VPN articles

windows/security/identity-protection/access-control/local-accounts.md

@@ -17,7 +17,7 @@ This article describes the default local user accounts for Windows operating sys
 
 ## About local user accounts
 
-Local user accounts are stored locally on the device. These accounts can be assigned rights and permissions on a particular device, but on that device only. Local user accounts are security principals that are used to secure and manage access to the resources on a device, for services or users.
+Local user accounts are defined locally on a device, and can be assigned rights and permissions on the device only. Local user accounts are security principals that are used to secure and manage access to the resources on a device, for services or users.
 
 ## Default local user accounts
 
@@ -84,9 +84,8 @@ HelpAssistant is the primary account that is used to establish a Remote Assistan
 
 The SIDs that pertain to the default HelpAssistant account include:
 
-- SID: `S-1-5-<domain>-13`, display name Terminal Server User. This group includes all users who sign in to a server with Remote Desktop Services enabled. Note: In Windows Server 2008, Remote Desktop Services is called Terminal Services.
-
-- SID: `S-1-5-<domain>-14`, display name Remote Interactive Logon. This group includes all users who connect to the computer by using a remote desktop connection. This group is a subset of the Interactive group. Access tokens that contain the Remote Interactive Logon SID also contain the Interactive SID.
+- SID: `S-1-5-<domain>-13`, display name *Terminal Server User*. This group includes all users who sign in to a server with Remote Desktop Services enabled.
+- SID: `S-1-5-<domain>-14`, display name *Remote Interactive Logon*. This group includes all users who connect to the computer by using a remote desktop connection. This group is a subset of the Interactive group. Access tokens that contain the Remote Interactive Logon SID also contain the Interactive SID.
 
 For the Windows Server operating system, Remote Assistance is an optional component that isn't installed by default. You must install Remote Assistance before it can be used.
 
@@ -109,7 +108,7 @@ For details about the HelpAssistant account attributes, see the following table.
 
 The DefaultAccount account, also known as the Default System Managed Account (DSMA), is a well-known user account type. DefaultAccount can be used to run processes that are either multi-user aware or user-agnostic.
 
-The DSMA is disabled by default on the desktop SKUs and on the Server operating systems with the desktop experience.
+The DSMA is disabled by default on the desktop editions and on the Server operating systems with the desktop experience.
 
 The DSMA has a well-known RID of `503`. The security identifier (SID) of the DSMA will thus have a well-known SID in the following format: `S-1-5-21-\<ComputerIdentifier>-503`.
 
@@ -154,13 +153,13 @@ On the other hand, the SYSTEM account does appear on an NTFS file system volume
 > [!NOTE]
 > To grant the account Administrators group file permissions does not implicitly give permission to the SYSTEM account. The SYSTEM account's permissions can be removed from a file, but we do not recommend removing them.
 
-## NETWORK SERVICE
+### NETWORK SERVICE
 
-The NETWORK SERVICE account is a predefined local account used by the service control manager (SCM). A service that runs in the context of the NETWORK SERVICE account presents the computer's credentials to remote servers. For more information, see [NetworkService Account](/windows/desktop/services/networkservice-account).
+The *NETWORK SERVICE* account is a predefined local account used by the service control manager (SCM). A service that runs in the context of the NETWORK SERVICE account presents the computer's credentials to remote servers. For more information, see [NetworkService Account](/windows/desktop/services/networkservice-account).
 
-## LOCAL SERVICE
+### LOCAL SERVICE
 
-The LOCAL SERVICE account is a predefined local account used by the service control manager. It has minimum privileges on the local computer and presents anonymous credentials on the network. For more information, see [LocalService Account](/windows/desktop/services/localservice-account).
+The *LOCAL SERVICE* account is a predefined local account used by the service control manager. It has minimum privileges on the local computer and presents anonymous credentials on the network. For more information, see [LocalService Account](/windows/desktop/services/localservice-account).
 
 ## How to manage local user accounts
 
@@ -196,7 +195,7 @@ Each of these approaches is described in the following sections.
 
 User Account Control (UAC) is a security feature that informs you when a program makes a change that requires administrative permissions. UAC works by adjusting the permission level of your user account. By default, UAC is set to notify you when applications try to make changes to your computer, but you can change when UAC notifies you.
 
-UAC makes it possible for an account with administrative rights to be treated as a standard user non-administrator account until full rights, also called elevation, is requested and approved. For example, UAC lets an administrator enter credentials during a non-administrator's user session to perform occasional administrative tasks without having to switch users, sign out, or use the **Run as** command.
+UAC makes it possible for an account with administrative rights to be treated as a standard user non-administrator account until full rights, also called elevation, is requested and approved. For example, UAC lets an administrator enter credentials during a non-administrator's user session to perform occasional administrative tasks without having to switch users, sign out, or use the *Run as* command.
 
 In addition, UAC can require administrators to specifically approve applications that make system-wide changes before those applications are granted permission to run, even in the administrator's user session.
 

windows/security/identity-protection/hello-for-business/hello-faq.yml

@@ -8,7 +8,7 @@ metadata:
     - highpri
     - tier1
   ms.topic: faq
-  ms.date: 03/09/2023
+  ms.date: 08/03/2023
 
 title: Common questions about Windows Hello for Business
 summary: Windows Hello for Business replaces password sign-in with strong authentication, using an asymmetric key pair. This Frequently Asked Questions (FAQ) article is intended to help you learn more about Windows Hello for Business.

windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md

@@ -1,7 +1,7 @@
 ---
 title: How to configure cryptographic settings for IKEv2 VPN connections
 description: Learn how to update the IKEv2 cryptographic settings of VPN servers and clients by running VPN cmdlets to secure connections.
-ms.date: 06/28/2023
+ms.date: 08/03/2023
 ms.topic: how-to
 ---
 

windows/security/operating-system-security/network-security/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md

@@ -1,13 +1,13 @@
 ---
 title: How to use Single Sign-On (SSO) over VPN and Wi-Fi connections
 description: Explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over WiFi or VPN connections.
-ms.date: 12/28/2022
+ms.date: 08/03/2023
 ms.topic: how-to
 ---
 
 # How to use Single Sign-On (SSO) over VPN and Wi-Fi connections
 
-This article explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over WiFi or VPN connections. The following scenarios are typically used:
+This article explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over Wi-Fi or VPN connections. The following scenarios are typically used:
 
 - Connecting to a network using Wi-Fi or VPN
 - Use credentials for Wi-Fi or VPN authentication to also authenticate requests to access domain resources, without being prompted for domain credentials
@@ -17,15 +17,15 @@ For example, you want to connect to a corporate network and access an internal w
 The credentials that are used for the connection authentication are placed in *Credential Manager* as the default credentials for the **logon session**. Credential Manager stores credentials that can be used for specific domain resources. These are based on the target name of the resource:
 
 - For VPN, the VPN stack saves its credential as the **session default**
-- For WiFi, Extensible Authentication Protocol (EAP) provides support
+- For Wi-Fi, Extensible Authentication Protocol (EAP) provides support
 
 The credentials are placed in Credential Manager as a *session credential*:
 
 - A *session credential* implies that it is valid for the current user session
-- The credentials are cleaned up when the WiFi or VPN connection is disconnected
+- The credentials are cleaned up when the Wi-Fi or VPN connection is disconnected
 
 > [!NOTE]
-> In Windows 10, version 21H2 and later, the *session credential* is not visible in Credential Manager.
+> In Windows 10, version 21H2 and later, the *session credential* isn't visible in Credential Manager.
 
 For example, if someone using Microsoft Edge tries to access a domain resource, Microsoft Edge has the right Enterprise Authentication capability. This allows [WinInet](/windows/win32/wininet/wininet-reference) to release the credentials that it gets from Credential Manager to the SSP that is requesting it.
 For more information about the Enterprise Authentication capability, see [App capability declarations](/windows/uwp/packaging/app-capability-declarations).

windows/security/operating-system-security/network-security/vpn/vpn-authentication.md

@@ -1,7 +1,7 @@
 ---
 title: VPN authentication options 
 description: Learn about the EAP authentication methods that Windows supports in VPNs to provide secure authentication using username/password and certificate-based methods.
-ms.date: 06/20/2023
+ms.date: 08/03/2023
 ms.topic: conceptual
 ---
 

windows/security/operating-system-security/network-security/vpn/vpn-auto-trigger-profile.md

@@ -1,7 +1,7 @@
 ---
 title: VPN auto-triggered profile options
 description: With auto-triggered VPN profile options, Windows can automatically establish a VPN connection based on IT admin-defined rules. Learn about the types of auto-trigger rules that you can create for VPN connections.
-ms.date: 05/24/2023
+ms.date: 08/03/2023
 ms.topic: conceptual
 ---
 

windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md

@@ -1,7 +1,7 @@
 ---
 title: VPN and conditional access
 description: Learn how to integrate the VPN client with the Conditional Access platform, and how to create access rules for Azure Active Directory (Azure AD) connected apps.
-ms.date: 05/23/2023
+ms.date: 08/03/2023
 ms.topic: conceptual
 ---
 

windows/security/operating-system-security/network-security/vpn/vpn-connection-type.md

@@ -1,7 +1,7 @@
 ---
-title: VPN connection types (Windows 10 and Windows 11)
+title: VPN connection types
 description: Learn about Windows VPN platform clients and the VPN connection-type features that can be configured.
-ms.date: 05/24/2022
+ms.date: 08/03/2023
 ms.topic: conceptual
 ---
 
@@ -16,6 +16,7 @@ There are many options for VPN clients. In Windows, the built-in plug-in and the
 ## Built-in VPN client
 
 Tunneling protocols:
+
 - [Internet Key Exchange version 2 (IKEv2)](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687731(v=ws.10)): configure the IPsec/IKE tunnel cryptographic properties using the **Cryptography Suite** setting in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp).
 - [L2TP](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687761(v=ws.10)): L2TP with pre-shared key (PSK) authentication can be configured using the **L2tpPsk** setting in the [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp).
 - [PPTP](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687676(v=ws.10))

windows/security/operating-system-security/network-security/vpn/vpn-guide.md

@@ -1,7 +1,7 @@
 ---
 title: Windows VPN technical guide
 description: Learn how to plan and configure Windows devices for your organization's VPN solution.
-ms.date: 05/24/2023
+ms.date: 08/03/2023
 ms.topic: conceptual
 ---
 

windows/security/operating-system-security/network-security/vpn/vpn-name-resolution.md

@@ -1,7 +1,7 @@
 ---
 title: VPN name resolution
 description: Learn how name resolution works when using a VPN connection.
-ms.date: 05/24/2023
+ms.date: 08/03/2023
 ms.topic: conceptual
 ---
 

windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md

@@ -2,7 +2,7 @@
 title: Optimize Microsoft 365 traffic for remote workers with the Windows VPN client
 description: Learn how to optimize Microsoft 365 traffic for remote workers with the Windows VPN client
 ms.topic: article
-ms.date: 05/24/2023
+ms.date: 08/03/2023
 ---
 # Optimize Microsoft 365 traffic for remote workers with the Windows VPN client
 

windows/security/operating-system-security/network-security/vpn/vpn-profile-options.md

@@ -1,13 +1,13 @@
 ---
 title: VPN profile options 
 description: Windows adds Virtual Private Network (VPN) profile options to help manage how users connect. VPNs give users secure remote access to the company network.
-ms.date: 05/17/2018
+ms.date: 08/03/2023
 ms.topic: conceptual
 ---
 
 # VPN profile options
 
-Most of the VPN settings in Windows 10 and Windows 11 can be configured in VPN profiles using Microsoft Intune or Microsoft Configuration Manager. All VPN settings in Windows 10 and Windows 11 can be configured using the **ProfileXML** node in the [VPNv2 configuration service provider (CSP)](/windows/client-management/mdm/vpnv2-csp). 
+Most of the VPN settings in Windows can be configured in VPN profiles using Microsoft Intune or Microsoft Configuration Manager. VPN settings can be configured using the **ProfileXML** node in the [VPNv2 configuration service provider (CSP)](/windows/client-management/mdm/vpnv2-csp).
 
 >[!NOTE]
 >If you're not familiar with CSPs, read [Introduction to configuration service providers (CSPs)](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) first.
@@ -38,7 +38,6 @@ The following table lists the VPN settings and whether the setting can be config
 
 The ProfileXML node was added to the VPNv2 CSP to allow users to deploy VPN profile as a single blob. This node is useful for deploying profiles with features that aren't yet supported by MDMs. You can get more examples in the [ProfileXML XSD](/windows/client-management/mdm/vpnv2-profile-xsd) article.
 
-
 ## Sample Native VPN profile
 
 The following sample is a sample Native VPN profile. This blob would fall under the ProfileXML node.

windows/security/operating-system-security/network-security/vpn/vpn-routing.md

@@ -1,5 +1,5 @@
 ---
-ms.date: 05/24/2023
+ms.date: 08/03/2023
 title: VPN routing decisions
 description: Learn about approaches that either send all data through a VPN or only selected data. The one you choose impacts capacity planning and security expectations.
 ms.topic: conceptual

windows/security/operating-system-security/network-security/vpn/vpn-security-features.md

@@ -1,7 +1,7 @@
 ---
 title: VPN security features
 description: Learn about security features for VPN, including LockDown VPN and traffic filters.
-ms.date: 05/24/2023
+ms.date: 08/03/2023
 ms.topic: conceptual
 ---