Merge branch 'main' into patch-1

2025-05-21 09:47:22 +00:00 · 2025-05-19 15:38:26 -07:00 · 2025-05-19 15:38:26 -07:00 · 5cd34a54d5
commit 5cd34a54d5
parent a7e415ad40 685b63e688
24 changed files with 220 additions and 94 deletions
--- a/windows/client-management/manage-click-to-do.md
+++ b/windows/client-management/manage-click-to-do.md
@ -20,9 +20,11 @@ appliesto:
 Click to Do (preview) helps users to get things done faster by identifying text and images that are currently on their screen so they can perform actions on them. This article provides information about Click to Do and how to manage it in a commercial environment.
 > [!NOTE]
 > - Click to Do is behind [temporary enterprise feature control](/windows/whats-new/temporary-enterprise-feature-control) and will be enabled when the next annual feature update is installed. To enable Click to Do, use the **Enable features introduced via servicing that are off by default** policy setting. For more information, see [Enable features introduced via servicing that are off by default](/windows/deployment/update/waas-configure-wufb#enable-features-introduced-via-servicing-that-are-off-by-default). <!--10088089-->
 > - In-market commercial devices are defined as devices with an Enterprise (ENT) or Education (EDU) SKU or any premium SKU device that is managed by an IT administrator (whether via Microsoft Endpoint Manager or other endpoint management solution), has a volume license key, or is joined to a domain. Commercial devices during Out of Box Experience (OOBE) are defined as those with ENT or EDU SKU or any premium SKU device that has a volume license key or is Microsoft Entra joined. 
 > - Click to Do is optimized for select languages English, Chinese (simplified), French, German, Japanese, and Spanish. Content-based and storage limitations apply. For more information, see [https://aka.ms/copilotpluspcs](https://aka.ms/copilotpluspcs).
 ## What is Click to Do?
 Click to Do (preview) analyzes what's on the screen and then allows users to choose the text or image they want to take action on. Users can open Click to Do by using **Windows key** + **Q** or with **Windows key** + **mouse click**. Other entry points for Click to Do include right swipe on touch enabled PCs, Snipping Tool, search results, and the Start menu.
@ -64,7 +66,8 @@ The policy setting below allows you to determine whether Click to Do is availabl
 - When the policy is disabled or not configured, users will have Click to Do available on their device.
 > [!Important]
-> This policy doesn't affect Click to Do in Recall. For more information, see [Manage Recall](manage-recall.md). 
+> - This policy doesn't affect Click to Do in Recall. For more information, see [Manage Recall](manage-recall.md).
 > - If a user prefers to disable Click to Do on their device, they can turn it **Off** using the **Click to Do** setting under **Settings** > **Privacy & security** > **Click to Do**. <!--10088089-->
 ## Click to Do privacy considerations  
--- a/windows/client-management/mdm/eap-configuration.md
+++ b/windows/client-management/mdm/eap-configuration.md
@ -1,12 +1,12 @@
 ---
 title: EAP configuration
-description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including details about EAP certificate filtering in Windows 10.
+description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including details about EAP certificate filtering in Windows.
 ms.date: 06/26/2017
 ---
 # EAP configuration
-This article provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including information about EAP certificate filtering in Windows 10.
+This article provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including information about EAP certificate filtering in Windows. While the screenshots are specifically for VPN, the EAP portions are applicable to Wi-Fi and Wired EAP profiles as well. For more information, see [Configure EAP profiles and settings in Windows](/windows-server/networking/technologies/extensible-authentication-protocol/configure-eap-profiles).
 ## Create an EAP configuration XML for a VPN profile
@ -292,6 +292,8 @@ Alternatively, you can use the following procedure to create an EAP configuratio
 > [!NOTE]
 > You can also set all the other applicable EAP Properties through this UI as well. A guide for what these properties mean can be found in the [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access) article.
-## Related topics
+## Related articles
-[Configuration service provider reference](index.yml)
+* [Configuration service provider reference](index.yml)
 * [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access)
 * [Configure EAP profiles and settings in Windows](/windows-server/networking/technologies/extensible-authentication-protocol/configure-eap-profiles)
--- a/windows/client-management/mdm/wifi-csp.md
+++ b/windows/client-management/mdm/wifi-csp.md
@ -1,7 +1,7 @@
 ---
 title: WiFi CSP
 description: Learn more about the WiFi CSP.
-ms.date: 03/12/2025
+ms.date: 05/13/2025
 ms.topic: generated-reference
 ---
@ -16,12 +16,11 @@ The WiFi configuration service provider provides the functionality to add or del
 Programming considerations:
- If the authentication method needs a certificate, for example, EAP-TLS requires client certificates, you must configure it through the CertificateStore configuration service provider. The WiFi configuration service provider doesn't provide that functionality; instead, the Wi-Fi profile can specify characteristics of the certificate to be used for choosing the right certificate for that network. The server must successfully enroll the certificate first before deploying the Wi-Fi network configuration. For example, for an EAP-TLS profile, the server must successfully configure and enroll the required client certificate before deploying the Wi-Fi profile. Self-signed certificate works for EAP-TLS/PEAP-MSCHAPv2, but it isn't supported in EAP-TLS.
+- If the authentication method needs a certificate (for example, client certificates for EAP-TLS), you must configure it through the [CertificateStore](certificatestore-csp.md) configuration service provider. The WiFi configuration service provider doesn't provide that functionality; instead, the Wi-Fi profile can specify characteristics of the certificate to be used for choosing the right certificate for that network. The server must successfully enroll the certificate first before deploying the Wi-Fi network configuration. For example, for an EAP-TLS profile, the server must successfully configure and enroll the required client certificate before deploying the Wi-Fi profile. Self-signed certificate works for EAP-TLS/PEAP-MSCHAPv2, but it isn't supported in EAP-TLS.
 - For WEP, WPA, and WPA2-based networks, include the passkey in the network configuration in plaintext. The passkey is encrypted automatically when it's stored on the device.
- The SSID of the Wi-Fi network part of the LocURI node must be a valid URI based on RFC 2396. This condition requires that all non-ASCII characters must be escaped using a %-character. Unicode characters without the necessary escaping aren't supported.
+- The `SSID` part of the LocURI node must be a valid URI based on RFC 2396. This condition requires that all nonexcluded ASCII characters must be escaped using a %-character, including replacing the space character (' ') with '%20'. Characters (including Unicode) without the necessary escaping aren't supported.
 - The `<name>name_goes_here</name>\<SSIDConfig>` must match `<SSID><name>name_goes_here</name></SSID>`.
 - For the WiFi CSP, you can't use the Replace command unless the node already exists.
- Using ProxyPacUrl or ProxyWPAD in Windows 10 client editions (Home, Pro, Enterprise, and Education) will result in failure.
+- Using `Proxy`, `ProxyPacUrl` or `ProxyWPAD` in Windows client editions (Home, Pro, Enterprise, and Education) may fail or have no effect. Use [NetworkProxy](networkproxy-csp.md) CSP instead.
 <!-- WiFi-Editable-End -->
 <!-- WiFi-Tree-Begin -->
@ -108,9 +107,13 @@ The Profile name of the Wi-Fi network. This is added when WlanXml node is added
 <!-- Device-Profile-{SSID}-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-Specifies the name of the Wi-Fi network (32 bytes maximum) to create, configure, query, or delete. The name is case sensitive and can be represented in ASCII.
+Specifies the Profile name of the Wi-Fi network (32 bytes maximum) to create, configure, query, or delete. The name is case sensitive and can be represented in ASCII. In the URI, it must be %-escaped, but the non-%-escaped value is used inside the system.
 > [!NOTE]
 > This field is the Profile Name that appears as a "Friendly Name" to the user and contains the Wi-Fi settings information. The non-%-escaped value must correspond to `<name>` in `<WLANProfile> <name>`.
 The Profile name can be the same or different from the SSID of the actual network being broadcast (which is under `<WLANProfile> <SSIDConfig> <SSID> <name>`). For example, the broadcast SSID might be "CC_Corp_7" but the Profile name might be "ContosoWiFi".
 SSID is the name of network you're connecting to, while Profile name is the name of the Profile that contains the WiFi settings information. If the Profile name isn't set right in the MDM SyncML, as per the information in the WiFi settings XML, it could lead to some unexpected errors. For example, `<LocURI>./Vendor/MSFT/WiFi/Profile/<MUST BE NAME OF PROFILE AS PER WIFI XML>/WlanXml</LocURI>`.
 <!-- Device-Profile-{SSID}-Editable-End -->
 <!-- Device-Profile-{SSID}-DFProperties-Begin -->
@ -125,6 +128,32 @@ SSID is the name of network you're connecting to, while Profile name is the name
 <!-- Device-Profile-{SSID}-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 In the following example, the 'ContosoWiFi' Profile is added, targeting the 'CC_Corp_7' SSID. The rest of the profile is omitted for brevity - for complete examples, see [Add a network](#add-a-network).
 ```xml
 <Atomic>
  <CmdID>300</CmdID>
  <Add>
    <CmdID>301</CmdID>
    <Item>
      <Target>
        <LocURI>./Vendor/MSFT/WiFi/Profile/ContosoWiFi/WlanXml</LocURI>
      </Target>
      <Meta>
        <Format xmlns="syncml:metinf">chr</Format>
      </Meta>
      <Data><![CDATA[<?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"><name>ContosoWiFi</name><SSIDConfig><SSID><name>CC_Corp_7</name></SSID></SSIDConfig>{...}</WLANProfile>]]></Data>
    </Item>
  </Add>
 </Atomic>
 ```
 > [!IMPORTANT]
 > If the Profile name isn't set correctly in the MDM SyncML, as per the information in the Wi-Fi settings XML (`<WLANProfile>`), it could lead to some unexpected errors at runtime. In other words, if the profile is `<WLANProfile><name>Contoso Wi-Fi</name>{...}`, the MDM SyncML must be `<LocURI>./Vendor/MSFT/WiFi/Profile/Contoso%20Wi-Fi/WlanXml</LocURI>`.
 >
 > In this example, if we instead had `<LocURI>./Vendor/MSFT/WiFi/Profile/CC_Corp_7/WlanXml</LocURI>`, the profile would be considered to be User provisioned, not MDM provisioned, which may cause users to connect to the wrong network.
 <!-- Device-Profile-{SSID}-Examples-End -->
 <!-- Device-Profile-{SSID}-End -->
@ -200,6 +229,9 @@ Optional node. The format is url:port. Configuration of the network proxy (if an
 <!-- Device-Profile-{SSID}-Proxy-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Don't use. Using this configuration in Windows client editions may fail or have no effect. Use [NetworkProxy](networkproxy-csp.md) CSP instead.
 <!-- Device-Profile-{SSID}-Proxy-Editable-End -->
 <!-- Device-Profile-{SSID}-Proxy-DFProperties-Begin -->
@ -240,7 +272,8 @@ Optional node. URL to the PAC file location.
 <!-- Device-Profile-{SSID}-ProxyPacUrl-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Don't use. Using this configuration in Windows 10 client editions will result in failure.
+> Don't use. Using this configuration in Windows client editions may fail or have no effect. Use [NetworkProxy](networkproxy-csp.md) CSP instead.
 <!-- Device-Profile-{SSID}-ProxyPacUrl-Editable-End -->
 <!-- Device-Profile-{SSID}-ProxyPacUrl-DFProperties-Begin -->
@ -281,7 +314,8 @@ Optional node. The presence of the field enables WPAD for proxy lookup.
 <!-- Device-Profile-{SSID}-ProxyWPAD-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Don't use. Using this configuration in Windows 10 client editions will result in failure.
+> Don't use. Using this configuration in Windows client editions may fail or have no effect. Use [NetworkProxy](networkproxy-csp.md) CSP instead.
 <!-- Device-Profile-{SSID}-ProxyWPAD-Editable-End -->
 <!-- Device-Profile-{SSID}-ProxyWPAD-DFProperties-Begin -->
@ -382,12 +416,13 @@ Link to schema: <https://msdn.microsoft.com/library/windows/desktop/ms707341(v=v
 <!-- Device-Profile-{SSID}-WlanXml-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-The profile XML must be escaped, as shown in the examples below.
+The profile XML must be escaped, as shown in the following examples.
 If it exists in the blob, the **keyType** and **protected** elements must come before **keyMaterial**, as shown in the example in [WPA2-Personal Profile Sample](/windows/win32/nativewifi/wpa2-personal-profile-sample).
 > [!NOTE]
-> If you need to specify other advanced conditions, such as specifying criteria for certificates that can be used by the Wi-Fi profile, you can do so by specifying this through the EapHostConfig portion of the WlanXML. For more information, see [EAP configuration](./eap-configuration.md).
+> If you need to specify other advanced conditions, such as specifying criteria for certificates that can be used by the Wi-Fi profile, you can do so by specifying this through the [EapHostConfig](/windows/win32/eaphost/eaphostconfigschema-eaphostconfig-element) portion of the WlanXml ([WLANProfile](/windows/win32/nativewifi/wlan-profileschema-elements) > [MSM](/windows/win32/nativewifi/wlan-profileschema-msm-wlanprofile-element) > [security](/windows/win32/nativewifi/wlan-profileschema-security-msm-element) > [OneX](/windows/win32/nativewifi/onexschema-onex-element) > EAPConfig). For more information, see [EAP configuration](./eap-configuration.md) and [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access). For an example, see [Wireless profile samples](/windows/win32/nativewifi/wireless-profile-samples).
 <!-- Device-Profile-{SSID}-WlanXml-Editable-End -->
 <!-- Device-Profile-{SSID}-WlanXml-DFProperties-Begin -->
@ -401,6 +436,7 @@ If it exists in the blob, the **keyType** and **protected** elements must come b
 <!-- Device-Profile-{SSID}-WlanXml-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 See [Add a network](#add-a-network) for examples.
 <!-- Device-Profile-{SSID}-WlanXml-Examples-End -->
 <!-- Device-Profile-{SSID}-WlanXml-End -->
@ -466,9 +502,7 @@ The Profile name of the Wi-Fi network. This is added when WlanXml node is added
 <!-- User-Profile-{SSID}-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-Specifies the name of the Wi-Fi network (32 bytes maximum) to create, configure, query, or delete. The name is case sensitive and can be represented in ASCII.
+For more information, see [Device/Profile/{SSID}](#deviceprofilessid).
 SSID is the name of network you're connecting to, while Profile name is the name of the Profile that contains the WiFi settings information. If the Profile name isn't set right in the MDM SyncML, as per the information in the WiFi settings XML, it could lead to some unexpected errors. For example, `<LocURI>./Vendor/MSFT/WiFi/Profile/<MUST BE NAME OF PROFILE AS PER WIFI XML>/WlanXml</LocURI>`.
 <!-- User-Profile-{SSID}-Editable-End -->
 <!-- User-Profile-{SSID}-DFProperties-Begin -->
@ -558,6 +592,9 @@ Optional node. The format is url:port. Configuration of the network proxy (if an
 <!-- User-Profile-{SSID}-Proxy-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Don't use. Using this configuration in Windows client editions may fail or have no effect. Use [NetworkProxy](networkproxy-csp.md) CSP instead.
 <!-- User-Profile-{SSID}-Proxy-Editable-End -->
 <!-- User-Profile-{SSID}-Proxy-DFProperties-Begin -->
@ -598,7 +635,8 @@ Optional node. URL to the PAC file location.
 <!-- User-Profile-{SSID}-ProxyPacUrl-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Don't use. Using this configuration in Windows 10 client editions will result in failure.
+> Don't use. Using this configuration in Windows client editions may fail or have no effect. Use [NetworkProxy](networkproxy-csp.md) CSP instead.
 <!-- User-Profile-{SSID}-ProxyPacUrl-Editable-End -->
 <!-- User-Profile-{SSID}-ProxyPacUrl-DFProperties-Begin -->
@ -639,7 +677,8 @@ Optional node. The presence of the field enables WPAD for proxy lookup.
 <!-- User-Profile-{SSID}-ProxyWPAD-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Don't use. Using this configuration in Windows 10 client editions will result in failure.
+> Don't use. Using this configuration in Windows client editions may fail or have no effect. Use [NetworkProxy](networkproxy-csp.md) CSP instead.
 <!-- User-Profile-{SSID}-ProxyWPAD-Editable-End -->
 <!-- User-Profile-{SSID}-ProxyWPAD-DFProperties-Begin -->
@ -740,12 +779,8 @@ Link to schema: <https://msdn.microsoft.com/library/windows/desktop/ms707341(v=v
 <!-- User-Profile-{SSID}-WlanXml-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The profile XML must be escaped, as shown in the examples below.
-If it exists in the blob, the **keyType** and **protected** elements must come before **keyMaterial**, as shown in the example in [WPA2-Personal Profile Sample](/windows/win32/nativewifi/wpa2-personal-profile-sample).
+For more information, see [Device/Profile/{SSID}/WlanXml](#deviceprofilessidwlanxml).
 > [!NOTE]
 > If you need to specify other advanced conditions, such as specifying criteria for certificates that can be used by the Wi-Fi profile, you can do so by specifying this through the EapHostConfig portion of the WlanXML. For more information, see [EAP configuration](./eap-configuration.md).
 <!-- User-Profile-{SSID}-WlanXml-Editable-End -->
 <!-- User-Profile-{SSID}-WlanXml-DFProperties-Begin -->
@ -771,7 +806,7 @@ These XML examples show how to perform various tasks using OMA DM.
 ### Add a network
-The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwork'.
+The following example shows how to add a WPA2-Enterprise network with SSID and profile name `MyNetwork` that authenticates with PEAP-MSCHAPv2. This example is based on the sample profile at [WPA2-Enterprise with PEAP-MSCHAPv2 profile sample](/windows/win32/nativewifi/wpa2-enterprise-with-peap-mschapv2-profile-sample).
 ```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
@ -787,7 +822,7 @@ The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwor
          <Meta>
            <Format xmlns="syncml:metinf">chr</Format>
          </Meta>
-          <Data><?xml version="1.0"?><WLANProfile xmlns="http://contoso.com/networking/WLAN/profile/v1"><name>MyNetwork</name><SSIDConfig><SSID><hex>412D4D534654574C414E</hex><name>MyNetwork</name></SSID><nonBroadcast>false</nonBroadcast></SSIDConfig><connectionType>ESS</connectionType><connectionMode>manual</connectionMode><MSM><security><authEncryption><authentication>WPA2</authentication><encryption>AES</encryption><useOneX>true</useOneX></authEncryption><OneX xmlns="http://contoso.com/networking/OneX/v1"><authMode>user</authMode><EAPConfig><EapHostConfig xmlns="http://contoso.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://contoso.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://contoso.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://contoso.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://contoso.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://contoso.com/provisioning/EapHostConfig"><Eap xmlns="http://contoso.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://contoso.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation><ServerNames></ServerNames></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://contoso.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://contoso.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>false</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://contoso.com/provisioning/MsPeapConnectionPropertiesV2">false</PerformServerValidation><AcceptServerName xmlns="http://contoso.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile> </Data>
+          <Data><![CDATA[<?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"><name>MyNetwork</name><SSIDConfig><SSID><hex>4d794e6574776f726b</hex><name>MyNetwork</name></SSID><nonBroadcast>false</nonBroadcast></SSIDConfig><connectionType>ESS</connectionType><connectionMode>manual</connectionMode><MSM><security><authEncryption><authentication>WPA2</authentication><encryption>AES</encryption><useOneX>true</useOneX></authEncryption><OneX xmlns="http://www.microsoft.com/networking/OneX/v1"><authMode>user</authMode><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation><ServerNames></ServerNames></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>false</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile>]]></Data>
        </Item>
      </Add>
    </Atomic>
@ -796,6 +831,49 @@ The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwor
 </SyncML>
 ```
 The following example shows how to add a WPA3-Enterprise network with profile name `My Network` and SSID `MySSID` that authenticates with EAP-TLS. This example is based on the sample profile at [WPA2-Enterprise with TLS profile sample](/windows/win32/nativewifi/wpa2-enterprise-with-tls-profile-sample).
 > [!IMPORTANT]
 > Notice how the space is %-escaped in the `LocURI` and unescaped in the `WLANProfile` > `name`.
 ```xml
 <Atomic>
  <CmdID>300</CmdID>
  <Add>
    <CmdID>301</CmdID>
    <Item>
      <Target>
        <LocURI>./Vendor/MSFT/WiFi/Profile/My%20Network/WlanXml</LocURI>
      </Target>
      <Meta>
        <Format xmlns="syncml:metinf">chr</Format>
      </Meta>
      <Data><![CDATA[<?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"><name>My Network</name><SSIDConfig><SSID><name>MySSID</name></SSID></SSIDConfig><connectionType>ESS</connectionType><connectionMode>auto</connectionMode><MSM><security><authEncryption><authentication>WPA3ENT</authentication><encryption>AES</encryption><useOneX>true</useOneX></authEncryption><PMKCacheMode>enabled</PMKCacheMode><PMKCacheTTL>720</PMKCacheTTL><PMKCacheSize>128</PMKCacheSize><preAuthMode>disabled</preAuthMode><OneX xmlns="http://www.microsoft.com/networking/OneX/v1"><authMode>machine</authMode><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">13</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>13</Type><EapType xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1"><CredentialsSource><CertificateStore><SimpleCertSelection>true</SimpleCertSelection></CertificateStore></CredentialsSource><ServerValidation><DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation><ServerNames></ServerNames><TrustedRootCA>00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff 00 11 22 33</TrustedRootCA></ServerValidation><DifferentUsername>false</DifferentUsername><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">true</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</AcceptServerName><TLSExtensions xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2"><FilteringInfo xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV3"><AllPurposeEnabled>false</AllPurposeEnabled><CAHashList Enabled="true"><IssuerHash>00112233445566778899aabbccddeeff00112233</IssuerHash></CAHashList><EKUMapping><EKUMap><EKUName>Client Authentication</EKUName><EKUOID>1.3.6.1.5.5.7.3.2</EKUOID></EKUMap></EKUMapping><ClientAuthEKUList Enabled="true"><EKUMapInList><EKUName>Client Authentication</EKUName></EKUMapInList></ClientAuthEKUList></FilteringInfo></TLSExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile>]]></Data>
    </Item>
  </Add>
 </Atomic>
 ```
 The following example shows how to add a WPA3-Personal (transition mode) network with profile name and SSID `MyNetwork` that includes the passphrase `TestPassword1!`. This example is based on the sample profile at [WPA3-Personal with transition mode profile sample](/windows/win32/nativewifi/wpa3-personal-transition-profile-sample).
 ```xml
 <Atomic>
  <CmdID>300</CmdID>
  <Add>
    <CmdID>301</CmdID>
    <Item>
      <Target>
        <LocURI>./Vendor/MSFT/WiFi/Profile/MyNetwork/WlanXml</LocURI>
      </Target>
      <Meta>
        <Format xmlns="syncml:metinf">chr</Format>
      </Meta>
      <Data><![CDATA[<?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"><name>MyNetwork</name><SSIDConfig><SSID><name>MyNetwork</name></SSID></SSIDConfig><connectionType>ESS</connectionType><connectionMode>auto</connectionMode><MSM><security><authEncryption><authentication>WPA3SAE</authentication><encryption>AES</encryption><useOneX>false</useOneX><transitionMode xmlns="http://www.microsoft.com/networking/WLAN/profile/v4">true</transitionMode></authEncryption><sharedKey><keyType>passPhrase</keyType><protected>false</protected><keyMaterial>TestPassword1!</keyMaterial></sharedKey></security></MSM></WLANProfile>]]></Data>
    </Item>
  </Add>
 </Atomic>
 ```
 ### Query network profiles
 The following example shows how to query Wi-Fi profiles installed on an MDM server.
@ -828,7 +906,7 @@ The following example shows the response.
 ### Remove a network
-The following example shows how to remove a network with SSID 'MyNetwork' and no proxy. Removing all network authentication types is done in this same manner.
+The following example shows how to remove a network with SSID `MyNetwork` and no proxy. Removing all network authentication types is done in this same manner.
 ```xml
 <Atomic>
@ -843,32 +921,13 @@ The following example shows how to remove a network with SSID 'MyNetwork' and no
  </Delete>
 </Atomic>
 ```
 ### Add a network and certification authority for a server certificate
 The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwork' and root CA validation for server certificate.
 ```xml
 <Atomic>
  <CmdID>300</CmdID>
  <Add>
    <CmdID>301</CmdID>
    <Item>
      <Target>
        <LocURI>./Vendor/MSFT/WiFi/Profile/MyNetwork/WlanXml</LocURI>
      </Target>
      <Meta>
        <Format xmlns="syncml:metinf">chr</Format>
      </Meta>
      <Data><?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"><name>MyNetwork</name><SSIDConfig><SSID><name>MyNetwork</name></SSID><nonBroadcast>false</nonBroadcast></SSIDConfig><connectionType>ESS</connectionType><connectionMode>manual</connectionMode><MSM><security><authEncryption><authentication>WPA2</authentication><encryption>AES</encryption><useOneX>true</useOneX></authEncryption><OneX xmlns="http://www.microsoft.com/networking/OneX/v1"><authMode>user</authMode><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation><ServerNames></ServerNames><TrustedRootCA> InsertCertThumbPrintHere </TrustedRootCA></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>false</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile> </Data>
    </Item>
  </Add>
 </Atomic>
 ```
 <!-- WiFi-CspMoreInfo-End -->
 <!-- WiFi-End -->
 ## Related articles
-[Configuration service provider reference](configuration-service-provider-reference.md)
+- [Wireless profile samples](/windows/win32/nativewifi/wireless-profile-samples)
 - [Configuration service provider reference](configuration-service-provider-reference.md)
 - [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access)
 - [Configure EAP profiles and settings in Windows](/windows-server/networking/technologies/extensible-authentication-protocol/configure-eap-profiles)
--- a/windows/client-management/mdm/wirednetwork-csp.md
+++ b/windows/client-management/mdm/wirednetwork-csp.md
@ -1,7 +1,7 @@
 ---
 title: WiredNetwork CSP
 description: Learn more about the WiredNetwork CSP.
-ms.date: 03/12/2025
+ms.date: 05/14/2025
 ms.topic: generated-reference
 ---
@ -88,6 +88,11 @@ XML describing the wired network configuration and follows the LAN_profile schem
 <!-- Device-LanXML-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The profile XML must be escaped, as shown in the following examples.
 > [!NOTE]
 > If you need to specify other advanced conditions, such as specifying criteria for certificates that can be used by the LAN profile, you can do so by specifying this through the [EapHostConfig](/windows/win32/eaphost/eaphostconfigschema-eaphostconfig-element) portion of the LanXML ([LANProfile](/windows/win32/nativewifi/lan-profileschema-schema) > [MSM](/windows/win32/nativewifi/lan-profileschema-msm-lanprofile-element) > [security](/windows/win32/nativewifi/lan-profileschema-security-msm-element) > [OneX](/windows/win32/nativewifi/onexschema-onex-element) > EAPConfig). For more information, see [EAP configuration](./eap-configuration.md) and [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access). For an example, see [Wired Profile Samples](/windows/win32/nativewifi/wired-profile-samples).
 <!-- Device-LanXML-Editable-End -->
 <!-- Device-LanXML-DFProperties-Begin -->
@ -101,6 +106,7 @@ XML describing the wired network configuration and follows the LAN_profile schem
 <!-- Device-LanXML-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 See [Examples](#examples).
 <!-- Device-LanXML-Examples-End -->
 <!-- Device-LanXML-End -->
@ -167,6 +173,7 @@ XML describing the wired network configuration and follows the LAN_profile schem
 <!-- User-LanXML-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 For more information, see [Device/LanXML](#devicelanxml).
 <!-- User-LanXML-Editable-End -->
 <!-- User-LanXML-DFProperties-Begin -->
@ -188,7 +195,7 @@ XML describing the wired network configuration and follows the LAN_profile schem
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 ## Examples
-The following example shows how to add a wired network profile:
+The following example shows how to add a wired network profile that authenticates with PEAP-MSCHAPv2. This example is based on the sample profile at [PEAP Profile Sample](/windows/win32/nativewifi/peap-profile-sample)
 ```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
@ -202,7 +209,7 @@ The following example shows how to add a wired network profile:
        <Meta>
          <Format xmlns="syncml:metinf">chr</Format>
        </Meta>
-        <Data><?xml version="1.0"?><LANProfile xmlns="http://www.microsoft.com/networking/LAN/profile/v1"><MSM><security><OneXEnforced>false</OneXEnforced><OneXEnabled>true</OneXEnabled><OneX xmlns="http://www.microsoft.com/networking/OneX/v1"><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation><ServerNames></ServerNames></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>false</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName><PeapExtensionsV2 xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2"><AllowPromptingWhenServerCANotFound xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV3">true</AllowPromptingWhenServerCANotFound></PeapExtensionsV2></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig></OneX></security></MSM></LANProfile> </Data>
+        <Data><![CDATA[<?xml version="1.0"?><LANProfile xmlns="http://www.microsoft.com/networking/LAN/profile/v1"><MSM><security><OneXEnforced>false</OneXEnforced><OneXEnabled>true</OneXEnabled><OneX xmlns="http://www.microsoft.com/networking/OneX/v1"><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation><ServerNames></ServerNames></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>false</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName><PeapExtensionsV2 xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2"><AllowPromptingWhenServerCANotFound xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV3">true</AllowPromptingWhenServerCANotFound></PeapExtensionsV2></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig></OneX></security></MSM></LANProfile>]]></Data>
      </Item>
    </Add>
  </SyncBody>
@ -214,4 +221,7 @@ The following example shows how to add a wired network profile:
 ## Related articles
-[Configuration service provider reference](configuration-service-provider-reference.md)
+- [Wired profile samples](/windows/win32/nativewifi/wired-profile-samples)
 - [Configuration service provider reference](configuration-service-provider-reference.md)
 - [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access)
 - [Configure EAP profiles and settings in Windows](/windows-server/networking/technologies/extensible-authentication-protocol/configure-eap-profiles)
--- a/windows/configuration/assigned-access/configuration-file.md
+++ b/windows/configuration/assigned-access/configuration-file.md
@ -127,7 +127,7 @@ Example of two profiles, a desktop app and a UWP app:
 ### AllAppList
-Based on the purpose of the kiosk device, define the list of applications that are allowed to run. This list can contain both UWP apps and desktop apps. When the mult-app kiosk configuration is applied to a device, AppLocker rules are generated to allow the apps that are listed in the configuration.
+Based on the purpose of the kiosk device, define the list of applications that are allowed to run. This list can contain both UWP apps and desktop apps. When the multi-app kiosk configuration is applied to a device, AppLocker rules are generated to allow the apps that are listed in the configuration.
 > [!NOTE]
 > If an app has a dependency on another app, both must be included in the allowed apps list.
@ -157,11 +157,19 @@ Example:
 </AllAppsList>
 ```
-> [!IMPORTANT]
+#### Microsoft Edge secondary tiles considerations
-> If you pins elements to the Start menu with Microsoft Edge secondary tiles, include the following apps in the allowed apps list:
+
->
+Microsoft Edge secondary tiles are pinned website shortcuts that appear on the Start menu. These pins provide quick access to specific websites directly from the Start menu, functioning similarly to app shortcuts.
-> - `<App DesktopAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge_proxy.exe" />`
+
-> - `<App AppUserModelId="Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe!App"/>`
+If you pin elements to the Start menu with Microsoft Edge secondary tiles, include the following apps in the allowed apps list:
 ```xml
    <App DesktopAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
    <App DesktopAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge_proxy.exe" />
    <App AppUserModelId="Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe!App"/>
 ```
 For more information about Start menu customizations and pinning secondary tiles, see [Customize the Start layout](../start/layout.md).
 ::: zone pivot="windows-10"
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
@ -6,10 +6,12 @@ ms.subservice: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: laurawi
+manager: dansimp
 ms.date: 10/01/2024
 ms.topic: reference
-ms.collection: privacy-windows
+ms.collection: 
 - privacy-windows
 - must-keep
 ---
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@ -6,10 +6,12 @@ ms.subservice: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: laurawi
+manager: dansimp
 ms.date: 03/11/2016
 ms.collection: highpri
 ms.topic: how-to
 ms.collection: 
 - privacy-windows
 - must-keep
 ---
 # Configure Windows diagnostic data in your organization
--- a/windows/privacy/diagnostic-data-viewer-overview.md
+++ b/windows/privacy/diagnostic-data-viewer-overview.md
@ -6,10 +6,12 @@ ms.subservice: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: laurawi
+manager: dansimp
 ms.date: 01/09/2018
 ms.collection: highpri
 ms.topic: how-to
 ms.collection: 
 - privacy-windows
 - must-keep
 ---
 # Diagnostic Data Viewer Overview
--- a/windows/privacy/diagnostic-data-viewer-powershell.md
+++ b/windows/privacy/diagnostic-data-viewer-powershell.md
@ -6,9 +6,12 @@ ms.subservice: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: laurawi
+manager: dansimp
 ms.date: 12/13/2018
 ms.topic: how-to
 ms.collection: 
 - privacy-windows
 - must-keep
 ---
 # Diagnostic Data Viewer for PowerShell Overview
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@ -6,9 +6,12 @@ ms.subservice: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: laurawi
+manager: dansimp
 ms.date: 06/13/2024
 ms.topic: reference
 ms.collection: 
 - privacy-windows
 - must-keep
 ---
 # Essential services and connected experiences for Windows
--- a/windows/privacy/index.yml
+++ b/windows/privacy/index.yml
@ -13,9 +13,10 @@ metadata:
  ms.collection:
  - essentials-privacy
  - privacy-windows
  - must-keep
  author: DHB-MSFT
  ms.author: danbrown
-  manager: laurawi
+  manager: dansimp
  ms.date: 04/30/2025
  ms.localizationpriority: high
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
@ -6,9 +6,12 @@ ms.subservice: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: laurawi
+manager: dansimp
 ms.date: 05/15/2019
 ms.topic: reference
 ms.collection: 
 - privacy-windows
 - must-keep
 ---
 # Manage connections from Windows 10 and Windows 11 operating system components to Microsoft services using Microsoft Intune MDM Server
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@ -6,9 +6,12 @@ ms.subservice: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: laurawi
+manager: dansimp
 ms.date: 06/27/2024
 ms.topic: reference
 ms.collection: 
 - privacy-windows
 - must-keep
 ---
 # Manage connections from Windows 10 and Windows 11 operating system components to Microsoft services
--- a/windows/privacy/manage-windows-11-endpoints.md
+++ b/windows/privacy/manage-windows-11-endpoints.md
@ -6,9 +6,12 @@ ms.subservice: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: laurawi
+manager: dansimp
 ms.date: 10/06/2023
 ms.topic: reference
 ms.collection: 
 - privacy-windows
 - must-keep
 ---
 # Manage connection endpoints for Windows 11 Enterprise
--- a/windows/privacy/manage-windows-1809-endpoints.md
+++ b/windows/privacy/manage-windows-1809-endpoints.md
@ -6,9 +6,12 @@ ms.subservice: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: laurawi
+manager: dansimp
 ms.date: 01/18/2018
 ms.topic: reference
 ms.collection: 
 - privacy-windows
 - must-keep
 ---
 # Manage connection endpoints for Windows 10 Enterprise, version 1809
--- a/windows/privacy/manage-windows-21h2-endpoints.md
+++ b/windows/privacy/manage-windows-21h2-endpoints.md
@ -6,9 +6,12 @@ ms.subservice: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: laurawi
+manager: dansimp
 ms.date: 01/18/2018
 ms.topic: reference
 ms.collection: 
 - privacy-windows
 - must-keep
 ---
 # Manage connection endpoints for Windows 10 Enterprise, version 21H2
--- a/windows/privacy/optional-diagnostic-data.md
+++ b/windows/privacy/optional-diagnostic-data.md
@ -6,10 +6,12 @@ ms.subservice: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: laurawi
+manager: dansimp
 ms.date: 03/31/2017
 ms.collection: highpri
 ms.topic: reference
 ms.collection: 
 - privacy-windows
 - must-keep
 ---
 # Optional diagnostic data for Windows 11 and Windows 10
--- a/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md
+++ b/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md
@ -7,10 +7,12 @@ ms.subservice: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: laurawi
+manager: dansimp
 ms.date: 10/01/2024
 ms.topic: reference
-ms.collection: privacy-windows
+ms.collection: 
 - privacy-windows
 - must-keep
 ---
 # Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2
--- a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md
+++ b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md
@ -7,10 +7,12 @@ ms.subservice: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: laurawi
+manager: dansimp
 ms.date: 10/01/2024
 ms.topic: reference
-ms.collection: privacy-windows
+ms.collection: 
 - privacy-windows
 - must-keep
 ---
 # Required diagnostic events and fields for Windows 11, version 24H2
--- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
+++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
@ -6,9 +6,11 @@ ms.subservice: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: laurawi
+manager: dansimp
 ms.date: 10/01/2024
-ms.collection: privacy-windows
+ms.collection: 
 - privacy-windows
 - must-keep
 ms.topic: reference
 ---
--- a/windows/privacy/windows-11-endpoints-non-enterprise-editions.md
+++ b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md
@ -6,9 +6,12 @@ ms.subservice: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: laurawi
+manager: dansimp
 ms.date: 10/06/2023
 ms.topic: reference
 ms.collection: 
 - privacy-windows
 - must-keep
 ---
 # Windows 11 connection endpoints for non-Enterprise editions
--- a/windows/privacy/windows-privacy-compliance-guide.md
+++ b/windows/privacy/windows-privacy-compliance-guide.md
@ -6,10 +6,13 @@ ms.subservice: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: laurawi
+manager: dansimp
 ms.date: 05/20/2019
 ms.topic: article
-ms.collection: essentials-compliance
+ms.collection: 
 - essentials-compliance
 - privacy-windows
 - must-keep
 ---
 # Windows Privacy Compliance:<br />A Guide for IT and Compliance Professionals
--- a/windows/security/identity-protection/passkeys/index.md
+++ b/windows/security/identity-protection/passkeys/index.md
@ -41,9 +41,12 @@ Passkeys have several advantages over passwords, including their ease of use and
 By default, Windows offers to save the passkey locally on the **Windows device**, in which case the passkey is protected by Windows Hello (biometrics and PIN). You can also choose to save the passkey in one of the following locations:
- **iPhone, iPad or Android device**: the passkey is saved on a phone or tablet, protected by the device's biometrics, if offered by the device. This option requires you to scan a QR code with your phone or tablet, which must be in proximity of the Windows device
+- **iPhone, iPad or Android device**: the passkey is saved on a phone or tablet, protected by the device's biometrics, if offered by the device. This option requires you to scan a QR code with your phone or tablet, which must be in proximity of the Windows device.
- **Linked device**: the passkey is saved on a phone or tablet, protected by the device's biometrics, if offered by the device. This option requires the linked device to be in proximity of the Windows device, and it's only supported for Android devices
+- **Linked device**: the passkey is saved on a phone or tablet, protected by the device's biometrics, if offered by the device. This option requires the linked device to be in proximity of the Windows device, and it's only supported for Android devices.
- **Security key**: the passkey is saved to a FIDO2 security key, protected by the key's unlock mechanism (for example, biometrics or PIN)
+- **Security key**: the passkey is saved to a FIDO2 security key, protected by the key's unlock mechanism (for example, biometrics or PIN).
 >[!NOTE]
 >Currently, Microsoft Entra ID passkeys can't be stored on Windows devices. To learn more, see [Passkey authentication matrix with Microsoft Entra ID](/entra/identity/authentication/concept-fido2-compatibility).
 Pick one of the following options to learn how to save a passkey, based on where you want to store it.
@ -388,9 +391,9 @@ To provide feedback for passkeys, open [**Feedback Hub**][FHUB] and use the cate
 [CSP-1]: /windows/client-management/mdm/policy-csp-bluetooth#allowadvertising
 [CSP-2]: /windows/client-management/mdm/policy-csp-bluetooth#allowdiscoverablemode
-[CSP-3]: /windows/client-management/mdm/policy-csp-bluetooth#allowprepairing
+[CSP-3]: /windows/client-management/mdm/policy-csp-bluetooth#allowpreparing
 [CSP-4]: /windows/client-management/mdm/policy-csp-bluetooth#allowpromptedproximalconnections
 [CSP-5]: /windows/client-management/mdm/policy-csp-bluetooth#servicesallowedlist
 [CSP-6]: /windows/client-management/mdm/policy-csp-deviceinstallation#preventinstallationofmatchingdeviceids
 [CSP-7]: /windows/client-management/mdm/policy-csp-deviceinstallation
-[CSP-8]: /windows/client-management/mdm/policy-csp-bluetooth
+[CSP-8]: /windows/client-management/mdm/policy-csp-bluetooth
--- a/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md
@ -71,7 +71,7 @@ For a UWP VPN plug-in, the app vendor controls the authentication method to be u
 ## Configure authentication
-See [EAP configuration](/windows/client-management/mdm/eap-configuration) for EAP XML configuration.
+See [EAP configuration](/windows/client-management/mdm/eap-configuration) and [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access) for EAP XML configuration.
 >[!NOTE]
 >To configure Windows Hello for Business authentication, follow the steps in [EAP configuration](/windows/client-management/mdm/eap-configuration) to create a smart card certificate. [Learn more about Windows Hello for Business.](../../../identity-protection/hello-for-business/index.md).
@ -79,4 +79,3 @@ See [EAP configuration](/windows/client-management/mdm/eap-configuration) for EA
 The following image shows the field for EAP XML in a Microsoft Intune VPN profile. The EAP XML field only appears when you select a built-in connection type (automatic, IKEv2, L2TP, PPTP).
 :::image type="content" source="images/vpn-eap-xml.png" alt-text="Screenshot showing EAP XML configuration in Intune profile.":::