Restricting copy/paste, drag/drop, and sharing operations
-- WIP network policy enforcement: Protecting intranet resources over the corporate network and VPN
-- Network policy enforcement: Protecting SMB and Internet cloud resources over the corporate network and VPN
-
-The value of the **EdpModeId** is an Enterprise ID. The networking stack will look for this ID in the app token to determine whether VPN should be triggered for that particular app.
-
-Additionally, when connecting with WIP, the admin does not have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced configuration is needed) because the WIP policies and App lists automatically take effect.
-
-[Learn more about Windows Information Protection](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip)
-
-
-## Traffic Filters
-
-Traffic Filters give enterprises the ability to decide what traffic is allowed into the corporate network based on policy. Network admins can use Traffic Filters to effectively add interface specific firewall rules on the VPN Interface. There are two types of Traffic Filter rules:
-
-- App-based rules. With app-based rules, a list of applications can be marked to allow only traffic originating from these apps to go over the VPN interface.
-- Traffic-based rules. Traffic-based rules are 5-tuple policies (ports, addresses, protocol) that can be specified to allow only traffic matching these rules to go over the VPN interface.
-
-There can be many sets of rules which are linked by OR. Within each set, there can be app-based rules and traffic-based rules; all the properties within the set will be linked by AND. In addition, these rules can be applied at a per-app level or a per-device level.
-
-For example, an admin could define rules that specify:
-
-- The Contoso HR App must be allowed to go through the VPN and only access port 4545.
-- The Contoso finance apps are allowed to go over the VPN and only access the Remote IP ranges of 10.10.0.40 - 10.10.0.201 on port 5889.
-- All other apps on the device should be able to access only ports 80 or 443.
-
-## Configure traffic filters
-
-See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration.
-
-The following image shows the interface to configure traffic rules in a VPN Profile configuration policy, using Microsoft Intune.
-
-![Add a traffic rule.](images/vpn-traffic-rules.png)
-
-
-## LockDown VPN
-
-A VPN profile configured with LockDown secures the device to only allow network traffic over the VPN interface. It has the following features:
-
-- The system attempts to keep the VPN connected at all times.
-- The user cannot disconnect the VPN connection.
-- The user cannot delete or modify the VPN profile.
-- The VPN LockDown profile uses forced tunnel connection.
-- If the VPN connection is not available, outbound network traffic is blocked.
-- Only one VPN LockDown profile is allowed on a device.
-
-> [!NOTE]
-> For built-in VPN, LockDown VPN is only available for the Internet Key Exchange version 2 (IKEv2) connection type.
-
-Deploy this feature with caution, as the resultant connection will not be able to send or receive any network traffic without the VPN being connected.
-
-
-## Related topics
-
-- [VPN technical guide](vpn-guide.md)
-- [VPN connection types](vpn-connection-type.md)
-- [VPN routing decisions](vpn-routing.md)
-- [VPN authentication options](vpn-authentication.md)
-- [VPN and conditional access](vpn-conditional-access.md)
-- [VPN name resolution](vpn-name-resolution.md)
-- [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
-- [VPN profile options](vpn-profile-options.md)

windows/security/operating-system-security/network-security/toc.yml

@@ -1,40 +1,17 @@
 items:
-- name: Transport layer security (TLS)
-  href: /windows-server/security/tls/tls-ssl-schannel-ssp-overview
-- name: WiFi Security
-  href: https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09
-- name: Windows Firewall
-  href: ../../threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
-- name: Virtual Private Network (VPN)
-  href: ../../identity-protection/vpn/vpn-guide.md
-  items:
-  - name: VPN connection types
-    href: ../../identity-protection/vpn/vpn-connection-type.md
-  - name: VPN routing decisions
-    href: ../../identity-protection/vpn/vpn-routing.md
-  - name: VPN authentication options
-    href: ../../identity-protection/vpn/vpn-authentication.md
-  - name: VPN and conditional access
-    href: ../../identity-protection/vpn/vpn-conditional-access.md
-  - name: VPN name resolution
-    href: ../../identity-protection/vpn/vpn-name-resolution.md
-  - name: VPN auto-triggered profile options
-    href: ../../identity-protection/vpn/vpn-auto-trigger-profile.md
-  - name: VPN security features
-    href: ../../identity-protection/vpn/vpn-security-features.md
-  - name: VPN profile options
-    href: ../../identity-protection/vpn/vpn-profile-options.md
-  - name: How to configure Diffie Hellman protocol over IKEv2 VPN connections
-    href: ../../identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
-  - name: How to use single sign-on (SSO) over VPN and Wi-Fi connections
-    href: ../../identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
-  - name: Optimizing Office 365 traffic with the Windows VPN client
-    href: ../../identity-protection/vpn/vpn-office-365-optimization.md
-- name: Always On VPN
-  href: /windows-server/remote/remote-access/vpn/always-on-vpn/
-- name: Direct Access
-  href: /windows-server/remote/remote-access/directaccess/directaccess
-- name: Server Message Block (SMB) file service
-  href: /windows-server/storage/file-server/file-server-smb-overview
-- name: Server Message Block Direct (SMB Direct)
-  href: /windows-server/storage/file-server/smb-direct
+  - name: Transport layer security (TLS) 🔗
+    href: /windows-server/security/tls/tls-ssl-schannel-ssp-overview
+  - name: WiFi Security
+    href: https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09
+  - name: Windows Firewall 🔗
+    href: windows-firewall/windows-firewall-with-advanced-security.md
+  - name: Virtual Private Network (VPN)
+    href: vpn/toc.yml
+  - name: Always On VPN 🔗
+    href: /windows-server/remote/remote-access/vpn/always-on-vpn/
+  - name: Direct Access 🔗
+    href: /windows-server/remote/remote-access/directaccess/directaccess
+  - name: Server Message Block (SMB) file service 🔗
+    href: /windows-server/storage/file-server/file-server-smb-overview
+  - name: Server Message Block Direct (SMB Direct) 🔗
+    href: /windows-server/storage/file-server/smb-direct

windows/security/operating-system-security/network-security/vpn/toc.yml

@@ -0,0 +1,25 @@
+items:
+  - name: Overview
+    href: vpn-guide.md
+  - name: VPN connection types
+    href: vpn-connection-type.md
+  - name: VPN routing decisions
+    href: vpn-routing.md
+  - name: VPN authentication options
+    href: vpn-authentication.md
+  - name: VPN and conditional access
+    href: vpn-conditional-access.md
+  - name: VPN name resolution
+    href: vpn-name-resolution.md
+  - name: VPN auto-triggered profile options
+    href: vpn-auto-trigger-profile.md
+  - name: VPN security features
+    href: vpn-security-features.md
+  - name: VPN profile options
+    href: vpn-profile-options.md
+  - name: How to configure Diffie Hellman protocol over IKEv2 VPN connections
+    href: how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
+  - name: How to use single sign-on (SSO) over VPN and Wi-Fi connections
+    href: how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+  - name: Optimizing Office 365 traffic with the Windows VPN client
+    href: vpn-office-365-optimization.md

windows/security/operating-system-security/network-security/vpn/vpn-authentication.md

@@ -74,7 +74,7 @@ For a UWP VPN plug-in, the app vendor controls the authentication method to be u
 See [EAP configuration](/windows/client-management/mdm/eap-configuration) for EAP XML configuration. 
 
 >[!NOTE]
->To configure Windows Hello for Business authentication, follow the steps in [EAP configuration](/windows/client-management/mdm/eap-configuration) to create a smart card certificate. [Learn more about Windows Hello for Business.](../hello-for-business/hello-identity-verification.md)
+>To configure Windows Hello for Business authentication, follow the steps in [EAP configuration](/windows/client-management/mdm/eap-configuration) to create a smart card certificate. [Learn more about Windows Hello for Business.](../../../identity-protection/hello-for-business/hello-identity-verification.md).
 
 The following image shows the field for EAP XML in a Microsoft Intune VPN profile. The EAP XML field only appears when you select a built-in connection type (automatic, IKEv2, L2TP, PPTP).
 

windows/security/operating-system-security/network-security/vpn/vpn-auto-trigger-profile.md

@@ -0,0 +1,90 @@
+---
+title: VPN auto-triggered profile options
+description: With auto-triggered VPN profile options, Windows can automatically establish a VPN connection based on IT admin-defined rules. Learn about the types of auto-trigger rules that you can create for VPN connections.
+ms.date: 05/24/2023
+ms.topic: conceptual
+---
+
+# VPN auto-triggered profile options
+
+Windows can use different features to auto-trigger VPN, avoiding users to manually connect when VPN is needed to access necessary resources. There are three different types of auto-trigger rules:
+
+- Application trigger
+- Name-based trigger
+- Always On
+
+> [!NOTE]
+> Auto-triggered VPN connections won't work if **Folder Redirection** for **AppData** is enabled. Either Folder Redirection for AppData must be disabled, or the auto-triggered VPN profile must be deployed in SYSTEM context, which changes the path to where the *rasphone.pbk* file is stored.
+
+## Application trigger
+
+VPN profiles can be configured to automatically connect on the execution of certain applications:
+
+- You can configure desktop or Universal Windows Platform (UWP) apps to trigger a VPN connection
+- You can configure per-app VPN and specify traffic rules for each app
+
+> [!NOTE]
+> The app identifier for a desktop app is a file path. The app identifier for a UWP app is a package family name.
+>
+> [Find a package family name (PFN) for per-app VPN configuration](/mem/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
+
+For more information, see [Traffic filters](vpn-security-features.md#traffic-filters).
+
+## Name-based trigger
+
+You can configure a domain name-based rule so that a specific domain name triggers the VPN connection.\ 
+Name-based auto-trigger can be configured using the `VPNv2/<ProfileName>/DomainNameInformationList/dniRowId/AutoTrigger` setting in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp).
+
+There are four types of name-based triggers:
+
+- Short name: for example, if *HRweb* is configured as a trigger, and the stack sees a DNS resolution request for *HRweb*, the VPN triggers
+- Fully qualified domain name (FQDN): for example, if *HRweb.corp.contoso.com* is configured as a trigger, and the stack sees a DNS resolution request for *HRweb.corp.contoso.com*, the VPN triggers
+- Suffix: for example, if *.corp.contoso.com* is configured as a trigger, and the stack sees a DNS resolution request with a matching suffix (such as *HRweb.corp.contoso.com*), the VPN triggers. For any short name resolution, VPN triggers, and the DNS servers are queried for the *<ShortName\>.corp.contoso.com*
+- All: if used, all DNS resolution triggers VPN
+
+## Always On
+
+Always On is a Windows feature that enables the active VPN profile to connect automatically on the following triggers:
+
+- User sign-in
+- Network change
+- Device screen on
+
+When the trigger occurs, VPN tries to connect. If an error occurs, or any user input is needed, the user sees a toast notification for more interaction.
+
+When a device has multiple profiles with Always On triggers, the user can specify the active profile in **Settings > Network & Internet > VPN > <VPN profile\>** by selecting the **Let apps automatically use this VPN connection** checkbox. By default, the first MDM-configured profile is marked as **Active**. Devices with multiple users have the same restriction: only one profile, and therefore only one user, is able to use the Always On triggers.
+
+## Preserving user Always On preference
+
+Another Windows feature is to preserve a user's Always On preference. If a user manually unchecks the **Connect automatically** checkbox, Windows remembers the user preference for the profile name by adding the profile name to the registry value *AutoTriggerDisabledProfilesList*.  
+
+If a management tool removes or adds the same profile name back and set **AlwaysOn** to **true**, Windows doesn't check the box if the profile name exists in the following registry value, in order to preserve user preference.
+
+**Key:** `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config`\
+**Value:** `AutoTriggerDisabledProfilesList`\
+**Type:** `REG_MULTI_SZ`
+
+## Trusted network detection
+
+The **Trusted network detection** feature configures the VPN so that connection isn't triggered when a device is on a trusted network. To configure Trusted network detection, you must provide a list of DNS suffixes. The VPN stack verifies the network name of the physical interface connection profile: if it matches any of the suffixes configured in the list and the network is private or provisioned by MDM, then VPN doesn't trigger.
+
+Trusted network detection can be configured using the `VPNv2/<ProfileName>/TrustedNetworkDetection` setting in the [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp).
+
+## Configure app-triggered VPN
+
+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration.
+
+The following image shows associating apps to a VPN connection in a VPN Profile configuration policy using Microsoft Intune.
+
+:::image type="content" source="images/vpn-app-trigger.png" alt-text="Creation of VPN profile in Intune: application association options." lightbox="images/vpn-app-trigger.png":::
+
+## Related articles
+
+- [VPN technical guide](vpn-guide.md)
+- [VPN connection types](vpn-connection-type.md)
+- [VPN routing decisions](vpn-routing.md)
+- [VPN authentication options](vpn-authentication.md)
+- [VPN and conditional access](vpn-conditional-access.md)
+- [VPN name resolution](vpn-name-resolution.md)
+- [VPN security features](vpn-security-features.md)
+- [VPN profile options](vpn-profile-options.md)

windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md

@@ -1,7 +1,7 @@
 ---
-title: VPN and conditional access (Windows 10 and Windows 11)
-description: Learn how to integrate the VPN client with the Conditional Access Platform, so you can create access rules for Azure Active Directory (Azure AD) connected apps.
-ms.date: 09/23/2021
+title: VPN and conditional access
+description: Learn how to integrate the VPN client with the Conditional Access platform, and how to create access rules for Azure Active Directory (Azure AD) connected apps.
+ms.date: 05/23/2023
 ms.topic: conceptual
 ---
 
@@ -15,25 +15,20 @@ The VPN client is now able to integrate with the cloud-based Conditional Access
 Conditional Access Platform components used for Device Compliance include the following cloud-based services:
 
 - [Conditional Access Framework](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn)
-
 - [Azure AD Connect Health](/azure/active-directory/connect-health/active-directory-aadconnect-health)
-
-- [Windows Health Attestation Service](../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md#device-health-attestation) (optional)
-
+- [Windows Health Attestation Service](../../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md#device-health-attestation) (optional)
 - Azure AD Certificate Authority - It is a requirement that the client certificate used for the cloud-based device compliance solution be issued by an Azure Active Directory-based Certificate Authority (CA). An Azure AD CA is essentially a mini-CA cloud tenant in Azure. The Azure AD CA cannot be configured as part of an on-premises Enterprise CA. 
 See also [Always On VPN deployment for Windows Server and Windows 10](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy).
-
 - Azure AD-issued short-lived certificates - When a VPN connection attempt is made, the Azure AD Token Broker on the local device communicates with Azure Active Directory, which then checks for health based on compliance rules. If compliant, Azure AD sends back a short-lived certificate that is used to authenticate the VPN. Note that certificate authentication methods such as EAP-TLS can be used. When the client reconnects and determines that the certificate has expired, the client will again check with Azure AD for health validation before a new certificate is issued.
-
 - [Microsoft Intune device compliance policies](/mem/intune/protect/device-compliance-get-started) - Cloud-based device compliance leverages Microsoft Intune Compliance Policies, which are capable of querying the device state and define compliance rules for the following, among other things.
-
-    - Antivirus status
-    - Auto-update status and update compliance
-    - Password policy compliance
-    - Encryption compliance
-    - Device health attestation state (validated against attestation service after query)
+  - Antivirus status
+  - Auto-update status and update compliance
+  - Password policy compliance
+  - Encryption compliance
+  - Device health attestation state (validated against attestation service after query)
 
 The following client-side components are also required:
+
 - [HealthAttestation Configuration Service Provider (CSP)](/windows/client-management/mdm/healthattestation-csp)
 - [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) DeviceCompliance node settings
 - Trusted Platform Module (TPM)
@@ -90,14 +85,12 @@ See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/clien
 
 - [Azure Active Directory conditional access](/azure/active-directory/conditional-access/overview)
 - [Getting started with Azure Active Directory Conditional Access](/azure/active-directory/authentication/tutorial-enable-azure-mfa)
-- [Control the health of Windows 10-based devices](../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
-- Control the health of Windows 11-based devices
+- [Control the health of Windows devices](../../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 1)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn)
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 2)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-2)
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 3)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-3)
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 4)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-4)
 
-
 ## Related topics
 - [VPN technical guide](vpn-guide.md)
 - [VPN connection types](vpn-connection-type.md)

windows/security/operating-system-security/network-security/vpn/vpn-connection-type.md

@@ -0,0 +1,57 @@
+---
+title: VPN connection types (Windows 10 and Windows 11)
+description: Learn about Windows VPN platform clients and the VPN connection-type features that can be configured.
+ms.date: 05/24/2022
+ms.topic: conceptual
+---
+
+# VPN connection types
+
+VPNs are point-to-point connections across a private or public network, like the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called *tunneling protocols*, to make a virtual call to a virtual port on a VPN server. In a typical VPN deployment, a client initiates a virtual point-to-point connection to a remote access server over the Internet. The remote access server answers the call, authenticates the caller, and transfers data between the VPN client and the organization's private network.
+
+There are many options for VPN clients. In Windows, the built-in plug-in and the Universal Windows Platform (UWP) VPN plug-in platform are built on top of the Windows VPN platform. This article focuses on the Windows VPN platform clients and the features that can be configured.
+
+![VPN connection types.](images/vpn-connection.png)
+
+## Built-in VPN client
+
+Tunneling protocols:
+- [Internet Key Exchange version 2 (IKEv2)](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687731(v=ws.10)): configure the IPsec/IKE tunnel cryptographic properties using the **Cryptography Suite** setting in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp).
+- [L2TP](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687761(v=ws.10)): L2TP with pre-shared key (PSK) authentication can be configured using the **L2tpPsk** setting in the [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp).
+- [PPTP](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687676(v=ws.10))
+- [SSTP](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687819(v=ws.10)): SSTP can't be configured using MDM, but it's one of the protocols attempted in the **Automatic** option
+    > [!NOTE]
+    > When a VPN plug-in is used, the adapter will be listed as an SSTP adapter, even though the VPN protocol used is the plug-in's protocol.
+
+- Automatic: the **Automatic** option means that the device tries each of the built-in tunneling protocols until one succeeds. It attempts from most secure to least secure. Configure **Automatic** for the **NativeProtocolType** setting in the [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp).
+
+## Universal Windows Platform VPN plug-in
+
+Using the UWP platform, third-party VPN providers can create app-containerized plug-ins using WinRT APIs, eliminating the complexity and problems often associated with writing to system-level drivers.
+
+There are many Universal Windows Platform VPN applications, such as Pulse Secure, Cisco AnyConnect, F5 Access, Sonicwall Mobile Connect, and Check Point Capsule. If you want to use a UWP VPN plug-in, work with your vendor for any custom settings needed to configure your VPN solution.
+
+## Configure connection type
+
+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration.
+
+The following image shows connection options in a VPN Profile configuration policy using Microsoft Intune:
+
+> [!div class="mx-imgBorder"]
+> ![Available connection types.](images/vpn-connection-intune.png)
+
+In Intune, you can also include custom XML for third-party plug-in profiles:
+
+> [!div class="mx-imgBorder"]
+> ![Custom XML.](images/vpn-custom-xml-intune.png)
+
+## Related articles
+
+- [VPN technical guide](vpn-guide.md)
+- [VPN routing decisions](vpn-routing.md)
+- [VPN authentication options](vpn-authentication.md)
+- [VPN and conditional access](vpn-conditional-access.md)
+- [VPN name resolution](vpn-name-resolution.md)
+- [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
+- [VPN security features](vpn-security-features.md)
+- [VPN profile options](vpn-profile-options.md)

windows/security/operating-system-security/network-security/vpn/vpn-guide.md

@@ -1,20 +1,20 @@
 ---
-title: Windows VPN technical guide (Windows 10 and Windows 11)
-description: Learn about decisions to make for Windows 10 or Windows 11 clients in your enterprise VPN solution and how to configure your deployment.
-ms.date: 02/21/2022
+title: Windows VPN technical guide
+description: Learn how to plan and configure Windows devices for your organization's VPN solution.
+ms.date: 05/24/2023
 ms.topic: conceptual
 ---
 
 # Windows VPN technical guide
 
-This guide will walk you through the decisions you will make for Windows 10 or Windows 11 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10 and Windows 11.
+This guide walks you through the decisions to make for Windows clients in your organization's VPN solution, and how to configure your devices. This guide references the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) and provides mobile device management (MDM) configuration instructions using Microsoft Intune.
 
-To create a Windows 10 VPN device configuration profile see: [Windows 10 and Windows Holographic device settings to add VPN connections using Intune](/mem/intune/configuration/vpn-settings-windows-10).
+To create a Windows VPN device configuration profile see: [Windows device settings to add VPN connections using Intune](/mem/intune/configuration/vpn-settings-windows-10).
 
 > [!NOTE]
 > This guide does not explain server deployment.
 
-[!INCLUDE [virtual-private-network-vpn](../../../../includes/licensing/virtual-private-network-vpn.md)]
+[!INCLUDE [virtual-private-network-vpn](../../../../../includes/licensing/virtual-private-network-vpn.md)]
 
 ## In this guide
 
@@ -29,7 +29,6 @@ To create a Windows 10 VPN device configuration profile see: [Windows 10 and Win
 | [VPN security features](vpn-security-features.md)  | Configure traffic filtering, connect a VPN profile to Windows Information Protection (WIP), and more |
 | [VPN profile options](vpn-profile-options.md)  | Combine settings into single VPN profile using XML |
 
-
 ## Learn more
 
 - [Create VPN profiles to connect to VPN servers in Intune](/mem/intune/configuration/vpn-settings-configure)

windows/security/operating-system-security/network-security/vpn/vpn-name-resolution.md

@@ -0,0 +1,71 @@
+---
+title: VPN name resolution
+description: Learn how name resolution works when using a VPN connection.
+ms.date: 05/24/2023
+ms.topic: conceptual
+---
+
+# VPN name resolution
+
+When the VPN client establishes a connection, it receives an IP address and, optionally, the IP address of one or more DNS servers.
+
+The name resolution setting in the VPN profile determines how name resolution works on the system when the VPN connection is established:
+
+1. The network stack looks at the Name Resolution Policy table (NRPT) for any matches, and tries a resolution if a match is found
+1. If no match is found, the DNS suffix on the most preferred interface based on the interface metric is appended to the name (if a short name is used). A DNS query is sent to the preferred interface
+1. If the query times out, the DNS suffix search list is used in order and DNS queries are sent on all interfaces
+
+## Name Resolution Policy table (NRPT)
+
+The NRPT is a table of namespaces that determines the DNS client's behavior when issuing name resolution queries and processing responses. It's the first place that the stack will look after the DNSCache.
+
+There are three types of name matches that can  set up for NRPT:
+
+- Fully qualified domain name (FQDN) that can be used for direct matching to a name
+- Suffix match results in either a comparison of suffixes (for FQDN resolution) or the appending of the suffix (if using short name)
+- Any resolution should attempt to first resolve with the proxy server/DNS server with this entry
+
+NRPT is set using the `VPNv2/<ProfileName>/DomainNameInformationList` node of the [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp). You can use the same node to configure a Web proxy server or DNS.
+
+To learn more about NRPT, see [Introduction to the NRPT](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee649207(v=ws.10)).
+
+## DNS suffix
+
+The DNS suffix setting is used to configure the primary DNS suffix for the VPN interface and the suffix search list after the VPN connection is established.
+
+Primary DNS suffix is set using the `VPNv2/<ProfileName>/DnsSuffix` node.
+
+[Learn more about primaryDNS suffix](/previous-versions/windows/it-pro/windows-2000-server/cc959611(v=technet.10))
+
+## Persistent name resolution rules
+
+You can configure *persistent* name resolution rules. Name resolution for the specified items is done over the VPN.
+
+Persistent name resolution is set using the `VPNv2/<ProfileName>/DomainNameInformationList/<dniRowId>/Persistent` node.
+
+## Configure name resolution
+
+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration.
+
+The following image shows name resolution options in a VPN Profile configuration policy using Microsoft Intune.
+
+:::image type="content" source="images/vpn-name-intune.png" alt-text="Creation of VPN profile in Intune: DNS options." lightbox="images/vpn-name-intune.png":::
+
+The fields in **Add or edit DNS rule** in the Intune profile correspond to the XML settings shown in the following table.
+
+| Field | XML |
+| --- | --- |
+| **Name** | **VPNv2/*ProfileName*/DomainNameInformationList/*dniRowId*/DomainName**  |
+| **Servers (comma separated)** | **VPNv2/*ProfileName*/DomainNameInformationList/*dniRowId*/DnsServers**  |
+| **Proxy server** |  **VPNv2/*ProfileName*/DomainNameInformationList/*dniRowId*/WebServers**  |
+
+## Related articles
+
+- [VPN technical guide](vpn-guide.md)
+- [VPN connection types](vpn-connection-type.md)
+- [VPN routing decisions](vpn-routing.md)
+- [VPN authentication options](vpn-authentication.md)
+- [VPN and conditional access](vpn-conditional-access.md)
+- [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
+- [VPN security features](vpn-security-features.md)
+- [VPN profile options](vpn-profile-options.md)

windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md

@@ -1,17 +1,17 @@
 ---
-title: Optimizing Office 365 traffic for remote workers with the native Windows VPN client
-description: Learn how to optimize Office 365 traffic for remote workers with the native Windows VPN client
+title: Optimize Microsoft 365 traffic for remote workers with the Windows VPN client
+description: Learn how to optimize Microsoft 365 traffic for remote workers with the Windows VPN client
 ms.topic: article
-ms.date: 09/23/2021
+ms.date: 05/24/2023
 ---
-# Optimizing Office 365 traffic for remote workers with the native Windows 10 and Windows 11 VPN client
+# Optimize Microsoft 365 traffic for remote workers with the Windows VPN client
 
-This article describes how to configure the recommendations in the article [Optimize Office 365 connectivity for remote users using VPN split tunneling](/office365/enterprise/office-365-vpn-split-tunnel) for the *native Windows 10 and Windows 11 VPN client*. This guidance enables VPN administrators to optimize Office 365 usage while still ensuring that all other traffic goes over the VPN connection and through existing security gateways and tooling.
+This article describes how to configure the recommendations in the article [VPN split tunneling for Microsoft 365](/microsoft-365/enterprise/microsoft-365-vpn-split-tunnel) for the Windows VPN client. This guidance enables VPN administrators to optimize Microsoft 365 usage while ensuring that all other traffic goes over the VPN connection and through existing security gateways or tooling.
 
-This can be achieved for the native/built-in Windows 10 and Windows 11 VPN client using a _Force Tunneling with Exclusions_ approach. This allows you to define IP-based exclusions *even when using force tunneling* in order to "split" certain traffic to use the physical interface while still forcing all other traffic via the VPN interface. Traffic addressed to specifically defined destinations (like those listed in the Office 365 optimize categories) will therefore follow a much more direct and efficient path, without the need to traverse or "hairpin" via the VPN tunnel and back out of the corporate network. For cloud-services like Office 365, this makes a huge difference in performance and usability for remote users.
+The recommendations can be implemented for the built-in Windows VPN client using a *Force Tunneling with Exclusions* approach, defining IP-based exclusions even when using *force tunneling*. Certain traffic can be *split* to use the physical interface, while still forcing all other traffic via the VPN interface. Traffic addressed to defined destinations (like those listed in the Microsoft 365 optimized categories) follows a much more direct and efficient path, without the need to traverse or *hairpin* via the VPN tunnel and back out of the organization's network. For cloud-services like Microsoft 365, this makes a significant difference in performance and usability for remote users.
 
 > [!NOTE]
-> The term _force tunneling with exclusions_ is sometimes confusingly called "split tunnels" by other vendors and in some online documentation. For Windows 10 and Windows 11 VPN, the term _split tunneling_ is defined differently as described in the article [VPN routing decisions](./vpn-routing.md#split-tunnel-configuration).
+> The term *force tunneling with exclusions* is sometimes confusingly called *split tunnels* by other vendors and in some online documentation. For Windows VPN, the term *split tunneling* is defined differently, as described in the article [VPN routing decisions](./vpn-routing.md#split-tunnel-configuration).
 
 ## Solution Overview
 
@@ -35,9 +35,9 @@ In order to define specific force tunnel exclusions, you then need to add the fo
 </Route>
 ```
 
-Entries defined by the `[IP Addresses or Subnet]` and `[IP Prefix]` references will consequently be added to the routing table as _more specific route entries_ that will use the Internet-connected interface as the default gateway, as opposed to using the VPN interface. You will need to define a unique and separate `<Route></Route>` section for each required exclusion.
+Entries defined by the `[IP Addresses or Subnet]` and `[IP Prefix]` references will consequently be added to the routing table as _more specific route entries_ that will use the Internet-connected interface as the default gateway, as opposed to using the VPN interface. You must define a unique and separate `<Route></Route>` section for each required exclusion.
 
-An example of a correctly formatted Profile XML configuration for force tunnel with exclusions is shown below:
+An example of a correctly formatted Profile XML configuration for force tunnel with exclusions is the following:
 
 ```xml
 <VPNProfile>
@@ -62,11 +62,11 @@ An example of a correctly formatted Profile XML configuration for force tunnel w
 
 ## Solution Deployment
 
-For Office 365, it is therefore necessary to add exclusions for all IP addresses documented within the optimize categories described in [Office 365 URLs and IP address ranges](/office365/enterprise/urls-and-ip-address-ranges) to ensure that they are excluded from VPN force tunneling.
+For Microsoft 365, it's therefore necessary to add exclusions for all IP addresses documented within the optimize categories described in [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) to ensure that they're excluded from VPN force tunneling.
 
 This can be achieved manually by adding the IP addresses defined within the *optimize* category entries to an existing Profile XML (or script) file, or alternatively the following script can be used which dynamically adds the required entries to an existing PowerShell script, or XML file, based upon directly querying the REST-based web service to ensure the correct IP address ranges are always used.
 
-An example of a PowerShell script that can be used to update a force tunnel VPN connection with Office 365 exclusions is provided below.
+An example of a PowerShell script that can be used to update a force tunnel VPN connection with Microsoft 365 exclusions is provided below.
 
 ```powershell
 # Copyright (c) Microsoft Corporation.  All rights reserved.
@@ -79,9 +79,9 @@ An example of a PowerShell script that can be used to update a force tunnel VPN
 
 <#
 .SYNOPSIS
-    Applies or updates recommended Office 365 optimize IP address exclusions to an existing force tunnel Windows 10 and Windows 11 VPN profile
+    Applies or updates recommended Microsoft 365 optimize IP address exclusions to an existing force tunnel Windows 10 and Windows 11 VPN profile
 .DESCRIPTION
-    Connects to the Office 365 worldwide commercial service instance endpoints to obtain the latest published IP address ranges
+    Connects to the Microsoft 365 worldwide commercial service instance endpoints to obtain the latest published IP address ranges
     Compares the optimized IP addresses with those contained in the supplied VPN Profile (PowerShell or XML file)
     Adds or updates IP addresses as necessary and saves the resultant file with "-NEW" appended to the file name
 .PARAMETERS
@@ -170,7 +170,7 @@ if ( $VPNprofilefile -ne "" -and $FileExtension -eq ".ps1")
     }
 }
 
-# Define Office 365 endpoints and service URLs #
+# Define Microsoft 365 endpoints and service URLs #
 $ws = "https://endpoints.office.com"
 $baseServiceUrl = "https://endpoints.office.com"
 
@@ -198,7 +198,7 @@ if ($version[0].latest -gt $lastVersion)
 {
 
     Write-Host
-    Write-Host "A new version of Office 365 worldwide commercial service instance endpoints has been detected!" -ForegroundColor Cyan
+    Write-Host "A new version of Microsoft 365 worldwide commercial service instance endpoints has been detected!" -ForegroundColor Cyan
 
     # Write the new version number to the data file #
     @($clientRequestId, $version[0].latest) | Out-File $datapath
@@ -415,29 +415,13 @@ if ($VPNprofilefile -ne "" -and $FileExtension -eq ".xml")
 }
 ```
 
-## Version Support
-
-This solution is supported with the following versions of Windows:
-
-- Windows 11
-- Windows 10 1903/1909 and newer: Included, no action needed
-- Windows 10 1809: At least [KB4490481](https://support.microsoft.com/help/4490481/windows-10-update-kb4490481)
-- Windows 10 1803: At least [KB4493437](https://support.microsoft.com/help/4493437/windows-10-update-kb4493437)
-- Windows 10 1709 and lower: Exclusion routes are not supported
-
-- Windows 10 Enterprise 2019 LTSC: At least [KB4490481](https://support.microsoft.com/help/4490481/windows-10-update-kb4490481)
-- Windows 10 Enterprise 2016 LTSC: Exclusion routes are not supported
-- Windows 10 Enterprise 2015 LTSC: Exclusion routes are not supported
-
-Microsoft strongly recommends that the latest available Windows 10 cumulative update always be applied.
-
 ## Other Considerations
 
 You should also be able to adapt this approach to include necessary exclusions for other cloud-services that can be defined by known/static IP addresses; exclusions required for [Cisco WebEx](https://help.webex.com/WBX000028782/Network-Requirements-for-Webex-Teams-Services) or [Zoom](https://support.zoom.us/hc/en-us/articles/201362683) are good examples.
 
 ## Examples
 
-An example of a PowerShell script that can be used to create a force tunnel VPN connection with Office 365 exclusions is provided below, or refer to the guidance in [Create the ProfileXML configuration files](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#create-the-profilexml-configuration-files) to create the initial PowerShell script:
+An example of a PowerShell script that can be used to create a force tunnel VPN connection with Microsoft 365 exclusions is provided below, or refer to the guidance in [Create the ProfileXML configuration files](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#create-the-profilexml-configuration-files) to create the initial PowerShell script:
 
 ```powershell
 # Copyright (c) Microsoft Corporation.  All rights reserved.
@@ -462,7 +446,7 @@ An example of a PowerShell script that can be used to create a force tunnel VPN
 #>
 
 <#-- Define Key VPN Profile Parameters --#>
-$ProfileName = 'Contoso VPN with Office 365 Exclusions'
+$ProfileName = 'Contoso VPN with Microsoft 365 Exclusions'
 $ProfileNameEscaped = $ProfileName -replace ' ', '%20'
 
 <#-- Define VPN ProfileXML --#>
@@ -656,7 +640,7 @@ Write-Host "$Message"
 
 ```
 
-An example of an [Intune-ready XML file](./vpn-profile-options.md#apply-profilexml-using-intune) that can be used to create a force tunnel VPN connection with Office 365 exclusions is provided below, or refer to the guidance in [Create the ProfileXML configuration files](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#create-the-profilexml-configuration-files) to create the initial XML file.
+An example of an [Intune-ready XML file](./vpn-profile-options.md#apply-profilexml-using-intune) that can be used to create a force tunnel VPN connection with Microsoft 365 exclusions is provided below, or refer to the guidance in [Create the ProfileXML configuration files](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#create-the-profilexml-configuration-files) to create the initial XML file.
 
 >[!NOTE]
 >This XML is formatted for use with Intune and cannot contain any carriage returns or whitespace.

windows/security/operating-system-security/network-security/vpn/vpn-routing.md

@@ -0,0 +1,55 @@
+---
+ms.date: 05/24/2023
+title: VPN routing decisions
+description: Learn about approaches that either send all data through a VPN or only selected data. The one you choose impacts capacity planning and security expectations.
+ms.topic: conceptual
+---
+# VPN routing decisions
+
+Network routes are required for the stack to understand which interface to use for outbound traffic. One of the most important decision points for VPN configuration is whether you want to send all the data through VPN (*force tunnel*) or only some data through the VPN (*split tunnel*). The decision impacts the configuration, capacity planning, and security expectations from the connection.
+
+## Split tunnel configuration
+
+In a split tunnel configuration, routes can be specified to go over VPN and all other traffic will go over the physical interface.
+
+Routes can be configured using the `VPNv2/<ProfileName>/RouteList` setting in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp).
+
+For each route item in the list, you can configure the following options:
+
+- **Address**: `VPNv2/<ProfileName>/RouteList/<routeRowId>/Address`
+- **Prefix size**: `VPNv2/<ProfileName>/RouteList/<routeRowId>/Prefix`
+- **Exclusion route**: V`VPNv2/<ProfileName>/RouteList/<routeRowId>/ExclusionRoute`
+
+With Windows VPN, you can specify exclusion routes that shouldn't go over the physical interface.
+
+Routes can also be added at connect time through the server for UWP VPN apps.  
+
+## Force tunnel configuration
+
+In a force tunnel configuration, all traffic will go over VPN. Force tunnel is the default configuration, and takes effect when no routes are specified.
+
+The only implication of force tunnel is the manipulation of routing entries: VPN V4 and V6 default routes (for example *0.0.0.0/0*) are added to the routing table with a lower metric than ones for other interfaces. This configuration sends traffic through the VPN as long as there isn't a specific route on the physical interface:
+
+- For built-in VPN, the decision is controlled using the MDM setting `VPNv2/ProfileName/NativeProfile/RoutingPolicyType`
+- For a UWP VPN plug-in, the app controls the property. If the VPN plug-in indicates the default route for IPv4 and IPv6 as the only two Inclusion routes, the VPN platform marks the connection as Force Tunneled
+
+## Configure routing
+
+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration.
+
+When you configure a VPN profile in Microsoft Intune, you can enable split tunnel configuration:
+
+![split tunnel.](images/vpn-split.png)
+
+Once enabled, you can add the routes that should use the VPN connection.
+
+## Related articles
+
+- [VPN technical guide](vpn-guide.md)
+- [VPN connection types](vpn-connection-type.md)
+- [VPN authentication options](vpn-authentication.md)
+- [VPN and conditional access](vpn-conditional-access.md)
+- [VPN name resolution](vpn-name-resolution.md)
+- [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
+- [VPN security features](vpn-security-features.md)
+- [VPN profile options](vpn-profile-options.md)

windows/security/operating-system-security/network-security/vpn/vpn-security-features.md

@@ -0,0 +1,68 @@
+---
+title: VPN security features
+description: Learn about security features for VPN, including LockDown VPN and traffic filters.
+ms.date: 05/24/2023
+ms.topic: conceptual
+---
+
+# VPN security features
+
+## Hyper-V based containers and VPN
+
+Windows supports different kinds of Hyper-V based containers, like Microsoft Defender Application Guard and Windows Sandbox. When you use a third party VPN solution, the Hyper-V based containers may not be able to seamlessly connect to the internet, and configuration changes may be needed to resolve connectivity issues.
+
+For example, read about the workaround for Cisco AnyConnect VPN: [Cisco AnyConnect Secure Mobility Client Administrator Guide: Connectivity issues with VM-based subsystems](https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect410/administration/guide/b-anyconnect-admin-guide-4-10/troubleshoot-anyconnect.html#Cisco_Task_in_List_GUI.dita_3a9a8101-f034-4e9b-b24a-486ee47b5e9f).
+
+## Traffic Filters
+
+Traffic Filters enables organizations to decide what traffic is allowed into the corporate network based on policy. IT admins can use Traffic Filters to apply interface-specific firewall rules to the VPN Interface.
+
+There are two types of Traffic Filter rules:
+
+- **App-based rules** consist of a list of applications that can be marked to only allow traffic originating from the apps to the VPN interface
+- **Traffic-based rules** consist of 5-tuple policies (ports, addresses, protocol) that can be specified to only allow traffic matching the rules to go through the VPN interface
+
+There can be sets of rules linked by *OR*. Within each set, there can be app-based rules and traffic-based rules.\
+All the properties within the set are linked by *AND*. The rules can be applied at a per-app level or a per-device level.
+
+For example, an IT admin could define rules that specify:
+
+- An *HR App* is allowed to go through the VPN and only access port *4545*
+- The *Finance apps* are allowed to through the VPN and only access the Remote IP ranges of *10.10.0.40 - 10.10.0.201* on port *5889*
+- All other apps on the device can only access ports *80* or *443*
+
+## Configure traffic filters
+
+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration.
+
+The following image shows the interface to configure traffic rules in a VPN Profile configuration policy, using Microsoft Intune.
+
+:::image type="content" source="images/vpn-traffic-rules.png" alt-text="VPN profile creation from Microsoft Intune admin center." lightbox="images/vpn-traffic-rules.png":::
+
+## LockDown VPN
+
+A VPN profile configured with LockDown secures the device to only allow network traffic over the VPN interface. It has the following features:
+
+- The system attempts to always keep the VPN connected
+- The user can't disconnect the VPN connection
+- The user can't delete or modify the VPN profile
+- The VPN LockDown profile uses forced tunnel connection
+- If the VPN connection isn't available, outbound network traffic is blocked
+- Only one VPN LockDown profile is allowed on a device
+
+> [!NOTE]
+> For built-in VPN, LockDown VPN is only available for the Internet Key Exchange version 2 (IKEv2) connection type.
+
+> [!CAUTION]
+> Be careful when deploying LockDown VPN, as the resultant connection won't be able to send or receive any network traffic without the VPN connection being established.
+
+## Related articles
+
+- [VPN technical guide](vpn-guide.md)
+- [VPN connection types](vpn-connection-type.md)
+- [VPN routing decisions](vpn-routing.md)
+- [VPN authentication options](vpn-authentication.md)
+- [VPN and conditional access](vpn-conditional-access.md)
+- [VPN name resolution](vpn-name-resolution.md)
+- [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
+- [VPN profile options](vpn-profile-options.md)

windows/security/operating-system-security/network-security/windows-firewall/TOC.yml

@@ -0,0 +1,252 @@
+items:
+  - name: Overview
+    href: windows-firewall-with-advanced-security.md
+  - name: Plan deployment
+    items: 
+      - name: Design guide
+        href: windows-firewall-with-advanced-security-design-guide.md
+      - name: Design process
+        href: understanding-the-windows-firewall-with-advanced-security-design-process.md
+      - name: Implementation goals
+        items: 
+          - name: Identify implementation goals
+            href: identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
+          - name: Protect devices from unwanted network traffic
+            href: protect-devices-from-unwanted-network-traffic.md
+          - name: Restrict access to only trusted devices
+            href: restrict-access-to-only-trusted-devices.md
+          - name: Require encryption
+            href: require-encryption-when-accessing-sensitive-network-resources.md
+          - name: Restrict access
+            href: restrict-access-to-only-specified-users-or-devices.md
+      - name: Implementation designs
+        items: 
+          - name: Mapping goals to a design
+            href: mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
+          - name: Basic firewall design
+            href: basic-firewall-policy-design.md
+            items: 
+              - name: Basic firewall design example
+                href: firewall-policy-design-example.md
+          - name: Domain isolation design
+            href: domain-isolation-policy-design.md
+            items: 
+              - name: Domain isolation design example
+                href: domain-isolation-policy-design-example.md
+          - name: Server isolation design
+            href: server-isolation-policy-design.md
+            items: 
+              - name: Server Isolation design example
+                href: server-isolation-policy-design-example.md
+          - name: Certificate-based isolation design
+            href: certificate-based-isolation-policy-design.md
+            items: 
+              - name: Certificate-based Isolation design example
+                href: certificate-based-isolation-policy-design-example.md
+      - name: Design planning
+        items: 
+          - name: Planning your design
+            href: planning-your-windows-firewall-with-advanced-security-design.md
+          - name: Planning settings for a basic firewall policy
+            href: planning-settings-for-a-basic-firewall-policy.md
+          - name: Planning domain isolation zones
+            items: 
+              - name: Domain isolation zones
+                href: planning-domain-isolation-zones.md
+              - name: Exemption list
+                href: exemption-list.md
+              - name: Isolated domain
+                href: isolated-domain.md
+              - name: Boundary zone
+                href: boundary-zone.md
+              - name: Encryption zone
+                href: encryption-zone.md
+          - name: Planning server isolation zones
+            href: planning-server-isolation-zones.md
+          - name: Planning certificate-based authentication
+            href: planning-certificate-based-authentication.md
+            items: 
+              - name: Documenting the Zones
+                href: documenting-the-zones.md
+              - name: Planning group policy deployment for your isolation zones
+                href: planning-group-policy-deployment-for-your-isolation-zones.md
+                items: 
+                  - name: Planning isolation groups for the zones
+                    href: planning-isolation-groups-for-the-zones.md
+                  - name: Planning network access groups
+                    href: planning-network-access-groups.md
+                  - name: Planning the GPOs
+                    href: planning-the-gpos.md
+                    items: 
+                      - name: Firewall GPOs
+                        href: firewall-gpos.md
+                        items: 
+                          - name: GPO_DOMISO_Firewall
+                            href: gpo-domiso-firewall.md
+                      - name: Isolated domain GPOs
+                        href: isolated-domain-gpos.md
+                        items: 
+                          - name: GPO_DOMISO_IsolatedDomain_Clients
+                            href: gpo-domiso-isolateddomain-clients.md
+                          - name: GPO_DOMISO_IsolatedDomain_Servers
+                            href: gpo-domiso-isolateddomain-servers.md
+                      - name: Boundary zone GPOs
+                        href: boundary-zone-gpos.md
+                        items: 
+                          - name: GPO_DOMISO_Boundary
+                            href: gpo-domiso-boundary.md
+                      - name: Encryption zone GPOs
+                        href: encryption-zone-gpos.md
+                        items: 
+                          - name: GPO_DOMISO_Encryption
+                            href: gpo-domiso-encryption.md
+                      - name: Server isolation GPOs
+                        href: server-isolation-gpos.md
+                  - name: Planning GPO deployment
+                    href: planning-gpo-deployment.md
+      - name: Planning to deploy
+        href: planning-to-deploy-windows-firewall-with-advanced-security.md
+  - name: Deployment guide
+    items: 
+      - name: Deployment overview
+        href: windows-firewall-with-advanced-security-deployment-guide.md
+      - name: Implementing your plan
+        href: implementing-your-windows-firewall-with-advanced-security-design-plan.md
+      - name: Basic firewall deployment
+        items: 
+          - name: "Checklist: Implementing a basic firewall policy design"
+            href: checklist-implementing-a-basic-firewall-policy-design.md
+      - name: Domain isolation deployment
+        items: 
+          - name: "Checklist: Implementing a Domain Isolation Policy Design"
+            href: checklist-implementing-a-domain-isolation-policy-design.md
+      - name: Server isolation deployment
+        items: 
+          - name: "Checklist: Implementing a Standalone Server Isolation Policy Design"
+            href: checklist-implementing-a-standalone-server-isolation-policy-design.md
+      - name: Certificate-based authentication
+        items: 
+          - name: "Checklist: Implementing a Certificate-based Isolation Policy Design"
+            href: checklist-implementing-a-certificate-based-isolation-policy-design.md
+  - name: Best practices
+    items: 
+      - name: Configuring the firewall
+        href: best-practices-configuring.md
+      - name: Securing IPsec
+        href: securing-end-to-end-ipsec-connections-by-using-ikev2.md
+      - name: PowerShell
+        href: windows-firewall-with-advanced-security-administration-with-windows-powershell.md
+      - name: Isolating Microsoft Store Apps on Your Network
+        href: isolating-apps-on-your-network.md
+  - name: How-to
+    items: 
+      - name: Add Production devices to the membership group for a zone
+        href: add-production-devices-to-the-membership-group-for-a-zone.md
+      - name: Add test devices to the membership group for a zone
+        href: add-test-devices-to-the-membership-group-for-a-zone.md
+      - name: Assign security group filters to the GPO
+        href: assign-security-group-filters-to-the-gpo.md
+      - name: Change rules from request to require mode
+        href: Change-Rules-From-Request-To-Require-Mode.Md
+      - name: Configure authentication methods
+        href: Configure-authentication-methods.md
+      - name: Configure data protection (Quick Mode) settings
+        href: configure-data-protection-quick-mode-settings.md
+      - name: Configure Group Policy to autoenroll and deploy certificates
+        href: configure-group-policy-to-autoenroll-and-deploy-certificates.md
+      - name: Configure key exchange (main mode) settings
+        href: configure-key-exchange-main-mode-settings.md
+      - name: Configure the rules to require encryption
+        href: configure-the-rules-to-require-encryption.md
+      - name: Configure the Windows Firewall log
+        href: configure-the-windows-firewall-log.md
+      - name: Configure the workstation authentication certificate template
+        href: configure-the-workstation-authentication-certificate-template.md
+      - name: Configure Windows Firewall to suppress notifications when a program is blocked
+        href: configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
+      - name: Confirm that certificates are deployed correctly
+        href: confirm-that-certificates-are-deployed-correctly.md
+      - name: Copy a GPO to create a new GPO
+        href: copy-a-gpo-to-create-a-new-gpo.md
+      - name: Create a Group Account in Active Directory
+        href: create-a-group-account-in-active-directory.md
+      - name: Create a Group Policy Object
+        href: create-a-group-policy-object.md
+      - name: Create an authentication exemption list rule
+        href: create-an-authentication-exemption-list-rule.md
+      - name: Create an authentication request rule
+        href: create-an-authentication-request-rule.md
+      - name: Create an inbound ICMP rule
+        href: create-an-inbound-icmp-rule.md
+      - name: Create an inbound port rule
+        href: create-an-inbound-port-rule.md
+      - name: Create an inbound program or service rule
+        href: create-an-inbound-program-or-service-rule.md
+      - name: Create an outbound port rule
+        href: create-an-outbound-port-rule.md
+      - name: Create an outbound program or service rule
+        href: create-an-outbound-program-or-service-rule.md
+      - name: Create inbound rules to support RPC
+        href: create-inbound-rules-to-support-rpc.md
+      - name: Create WMI filters for the GPO
+        href: create-wmi-filters-for-the-gpo.md
+      - name: Create Windows Firewall rules in Intune
+        href: create-windows-firewall-rules-in-intune.md
+      - name: Enable predefined inbound rules
+        href: enable-predefined-inbound-rules.md
+      - name: Enable predefined outbound rules
+        href: enable-predefined-outbound-rules.md
+      - name: Exempt ICMP from authentication
+        href: exempt-icmp-from-authentication.md
+      - name: Link the GPO to the domain
+        href: link-the-gpo-to-the-domain.md
+      - name: Modify GPO filters
+        href: modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
+      - name: Open IP security policies
+        href: open-the-group-policy-management-console-to-ip-security-policies.md
+      - name: Open Group Policy
+        href: open-the-group-policy-management-console-to-windows-firewall.md
+      - name: Open Group Policy
+        href: open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
+      - name: Open Windows Firewall
+        href: open-windows-firewall-with-advanced-security.md
+      - name: Restrict server access
+        href: restrict-server-access-to-members-of-a-group-only.md
+      - name: Enable Windows Firewall
+        href: turn-on-windows-firewall-and-configure-default-behavior.md
+      - name: Verify Network Traffic
+        href: verify-that-network-traffic-is-authenticated.md
+  - name: References
+    items: 
+      - name: "Checklist: Creating Group Policy objects"
+        href: checklist-creating-group-policy-objects.md
+      - name: "Checklist: Creating inbound firewall rules"
+        href: checklist-creating-inbound-firewall-rules.md
+      - name: "Checklist: Creating outbound firewall rules"
+        href: checklist-creating-outbound-firewall-rules.md
+      - name: "Checklist: Configuring basic firewall settings"
+        href: checklist-configuring-basic-firewall-settings.md
+      - name: "Checklist: Configuring rules for the isolated domain"
+        href: checklist-configuring-rules-for-the-isolated-domain.md
+      - name: "Checklist: Configuring rules for the boundary zone"
+        href: checklist-configuring-rules-for-the-boundary-zone.md
+      - name: "Checklist: Configuring rules for the encryption zone"
+        href: checklist-configuring-rules-for-the-encryption-zone.md
+      - name: "Checklist: Configuring rules for an isolated server zone"
+        href: checklist-configuring-rules-for-an-isolated-server-zone.md
+      - name: "Checklist: Configuring rules for servers in a standalone isolated server zone"
+        href: checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
+      - name: "Checklist: Creating rules for clients of a standalone isolated server zone"
+        href: checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
+      - name: "Appendix A: Sample GPO template files for settings used in this guide"
+        href: appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
+  - name: Troubleshooting
+    items: 
+      - name: Troubleshooting UWP app connectivity issues in Windows Firewall
+        href: troubleshooting-uwp-firewall.md
+      - name: Filter origin audit log improvements
+        href: filter-origin-documentation.md
+      - name: Quarantine behavior
+        href: quarantine.md
+      - name: Firewall settings lost on upgrade
+        href: firewall-settings-lost-on-upgrade.md

windows/security/operating-system-security/network-security/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md

@@ -4,9 +4,6 @@ description: Learn how to add production devices to the membership group for a z
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Add Production Devices to the Membership Group for a Zone

windows/security/operating-system-security/network-security/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md

@@ -4,9 +4,6 @@ description: Learn how to add devices to the group for a zone to test whether yo
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Add Test Devices to the Membership Group for a Zone

windows/security/operating-system-security/network-security/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md

@@ -4,9 +4,6 @@ description: Use sample template files import an XML file containing customized
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Appendix A: Sample GPO Template Files for Settings Used in this Guide

windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo.md

@@ -7,9 +7,6 @@ ms.collection:
   - tier3
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Assign Security Group Filters to the GPO

windows/security/operating-system-security/network-security/windows-firewall/basic-firewall-policy-design.md

@@ -3,9 +3,6 @@ title: Basic Firewall Policy Design (Windows)
 description: Protect the devices in your organization from unwanted network traffic that gets through the perimeter defenses by using basic firewall policy design.
 ms.prod: windows-client
 ms.topic: conceptual
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ms.date: 12/31/2017
 ---
 

windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md

@@ -7,9 +7,6 @@ ms.collection:
   - highpri
   - tier3
 ms.topic: article
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Best practices for configuring Windows Defender Firewall

windows/security/operating-system-security/network-security/windows-firewall/boundary-zone-gpos.md

@@ -4,9 +4,6 @@ description: Learn about GPOs to create that must align with the group you creat
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Boundary Zone GPOs

windows/security/operating-system-security/network-security/windows-firewall/boundary-zone.md

@@ -4,9 +4,6 @@ description: Learn how a boundary zone supports devices that must receive traffi
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Boundary Zone

windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design-example.md

@@ -4,9 +4,6 @@ description: This example uses a fictitious company to illustrate certificate-ba
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Certificate-based Isolation Policy Design Example

windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design.md

@@ -4,9 +4,6 @@ description: Explore the methodology behind Certificate-based Isolation Policy D
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Certificate-based isolation policy design

windows/security/operating-system-security/network-security/windows-firewall/change-rules-from-request-to-require-mode.md

@@ -4,9 +4,6 @@ description: Learn how to convert a rule from request to require mode and apply
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Change Rules from Request to Require Mode

windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-basic-firewall-settings.md

@@ -4,9 +4,6 @@ description: Configure Windows Firewall to set inbound and outbound behavior, di
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Configuring Basic Firewall Settings

windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md

@@ -4,9 +4,6 @@ description: Use these tasks to configure connection security rules and IPsec se
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Configuring Rules for an Isolated Server Zone

windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md

@@ -4,9 +4,6 @@ description: Checklist Configuring Rules for Servers in a Standalone Isolated Se
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone

windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md

@@ -4,9 +4,6 @@ description: Use these tasks to configure connection security rules and IPsec se
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Configuring Rules for the Boundary Zone

windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md

@@ -4,9 +4,6 @@ description: Use these tasks to configure connection security rules and IPsec se
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Configuring Rules for the Encryption Zone

windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md

@@ -4,9 +4,6 @@ description: Use these tasks to configure connection security rules and IPsec se
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Configuring Rules for the Isolated Domain

windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-group-policy-objects.md

@@ -4,9 +4,6 @@ description: Learn to deploy firewall settings, IPsec settings, firewall rules,
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Creating Group Policy Objects

windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-inbound-firewall-rules.md

@@ -4,9 +4,6 @@ description: Use these tasks for creating inbound firewall rules in your GPOs fo
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Creating Inbound Firewall Rules

windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-outbound-firewall-rules.md

@@ -4,9 +4,6 @@ description: Use these tasks for creating outbound firewall rules in your GPOs f
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Creating Outbound Firewall Rules

windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md

@@ -4,9 +4,6 @@ description: Checklist for when creating rules for clients of a Standalone Isola
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone

windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md

@@ -4,9 +4,6 @@ description: Follow this parent checklist for implementing a basic firewall poli
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Implementing a Basic Firewall Policy Design

windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md

@@ -4,9 +4,6 @@ description: Use these references to learn about using certificates as an authen
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Implementing a Certificate-based Isolation Policy Design

windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md

@@ -4,9 +4,6 @@ description: Use these references to learn about the domain isolation policy des
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Implementing a Domain Isolation Policy Design

windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md

@@ -4,9 +4,6 @@ description: Use these tasks to create a server isolation policy design that isn
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Implementing a Standalone Server Isolation Policy Design

windows/security/operating-system-security/network-security/windows-firewall/configure-authentication-methods.md

@@ -4,9 +4,6 @@ description: Learn how to configure authentication methods for devices in an iso
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Configure Authentication Methods

windows/security/operating-system-security/network-security/windows-firewall/configure-data-protection-quick-mode-settings.md

@@ -4,9 +4,6 @@ description: Learn how to configure the data protection settings for connection
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Configure Data Protection (Quick Mode) Settings

windows/security/operating-system-security/network-security/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md

@@ -4,9 +4,6 @@ description: Learn how to configure Group Policy to automatically enroll client
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Configure Group Policy to Autoenroll and Deploy Certificates

windows/security/operating-system-security/network-security/windows-firewall/configure-key-exchange-main-mode-settings.md

@@ -4,9 +4,6 @@ description: Learn how to configure the main mode key exchange settings used to
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Configure Key Exchange (Main Mode) Settings

windows/security/operating-system-security/network-security/windows-firewall/configure-the-rules-to-require-encryption.md

@@ -4,9 +4,6 @@ description: Learn how to configure rules to add encryption algorithms and delet
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Configure the Rules to Require Encryption

windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md

@@ -4,9 +4,6 @@ description: Learn how to configure Windows Defender Firewall with Advanced Secu
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Configure the Windows Defender Firewall with Advanced Security Log

windows/security/operating-system-security/network-security/windows-firewall/configure-the-workstation-authentication-certificate-template.md

@@ -3,9 +3,6 @@ title: Configure the Workstation Authentication Template (Windows)
 description: Learn how to configure a workstation authentication certificate template, which is used for device certificates that are enrolled and deployed to workstations.
 ms.prod: windows-client
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ms.topic: conceptual
 ---
 

windows/security/operating-system-security/network-security/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md

@@ -4,9 +4,6 @@ description: Configure Windows Defender Firewall with Advanced Security to suppr
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Configure Windows Defender Firewall with Advanced Security to Suppress Notifications When a Program Is Blocked

windows/security/operating-system-security/network-security/windows-firewall/confirm-that-certificates-are-deployed-correctly.md

@@ -4,9 +4,6 @@ description: Learn how to confirm that a Group Policy is being applied as expect
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 01/24/2023
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Confirm That Certificates Are Deployed Correctly

windows/security/operating-system-security/network-security/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md

@@ -4,9 +4,6 @@ description: Learn how to make a copy of a GPO by using the Active Directory Use
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Copy a GPO to Create a New GPO

windows/security/operating-system-security/network-security/windows-firewall/create-a-group-account-in-active-directory.md

@@ -4,9 +4,6 @@ description: Learn how to create a security group for the computers that are to
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create a Group Account in Active Directory

windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object.md

@@ -7,9 +7,6 @@ ms.collection:
   - tier3
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create a Group Policy Object

windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-exemption-list-rule.md

@@ -4,9 +4,6 @@ description: Learn how to create rules that exempt devices that cannot communica
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create an Authentication Exemption List Rule

windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-request-rule.md

@@ -4,9 +4,6 @@ description: Create a new rule for Windows Defender Firewall with Advanced Secur
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create an Authentication Request Rule

windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-icmp-rule.md

@@ -4,9 +4,6 @@ description: Learn how to allow inbound ICMP traffic by using the Group Policy M
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create an Inbound ICMP Rule

windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule.md

@@ -7,9 +7,6 @@ ms.collection:
   - tier3
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create an Inbound Port Rule

windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-program-or-service-rule.md

@@ -4,9 +4,6 @@ description: Learn how to allow inbound traffic to a program or service by using
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create an Inbound Program or Service Rule

windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-port-rule.md

@@ -4,9 +4,6 @@ description: Learn to block outbound traffic on a port by using the Group Policy
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create an Outbound Port Rule

windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-program-or-service-rule.md

@@ -4,9 +4,6 @@ description: Use the Windows Defender Firewall with Advanced Security node in th
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create an Outbound Program or Service Rule

windows/security/operating-system-security/network-security/windows-firewall/create-inbound-rules-to-support-rpc.md

@@ -4,9 +4,6 @@ description: Learn how to allow RPC network traffic by using the Group Policy Ma
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create Inbound Rules to Support RPC

windows/security/operating-system-security/network-security/windows-firewall/create-windows-firewall-rules-in-intune.md

@@ -3,9 +3,6 @@ title: Create Windows Firewall rules in Intune (Windows)
 description: Learn how to use Intune to create rules in Windows Defender Firewall with Advanced Security. Start by creating a profile in Device Configuration in Intune.
 ms.prod: windows-client
 ms.topic: conceptual
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ms.date: 12/31/2017
 ---
 

windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo.md

@@ -7,9 +7,6 @@ ms.collection:
   - tier3
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create WMI Filters for the GPO

windows/security/operating-system-security/network-security/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md

@@ -4,9 +4,6 @@ description: Answer the question in this article to design an effective Windows
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Designing a Windows Defender Firewall with Advanced Security Strategy

windows/security/operating-system-security/network-security/windows-firewall/determining-the-trusted-state-of-your-devices.md

@@ -4,9 +4,6 @@ description: Learn how to define the trusted state of devices in your enterprise
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Determining the Trusted State of Your Devices

windows/security/operating-system-security/network-security/windows-firewall/documenting-the-zones.md

@@ -4,9 +4,6 @@ description: Learn how to document the zone placement of devices in your design
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Documenting the Zones

windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design-example.md

@@ -4,9 +4,6 @@ description: This example uses a fictitious company to illustrate domain isolati
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Domain Isolation Policy Design Example

windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design.md

@@ -4,9 +4,6 @@ description: Learn how to design a domain isolation policy, based on which devic
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Domain Isolation Policy Design

windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-inbound-rules.md

@@ -4,9 +4,6 @@ description: Learn the rules for Windows Defender Firewall with Advanced Securit
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Enable Predefined Inbound Rules

windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-outbound-rules.md

@@ -4,9 +4,6 @@ description: Learn to deploy predefined firewall rules that block outbound netwo
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Enable Predefined Outbound Rules

windows/security/operating-system-security/network-security/windows-firewall/encryption-zone-gpos.md

@@ -4,9 +4,6 @@ description: Learn how to add a device to an encryption zone by adding the devic
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Encryption Zone GPOs

windows/security/operating-system-security/network-security/windows-firewall/encryption-zone.md

@@ -4,9 +4,6 @@ description: Learn how to create an encryption zone to contain devices that host
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Encryption Zone

windows/security/operating-system-security/network-security/windows-firewall/exempt-icmp-from-authentication.md

@@ -4,9 +4,6 @@ description: Learn how to add exemptions for any network traffic that uses the I
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Exempt ICMP from Authentication

windows/security/operating-system-security/network-security/windows-firewall/exemption-list.md

@@ -4,9 +4,6 @@ description: Learn about reasons to add devices to an exemption list in Windows
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Exemption List

windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md

@@ -3,9 +3,6 @@ title: Filter origin audit log improvements
 description: Filter origin documentation audit log improvements
 ms.prod: windows-client
 ms.topic: troubleshooting
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ms.date: 12/31/2017
 ---
 
@@ -29,19 +26,19 @@ The blocking filters can be categorized under these filter origins:
 
 2. Firewall default block filters
 
-    a.	AppContainer loopback
+    a.    AppContainer loopback
     
-    b.	Boottime default
+    b.    Boottime default
     
-    c.	Quarantine default
+    c.    Quarantine default
     
-    d.	Query user default
+    d.    Query user default
     
-    e.	Stealth
+    e.    Stealth
     
-    f.	Universal Windows Platform (UWP) default
+    f.    Universal Windows Platform (UWP) default
     
-    g.	Windows Service Hardening (WSH) default
+    g.    Windows Service Hardening (WSH) default
 
 The next section describes the improvements made to audits 5157 and 5152, and how the above filter origins are used in these events. These improvements were added in the Windows Server 2022 and Windows 11 releases.
  
@@ -59,8 +56,8 @@ To enable a specific audit event, run the corresponding command in an administra
 
 |**Audit #**|**Enable command**|**Link**|
 |:-----|:-----|:-----|
-|**5157**|`Auditpol /set /category:"System" /SubCategory:"Filtering Platform Connection" /success:enable /failure:enable`|[5157(F): The Windows Filtering Platform has blocked a connection.](../auditing/event-5157.md)|
-|**5152**|`Auditpol /set /category:"System" /SubCategory:"Filtering Platform Packet Drop" /success:enable /failure:enable`|[5152(F): The Windows Filtering Platform blocked a packet.](../auditing/event-5152.md)|
+|**5157**|`Auditpol /set /category:"System" /SubCategory:"Filtering Platform Connection" /success:enable /failure:enable`|[5157(F): The Windows Filtering Platform has blocked a connection.](../../../threat-protection/auditing/event-5157.md)|
+|**5152**|`Auditpol /set /category:"System" /SubCategory:"Filtering Platform Packet Drop" /success:enable /failure:enable`|[5152(F): The Windows Filtering Platform blocked a packet.](../../../threat-protection/auditing/event-5152.md)|
 
 ## Example flow of debugging packet drops with filter origin 
 
@@ -75,13 +72,13 @@ The next sections are divided by `Filter Origin` type, the value is either a rul
 Run the following PowerShell command to generate the rule information using `Filter Origin`. 
 
 ```Powershell
-Get-NetFirewallRule -Name “<Filter Origin>”
+Get-NetFirewallRule -Name "<Filter Origin>"
 Get-NetFirewallRule -Name " {A549B7CF-0542-4B67-93F9-EEBCDD584377} "
 ```
 
 ![Firewall rule.](images/firewallrule.png)
 
-After identifying the rule that caused the drop, the network admin can now modify/disable the rule to allow the traffic they want through command prompt or using the Windows Defender UI. The network admin can find the rule in the UI with the rule’s `DisplayName`.
+After identifying the rule that caused the drop, the network admin can now modify/disable the rule to allow the traffic they want through command prompt or using the Windows Defender UI. The network admin can find the rule in the UI with the rule's `DisplayName`.
 
 >[!NOTE]
 > Firewall rules from Mobile Device Management (MDM) store cannot be searched using the Windows Defender UI. Additionally, the above method will not work when the `Filter Origin` is one of the default block filters, as they do not correspond to any firewall rules.
@@ -161,4 +158,4 @@ For more information on how to debug drops caused by UWP default block filters,
 
 **WSH default**
 
-Network drops from Windows Service Hardening (WSH) default filters indicate that there wasn’t an explicit Windows Service Hardening allow rule to allow network traffic for the protected service. The service owner will need to configure allow rules for the service if the block isn't expected.
+Network drops from Windows Service Hardening (WSH) default filters indicate that there wasn't an explicit Windows Service Hardening allow rule to allow network traffic for the protected service. The service owner will need to configure allow rules for the service if the block isn't expected.

windows/security/operating-system-security/network-security/windows-firewall/firewall-gpos.md

@@ -4,9 +4,6 @@ description: In this example, a Group Policy Object is linked to the domain cont
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Firewall GPOs