freshness

2025-05-12 13:27:23 +00:00 · 2023-12-18 18:49:26 -08:00 · 2023-12-18 18:49:26 -08:00 · 6854e7a354
commit 6854e7a354
parent cbbaeb16e2
6 changed files with 132 additions and 138 deletions
--- a/windows/whats-new/ltsc/index.yml
+++ b/windows/whats-new/ltsc/index.yml
@ -15,7 +15,7 @@ metadata:
  author: mestew
  ms.author: mstewart
  manager: aaroncz
-  ms.date: 05/22/2023
+  ms.date: 12/18/2023
  localization_priority: medium
 landingContent:
--- a/windows/whats-new/ltsc/overview.md
+++ b/windows/whats-new/ltsc/overview.md
@ -1,6 +1,6 @@
 ---
 title: Windows 10 Enterprise LTSC overview
-description: New and updated IT Pro content about new features in Windows 10, LTSC (also known as Windows 10 LTSB).
+description: An overview of the Windows 10 long-term servicing channel (LTSC).
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
@ -8,42 +8,43 @@ manager: aaroncz
 ms.localizationpriority: low
 ms.topic: overview
 ms.technology: itpro-fundamentals
-ms.date: 12/31/2017
+ms.date: 12/18/2023
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 Enterprise LTSC</a>
 ---
 # Windows 10 Enterprise LTSC
-This article provides links to  information about what's new in each release of Windows 10 Enterprise LTSC, and includes a short description of this servicing channel. 
+This article provides general information about the Windows 10 Enterprise long-term servicing channel (LTSC). For more information about the features in each available version of the Windows 10 LTSC, see the following articles:
-[What's New in Windows 10 Enterprise LTSC 2021](whats-new-windows-10-2021.md)<br>
+- [What's New in Windows 10 Enterprise LTSC 2021](whats-new-windows-10-2021.md)
-[What's New in Windows 10 Enterprise LTSC 2019](whats-new-windows-10-2019.md)<br>
+- [What's New in Windows 10 Enterprise LTSC 2019](whats-new-windows-10-2019.md)
-[What's New in Windows 10 Enterprise LTSC 2016](whats-new-windows-10-2016.md)<br>
+- [What's New in Windows 10 Enterprise LTSC 2016](whats-new-windows-10-2016.md)
-[What's New in Windows 10 Enterprise LTSC 2015](whats-new-windows-10-2015.md)
+- [What's New in Windows 10 Enterprise LTSC 2015](whats-new-windows-10-2015.md)
-## The Long-Term Servicing Channel (LTSC)
+## The long-term servicing channel (LTSC)
-The following table summarizes equivalent feature update versions of Windows 10 LTSC and General Availability Channel (GA Channel) releases.
+The following table summarizes equivalent feature update versions of Windows 10 LTSC and general availability channel (GA channel) releases:
-| LTSC release | Equivalent GA Channel release | Availability date |
+| LTSC release | Equivalent GA channel release | Availability date |
 | --- | --- | --- |
 | Windows 10 Enterprise LTSC 2015  | Windows 10, Version 1507 | 7/29/2015 |
 | Windows 10 Enterprise LTSC 2016  | Windows 10, Version 1607 | 8/2/2016 |
 | Windows 10 Enterprise LTSC 2019  | Windows 10, Version 1809 | 11/13/2018 |
 | Windows 10 Enterprise LTSC 2021  | Windows 10, Version 21H2 | 11/16/2021 |
 | Windows 10 Enterprise LTSC 2019  | Windows 10, Version 1809 | 11/13/2018 |
 | Windows 10 Enterprise LTSC 2016  | Windows 10, Version 1607 | 8/2/2016 |
 | Windows 10 Enterprise LTSC 2015  | Windows 10, Version 1507 | 7/29/2015 |
 > [!NOTE]
-> The Long-Term Servicing Channel was previously called the Long-Term Servicing Branch (LTSB). All references to LTSB are changed in this article to LTSC for consistency, even though the name of previous versions might still be displayed as LTSB.
+> The long-term servicing channel was previously called the long-term servicing branch (LTSB). All references to LTSB are changed in this article to LTSC for consistency, even though the name of previous versions might still be displayed as LTSB.
-With the LTSC servicing model, customers can delay receiving feature updates and instead only receive monthly quality updates on devices. Features from Windows 10 that could be updated with new functionality, including Cortana, Edge, and all in-box Universal Windows apps, are also not included. Feature updates are offered in new LTSC releases every 2–3 years instead of every 6 months, and organizations can choose to install them as in-place upgrades, or even skip releases. Microsoft is committed to providing bug fixes and security patches for each LTSC release during the extended LTSC servicing lifecycle. Always check your individual LTSC release to verify its servicing lifecycle. For more information, see [release information](/windows/release-health/release-information), or perform a search on the [product lifecycle information](/lifecycle/products/) page.
+With the LTSC servicing model, you can delay receiving *feature* updates and instead only receive monthly *quality* updates on devices. Features from Windows 10 that could be updated with new functionality, including Microsoft Edge and in-box Windows apps, are also not included. Feature updates are offered in new LTSC releases every several years instead of every few months. You can choose to install them as in-place upgrades, or even skip releases, what's best for your business requirements. Microsoft is committed to providing bug fixes and security patches for each LTSC release during the extended LTSC servicing lifecycle. Always check your individual LTSC release to verify its servicing lifecycle. For more information, see [release information](/windows/release-health/release-information), or search the [product lifecycle information](/lifecycle/products/) page.
 > [!IMPORTANT]
-> The Long-Term Servicing Channel is not intended for deployment on most or all the PCs in an organization. The LTSC edition of Windows 10 provides customers with access to a deployment option for their special-purpose devices and environments. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization. These devices are also typically not heavily dependent on support from external apps and tools. Since the feature set for LTSC does not change for the lifetime of the release, over time there might be some external tools that do not continue to provide legacy support. See [LTSC: What is it, and when it should be used](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181).
+> The long-term servicing channel isn't intended for deployment on most or all the PCs in an organization. The LTSC edition of Windows 10 provides a deployment option for special-purpose devices and environments. These devices typically do a single important task and don't need feature updates as frequently as other devices in the organization. These devices are also typically not heavily dependent on support from external apps and tools. Since the feature set for LTSC doesn't change for the lifetime of the release, over time there might be some external tools that don't continue to provide legacy support. For more information, see [LTSC: What is it, and when it should be used](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181).
 For detailed information about Windows 10 servicing, see [Overview of Windows as a service](/windows/deployment/update/waas-overview).
-## See Also
+For more information about Windows 10 servicing, see [Overview of Windows as a service](/windows/deployment/update/waas-overview).
-[What's New in Windows 10](../index.yml): See what’s new in other versions of Windows 10.<br>
+## See also
-[Windows 10 - Release information](/windows/release-health/release-information): Windows 10 current versions by servicing option.
+
 - [What's new in Windows](../index.yml): See what's new in other versions of Windows.
 - [Windows 10 release information](/windows/release-health/release-information): Windows 10 current versions by servicing option.
--- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md
@ -2,20 +2,23 @@
 title: What's new in Windows 10 Enterprise LTSC 2015
 manager: aaroncz
 ms.author: mstewart
-description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2015 (also known as Windows 10 Enterprise 2015 LTSB).
+description: New and updated IT pro content about new features in Windows 10 Enterprise LTSC 2015 (also known as Windows 10 Enterprise 2015 LTSB).
 ms.prod: windows-client
 author: mestew
 ms.localizationpriority: low
-ms.topic: article
+ms.topic: conceptual
 ms.technology: itpro-fundamentals
-ms.date: 02/26/2023
+ms.date: 12/18/2023
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/" target="_blank">Windows 10 Enterprise LTSC 2015</a>
 ---
 # What's new in Windows 10 Enterprise LTSC 2015
-This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2015 (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](overview.md).
+This article lists new and updated features and content that are of interest to IT pros for Windows 10 Enterprise LTSC 2015 (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](overview.md).
 > [!NOTE]
 > Windows 10 Enterprise LTSC 2015 was first available on July 29, 2015. Features in Windows 10 Enterprise LTSC 2015 are equivalent to Windows 10, version 1507.
 ## Deployment
@ -29,24 +32,24 @@ With Windows 10, you can create provisioning packages that let you quickly and e
 ### AppLocker
-AppLocker was available for Windows 8.1, and is improved with Windows 10. See [Requirements to use AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker) for a list of operating system requirements.
+AppLocker was available for Windows 8.1, and is improved with Windows 10. See [Requirements to use AppLocker](/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker) for a list of operating system requirements.
 Enhancements to AppLocker in Windows 10 include:
 -   A new parameter was added to the [New-AppLockerPolicy](/powershell/module/applocker/new-applockerpolicy) Windows PowerShell cmdlet that lets you choose whether executable and DLL rule collections apply to non-interactive processes. To enable this parameter, set the **ServiceEnforcement** to **Enabled**.
 -   A new [AppLocker](/windows/client-management/mdm/applocker-csp) configuration service provider was added to allow you to enable AppLocker rules by using an MDM server.
-[Learn how to manage AppLocker within your organization](/windows/device-security/applocker/applocker-overview).
+[Learn how to manage AppLocker within your organization](/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview).
 ### BitLocker
 Enhancements to AppLocker in Windows 10 include:
-   **Encrypt and recover your device with Azure Active Directory**. In addition to using a Microsoft Account, automatic [Device Encryption](/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10#device-encryption) can now encrypt your devices that are joined to an Azure Active Directory domain. When the device is encrypted, the BitLocker recovery key is automatically escrowed to Azure Active Directory. This escrow will make it easier to recover your BitLocker key online.
+-   **Encrypt and recover your device with Microsoft Entra**. In addition to using a Microsoft Account, automatic device encryption can now encrypt your devices that are joined to an Microsoft Entra domain. When the device is encrypted, the BitLocker recovery key is automatically escrowed to Microsoft Entra. This escrow will make it easier to recover your BitLocker key online.
-   **DMA port protection**. You can use the [DataProtection/AllowDirectMemoryAccess](/windows/client-management/mdm/policy-configuration-service-provider#dataprotection-allowdirectmemoryaccess) MDM policy to block DMA ports when the device is starting up. Also, when a device is locked, all unused DMA ports are turned off, but any devices that are already plugged into a DMA port will continue to work. When the device is unlocked, all DMA ports are turned back on.
+-   **DMA port protection**. You can use the [DataProtection/AllowDirectMemoryAccess](/windows/client-management/mdm/policy-csp-dataprotection#allowdirectmemoryaccess) MDM policy to block DMA ports when the device is starting up. Also, when a device is locked, all unused DMA ports are turned off, but any devices that are already plugged into a DMA port will continue to work. When the device is unlocked, all DMA ports are turned back on.
-   **New Group Policy for configuring pre-boot recovery**. You can now configure the pre-boot recovery message and recover URL that is shown on the pre-boot recovery screen. For more info, see the [Configure pre-boot recovery message and URL](/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-configurepreboot) section in "BitLocker Group Policy settings."
+-   **New Group Policy for configuring pre-boot recovery**. You can now configure the pre-boot recovery message and recover URL that is shown on the pre-boot recovery screen. For more infomation, see [BitLocker preboot recovery screen](/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen).
-[Learn how to deploy and manage BitLocker within your organization](/windows/device-security/bitlocker/bitlocker-overview).
+[Learn how to deploy and manage BitLocker within your organization](/windows/security/operating-system-security/data-protection/bitlocker/).
 ### Certificate management
@ -54,20 +57,22 @@ For Windows 10-based devices, you can use your MDM server to directly deploy cli
 ### Microsoft Passport
-In Windows 10, [Microsoft Passport](/windows/access-protection/hello-for-business/hello-identity-verification) replaces passwords with strong two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN.
+In Windows 10, [Microsoft Passport](/windows/security/identity-protection/hello-for-business/deploy/requirements) replaces passwords with strong two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN.
-Microsoft Passport lets users authenticate to a Microsoft account, an Active Directory account, a Microsoft Azure Active Directory (AD) account, or non-Microsoft service that supports Fast ID Online (FIDO) authentication. After an initial two-step verification during Microsoft Passport enrollment, a Microsoft Passport is set up on the user's device and the user sets a gesture, which can be Windows Hello or a PIN. The user provides the gesture to verify identity; Windows then uses Microsoft Passport to authenticate users and help them to access protected resources and services.
+Microsoft Passport lets users authenticate to a Microsoft account, an Active Directory account, a Microsoft Entra ID account, or non-Microsoft service that supports Fast ID Online (FIDO) authentication. After an initial two-step verification during Microsoft Passport enrollment, a Microsoft Passport is set up on the user's device and the user sets a gesture, which can be Windows Hello or a PIN. The user provides the gesture to verify identity; Windows then uses Microsoft Passport to authenticate users and help them to access protected resources and services.
 ### Security auditing
 In Windows 10, security auditing has added some improvements:
 -   [New audit subcategories](#bkmk-auditsubcat)
 -   [More info added to existing audit events](#bkmk-moreinfo)
 #### <a href="" id="bkmk-auditsubcat"></a>New audit subcategories
 In Windows 10, two new audit subcategories were added to the Advanced Audit Policy Configuration to provide greater granularity in audit events:
-   [Audit Group Membership](/windows/device-security/auditing/audit-group-membership) Found in the Logon/Logoff audit category, the Audit Group Membership subcategory allows you to audit the group membership information in a user's logon token. Events in this subcategory are generated when group memberships are enumerated or queried on the PC where the sign-in session was created. For an interactive logon, the security audit event is generated on the PC that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the PC hosting the resource.
+
 -   [Audit Group Membership](/windows/security/threat-protection/auditing/audit-handle-manipulation) Found in the Logon/Logoff audit category, the Audit Group Membership subcategory allows you to audit the group membership information in a user's logon token. Events in this subcategory are generated when group memberships are enumerated or queried on the PC where the sign-in session was created. For an interactive logon, the security audit event is generated on the PC that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the PC hosting the resource.
    When this setting is configured, one or more security audit events are generated for each successful sign-in. You must also enable the **Audit Logon** setting under **Advanced Audit Policy Configuration\\System Audit Policies\\Logon/Logoff**. Multiple events are generated if the group membership information can't fit in a single security audit event.
 -   [Audit PNP Activity](/windows/security/threat-protection/auditing/audit-pnp-activity) Found in the Detailed Tracking category, the Audit PNP Activity subcategory allows you to audit when plug and play detects an external device.
    Only Success audits are recorded for this category. If you don't configure this policy setting, no audit event is generated when an external device is detected by plug and play.
@ -76,6 +81,7 @@ In Windows 10, two new audit subcategories were added to the Advanced Audit Poli
 #### <a href="" id="bkmk-moreinfo"></a>More info added to existing audit events
 With Windows 10, version 1507, we've added more info to existing audit events to make it easier for you to put together a full audit trail and come away with the information you need to protect your enterprise. Improvements were made to the following audit events:
 -   [Changed the kernel default audit policy](#bkmk-kdal)
 -   [Added a default process SACL to LSASS.exe](#bkmk-lsass)
 -   [Added new fields in the logon event](#bkmk-logon)
@ -96,6 +102,7 @@ This process-when enabled-can help identify attacks that steal credentials from
 #### <a href="" id="bkmk-logon"></a>New fields in the sign-in event
 The sign-in event ID 4624 has been updated to include more verbose information to make them easier to analyze. The following fields have been added to event 4624:
 1.  **MachineLogon** String: yes or no
    If the account that signed in to the PC is a computer account, this field will be yes. Otherwise, the field is no.
 2.  **ElevatedToken** String: yes or no
@ -109,7 +116,6 @@ The sign-in event ID 4624 has been updated to include more verbose information t
    A list of all of the groups in the user's token.
 6.  **RestrictedAdminMode** String: yes or no
    If the user logs into the PC in restricted admin mode with Remote Desktop, this field will be yes.
    For more info on restricted admin mode, see [Restricted Admin mode for RDP](/archive/blogs/kfalde/restricted-admin-mode-for-rdp-in-windows-8-1-2012-r2).
 #### <a href="" id="bkmk-process"></a>New fields in the process creation event
@ -156,24 +162,25 @@ Event ID 4826 has been added to track the following changes to the Boot Configur
 #### <a href="" id="bkmk-pnp"></a>New PNP events
-Event ID 6416 has been added to track when an external device is detected through Plug and Play. One important scenario is if an external device that contains malware is inserted into a high-value machine that doesn’t expect this type of action, such as a domain controller.
+Event ID 6416 has been added to track when an external device is detected through Plug and Play. One important scenario is if an external device that contains malware is inserted into a high-value machine that doesn't expect this type of action, such as a domain controller.
 [Learn how to manage your security audit policies within your organization](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn319078(v=ws.11))
 ### Trusted Platform Module
 #### New TPM features in Windows 10
 The following sections describe the new and changed functionality in the TPM for Windows 10:
 -   [Device health attestation](#bkmk-dha)
-   [Microsoft Passport](/windows/access-protection/hello-for-business/hello-identity-verification) support
+-   [Microsoft Passport](/windows/security/identity-protection/hello-for-business/deploy/requirements) support
-   [Device Guard](/windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies) support
+-   [Device Guard](/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control) support
-   [Credential Guard](/windows/access-protection/credential-guard/credential-guard) support
+-   [Credential Guard](/windows/security/identity-protection/credential-guard/) support
 ### <a href="" id="bkmk-dha"></a>Device health attestation
 Device health attestation enables enterprises to establish trust based on hardware and software components of a managed device. With device health attestation, you can configure an MDM server to query a health attestation service that will allow or deny a managed device access to a secure resource.
 Some things that you can check on the device are:
 -   Is Data Execution Prevention supported and enabled?
 -   Is BitLocker Drive Encryption supported and enabled?
 -   Is SecureBoot supported and enabled?
@ -181,7 +188,7 @@ Some things that you can check on the device are:
 > [!NOTE]
 > The device must be running Windows 10 and it must support at least TPM 2.0.
-[Learn how to deploy and manage TPM within your organization](/windows/device-security/tpm//trusted-platform-module-overview).
+[Learn how to deploy and manage TPM within your organization](/windows/security/hardware-security/tpm/trusted-platform-module-overview).
 ### User Account Control
@ -189,13 +196,13 @@ User Account Control (UAC) helps prevent malware from damaging a computer and he
 You shouldn't turn off UAC because such a setting isn't supportive of devices running Windows 10. If you do turn off UAC, all Universal Windows Platform apps stop working. You must always set the **HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA** registry value to 1. If you need to provide auto elevation for programmatic access or installation, you could set the **HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ConsentPromptBehaviorAdmin** registry value to 0, which is the same as setting the UAC slider Never Notify. This setting isn't recommended for devices running Windows 10.
-For more info about how to manage UAC, see [UAC Group Policy Settings and Registry Key Settings](/windows/access-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings).
+For more info about how to manage UAC, see [UAC group policy settings and registry key settings](/windows/security/application-security/application-control/user-account-control/settings-and-configuration).
 In Windows 10, User Account Control has added some improvements:
 -   **Integration with the Antimalware Scan Interface (AMSI)**. The [AMSI](/windows/win32/amsi/antimalware-scan-interface-portal) scans all UAC elevation requests for malware. If malware is detected, the admin privilege is blocked.
-[Learn how to manage User Account Control within your organization](/windows/access-protection/user-account-control/user-account-control-overview).
+[Learn how to manage User Account Control within your organization](/windows/security/application-security/application-control/user-account-control/).
 ### VPN profile options
@ -207,7 +214,7 @@ Windows 10 provides a set of VPN features that both increase enterprise security
 - Lock down VPN
 - Integration with Microsoft Passport for Work
-[Learn more about the VPN options in Windows 10.](/windows/access-protection/vpn/vpn-profile-options)
+[Learn more about the VPN options in Windows 10.](/windows/security/operating-system-security/network-security/vpn/vpn-profile-options)
 ## Management
@ -216,11 +223,11 @@ Windows 10 provides mobile device management (MDM) capabilities for PCs, laptops
 ### MDM support
-MDM policies for Windows 10 align with the policies supported in Windows 8.1 and are expanded to address even more enterprise scenarios, such as managing multiple users who have Microsoft Azure Active Directory (Azure AD) accounts, full control over the Microsoft Store, VPN configuration, and more.
+MDM policies for Windows 10 align with the policies supported in Windows 8.1 and are expanded to address even more enterprise scenarios, such as managing multiple users who have Microsoft Entra ID accounts, full control over the Microsoft Store, VPN configuration, and more.
-MDM support in Windows 10 is based on [Open Mobile Alliance (OMA)](https://go.microsoft.com/fwlink/p/?LinkId=533885) Device Management (DM) protocol 1.2.1 specification.
+MDM support in Windows 10 is based on Open Mobile Alliance (OMA) Device Management (DM) protocol 1.2.1 specification.
-Corporate-owned devices can be enrolled automatically for enterprises using Azure AD. [Reference for Mobile device management for Windows 10](/windows/client-management/mdm/)
+Corporate-owned devices can be enrolled automatically for enterprises using Azure AD. [Reference for mobile device management for Windows 10](/windows/client-management/mdm/)
 ### Unenrollment
@ -265,17 +272,17 @@ Administrators can also use mobile device management (MDM) or Group Policy to di
 ## Updates 
-Windows Update for Business enables information technology administrators to keep the Windows 10-based devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Microsoft’s Windows Update service.
+Windows Update for Business enables information technology administrators to keep the Windows 10-based devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Microsoft's Windows Update service.
-By using [Group Policy Objects](/previous-versions/cc498727(v=msdn.10)), Windows Update for Business is an easily established and implemented system that enables organizations and administrators to exercise control on how their Windows 10-based devices are updated, by allowing:
+By using group policy objects, Windows Update for Business is an easily established and implemented system that enables organizations and administrators to exercise control on how their Windows 10-based devices are updated, by allowing:
 -   **Deployment and validation groups**; where administrators can specify which devices go first in an update wave, and which devices will come later (to ensure any quality bars are met).
 -   **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth efficient.
-   **Use with existing tools** such as Microsoft Intune and the [Enterprise Mobility Suite](/enterprise-mobility-security).
+-   **Use with existing tools** such as Microsoft Intune and Configuration Manager.
-Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, and provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)) and [Microsoft Configuration Manager](/configmgr).
+Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, and provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as Windows Server Update Services (WSUS) and [Microsoft Configuration Manager](/configmgr).
 Learn more about [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb).
--- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md
@ -2,29 +2,29 @@
 title: What's new in Windows 10 Enterprise LTSC 2016
 manager: aaroncz
 ms.author: mstewart
-description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2016 (also known as Windows 10 Enterprise 2016 LTSB).
+description: New and updated IT pro content about new features in Windows 10 Enterprise LTSC 2016 (also known as Windows 10 Enterprise 2016 LTSB).
 ms.prod: windows-client
 author: mestew
 ms.localizationpriority: low
-ms.topic: article
+ms.topic: conceptual
 ms.technology: itpro-fundamentals
-ms.date: 12/31/2017
+ms.date: 12/18/2023
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/" target="_blank">Windows 10 Enterprise LTSC 2016</a>
 ---
 # What's new in Windows 10 Enterprise LTSC 2016
-This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2016 (LTSB), compared to Windows 10 Enterprise LTSC 2015 (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](overview.md).
+This article lists new and updated features and content that are of interest to IT pros for Windows 10 Enterprise LTSC 2016 (LTSB), compared to Windows 10 Enterprise LTSC 2015 (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](overview.md).
->[!NOTE]
+> [!NOTE]
->Features in Windows 10 Enterprise LTSC 2016 are equivalent to Windows 10, version 1607.
+> Windows 10 Enterprise LTSC 2016 was first available on August 2, 2016. Features in Windows 10 Enterprise LTSC 2016 are equivalent to Windows 10, version 1607.
 ## Deployment
 ### Windows Imaging and Configuration Designer (ICD)
-In previous versions of the Windows 10 Assessment and Deployment Kit (ADK), you had to install more features for Windows ICD to run. Starting in this version of Windows 10, you can install just the configuration designer component independent of the rest of the imaging components. [Install the ADK.](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit)
+In previous versions of the Windows 10 Assessment and Deployment Kit (ADK), you had to install more features for Windows ICD to run. Starting in this version of Windows 10, you can install just the configuration designer component independent of the rest of the imaging components. [Install the ADK](/windows-hardware/get-started/adk-install).
 Windows ICD now includes simplified workflows for creating provisioning packages:
@ -39,7 +39,7 @@ Windows ICD now includes simplified workflows for creating provisioning packages
 >[!IMPORTANT]
 >Upgrade Readiness will not allow you to assess an upgrade to an LTSC release (LTSC builds are not available as target versions). However, you can enroll devices running LTSC to plan for an upgrade to a General Availability Channel release.
-Microsoft developed Upgrade Readiness in response to demand from enterprise customers looking for more direction and details about upgrading to Windows 10. Upgrade Readiness was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. 
+Microsoft developed Upgrade Readiness in response to demand from enterprise customers looking for more direction and details about upgrading to Windows 10. Upgrade Readiness was built taking into account multiple channels of customer feedback, testing, and Microsoft's experience upgrading millions of devices to Windows 10. 
 With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they're known to Microsoft.
@ -69,11 +69,11 @@ When Windows 10 was first shipped, it included Microsoft Passport and Windows He
 Other changes for Windows Hello in Windows 10 Enterprise LTSC 2016:
- Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys.
+- Personal (Microsoft account) and corporate (Active Directory or Entra ID) accounts use a single container for keys.
 - Group Policy settings for managing Windows Hello for Business are now available for both **User Configuration** and **Computer Configuration**.
 - Beginning in this version of Windows 10, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN, enable the Group Policy setting **Turn on convenience PIN sign-in**. 
-[Learn more about Windows Hello for Business.](/windows/access-protection/hello-for-business/hello-identity-verification)
+[Learn more about Windows Hello for Business.](/windows/security/identity-protection/hello-for-business/deploy/requirements)
 ### BitLocker
@ -101,7 +101,7 @@ Other changes for Windows Hello in Windows 10 Enterprise LTSC 2016:
 ### Windows Information Protection (WIP), formerly known as enterprise data protection (EDP)
-With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
+With the increase of employee-owned devices in the enterprise, there's also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise's control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
 Windows Information Protection (WIP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps.
@ -125,20 +125,20 @@ Several new features and management options have been added to Windows Defender
 With the growing threat from more sophisticated targeted attacks, a new security solution is imperative in securing an increasingly complex network ecosystem. Microsoft Defender for Endpoint is a security service, built into Windows 10 that enables enterprise customers detect, investigate, and respond to advanced threats on their networks.
-[Learn more about Microsoft Defender for Endpoint](/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection).
+[Learn more about Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/).
 ### VPN security
- The VPN client can integrate with the Conditional Access Framework, a cloud-based policy engine built into Azure Active Directory, to provide a device compliance option for remote clients.
+- The VPN client can integrate with the Conditional Access Framework, a cloud-based policy engine built into Microsoft Entra ID, to provide a device compliance option for remote clients.
 - The VPN client can integrate with Windows Information Protection (WIP) policy to provide extra security. [Learn more about Windows Information Protection](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip), previously known as Enterprise Data Protection.
- New VPNv2 configuration service provider (CSP) adds configuration settings. For details, see [What's new in MDM enrollment and management](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew_1607)
+- New VPNv2 configuration service provider (CSP) adds configuration settings. For details, see [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp)
 - Microsoft Intune: *VPN* profile template includes support for native VPN plug-ins. For more information, see [Create VPN profiles to connect to VPN servers in Intune](/mem/intune/configuration/vpn-settings-configure).
 ## Management
-### Use Remote Desktop Connection for PCs joined to Azure Active Directory
+### Use Remote Desktop Connection for PCs joined to Microsoft Entra ID
-From its release, Windows 10 has supported remote connections to PCs that are joined to Active Directory. Starting in this version of Windows 10, you can also connect to a remote PC that is joined to Azure Active Directory (Azure AD). [Learn about the requirements and supported configurations.](/windows/client-management/connect-to-remote-aadj-pc)
+From its release, Windows 10 has supported remote connections to PCs that are joined to Active Directory. Starting in this version of Windows 10, you can also connect to a remote PC that is joined to Microsoft Entra ID. [Learn about the requirements and supported configurations.](/windows/client-management/connect-to-remote-aadj-pc)
 ### Taskbar configuration
@ -146,7 +146,7 @@ Enterprise administrators can add and remove pinned apps from the taskbar. Users
 ### Mobile device management and configuration service providers (CSPs)
-Numerous settings have been added to the Windows 10 CSPs to expand MDM capabilities for managing devices. To learn more about the specific changes in MDM policies for this version of Windows 10, see [What's new in MDM enrollment and management](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew_1607).
+Numerous settings have been added to the Windows 10 CSPs to expand MDM capabilities for managing devices. To learn more about the specific changes in MDM policies for this version of Windows 10, see [What's new in MDM enrollment and management](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management).
 ### Shared PC mode
@ -154,9 +154,9 @@ This version of Windows 10, introduces shared PC mode, which optimizes Windows 1
 ### Application Virtualization (App-V) for Windows 10
-Application Virtualization (App-V) enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points, including the Microsoft Store, and interact with them as if they were installed locally.
+Application Virtualization (App-V) enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service - in real time and on as as-needed basis. Users launch virtual applications from familiar access points, including the Microsoft Store, and interact with them as if they were installed locally.
-With the release of this version of Windows 10, App-V is included with the Windows 10 for Enterprise edition. If you're new to Windows 10 and App-V or if you're upgrading from a previous version of App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. 
+With the release of this version of Windows 10, App-V is included with the Windows 10 for Enterprise edition. If you're new to Windows 10 and App-V or if you're upgrading from a previous version of App-V, you'll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. 
 [Learn how to deliver virtual applications with App-V.](/windows/application-management/app-v/appv-getting-started)
@ -166,13 +166,13 @@ Many users customize their settings for Windows and for specific applications. C
 With User Experience Virtualization (UE-V), you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users sign in, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they sign in to.
-With the release of this version of Windows 10, UE-V is included with the Windows 10 for Enterprise edition. If you're new to Windows 10 and UE-V or upgrading from a previous version of UE-V, you’ll need to download, activate, and install server- and client-side components to start synchronizing user-customized settings across devices. 
+With the release of this version of Windows 10, UE-V is included with the Windows 10 for Enterprise edition. If you're new to Windows 10 and UE-V or upgrading from a previous version of UE-V, you'll need to download, activate, and install server- and client-side components to start synchronizing user-customized settings across devices. 
 [Learn how to synchronize user-customized settings with UE-V.](/windows/configuration/ue-v/uev-for-windows)
 ## Microsoft Edge
-The new chromium-based Microsoft Edge isn't included in the LTSC release of Windows 10.  However, you can download and install it separately [here](https://www.microsoft.com/edge/business/download).
+The new chromium-based Microsoft Edge isn't included in the LTSC release of Windows 10.  However, you can download and install it separately. For more information, see [Download and configure Microsoft Edge for Business](https://www.microsoft.com/edge/business/download).
 ## See Also
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@ -8,7 +8,7 @@ author: mestew
 ms.localizationpriority: medium
 ms.topic: conceptual
 ms.technology: itpro-fundamentals
-ms.date: 04/05/2023
+ms.date: 12/18/2023
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/" target="_blank">Windows 10 Enterprise LTSC 2019</a>
 ---
@ -17,8 +17,8 @@ appliesto:
 This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2019, compared to Windows 10 Enterprise LTSC 2016 (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](overview.md).
->[!NOTE]
+> [!NOTE]
->Features in Windows 10 Enterprise LTSC 2019 are equivalent to Windows 10, version 1809.
+> Windows 10 Enterprise LTSC 2019 was first available on November 13, 2018. Features in Windows 10 Enterprise LTSC 2019 are equivalent to Windows 10, version 1809.
 Windows 10 Enterprise LTSC 2019 builds on Windows 10 Pro, version 1809 adding premium features designed to address the needs of large and mid-size organizations (including large academic institutions), such as:
@ -30,11 +30,12 @@ Windows 10 Enterprise LTSC 2019 builds on Windows 10 Pro, version 1809 adding pr
 The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC users because it includes the cumulative enhancements provided in Windows 10 versions 1703, 1709, 1803, and 1809. Details about these enhancements are provided below.
 >[!IMPORTANT]
->The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools that are designed for the General Availability Channel release of Windows 10 might be limited.
+>The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools that are designed for the general availability channel release of Windows 10 might be limited.
 ## Microsoft Intune
 Microsoft Intune supports Windows 10 Enterprise LTSC 2019 with the following exception:
 - [Update rings](/mem/intune/protect/windows-10-update-rings) can't be used for feature updates since Windows 10 LTSC versions don't receive feature updates. Update rings can be used for quality updates for Windows 10 Enterprise LTSC 2019 clients.
 ## Security
@ -49,7 +50,7 @@ The [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/
 ##### Attack surface reduction
-Attack surface reduction includes host-based intrusion prevention systems such as [controlled folder access]/microsoft-365/security/defender-endpoint/enable-controlled-folders).
+Attack surface reduction includes host-based intrusion prevention systems such as [controlled folder access](/microsoft-365/security/defender-endpoint/enable-controlled-folders).
 - This feature can help prevent ransomware and other destructive malware from changing your personal files. In some cases, apps that you normally use might be blocked from making changes to common folders like **Documents** and **Pictures**. We've made it easier for you to add apps that were recently blocked so you can keep using your device without turning off the feature altogether.
@ -74,7 +75,7 @@ But these protections can also be configured separately. And, unlike HVCI, code
 Endpoint detection and response are improved. Enterprise customers can now take advantage of the entire Windows security stack with Microsoft Defender Antivirus **detections** and Device Guard **blocks** being surfaced in the Microsoft Defender for Endpoint portal.
-Windows Defender is now called Microsoft Defender Antivirus and now shares detection status between Microsoft 365 services and interoperates with Microsoft Defender for Endpoint.  Other policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus).
+Windows Defender is now called Microsoft Defender Antivirus and now shares detection status between Microsoft 365 services and interoperates with Microsoft Defender for Endpoint.  Other policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus).
 We've also [increased the breadth of the documentation library for enterprise security admins](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows). The new library includes information on:
@ -143,12 +144,7 @@ We've also added a new assessment for the Windows time service to the **Device p
 We're continuing to work on how other security apps you've installed show up in the **Windows Security** app. There's a new page called **Security providers** that you can find in the **Settings** section of the app. Select **Manage providers** to see a list of all the other security providers (including antivirus, firewall, and web protection) that are running on your device. Here you can easily open the providers' apps or get more information on how to resolve issues reported to you through **Windows Security**.
-This improvement also means you'll see more links to other security apps within **Windows Security**. For example, if you open the **Firewall & network protection** section, you'll see the firewall apps that are running on your device under each firewall type, which includes domain, private, and public networks).
+This improvement also means you'll see more links to other security apps within **Windows Security**. For example, if you open the **Firewall & network protection** section, you'll see the firewall apps that are running on your device under each firewall type, which includes domain, private, and public networks.
 You can read more about ransomware mitigations and detection capability at:
 - [Averting ransomware epidemics in corporate networks with Microsoft Defender for Endpoint](https://www.microsoft.com/security/blog/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/)
 - [Microsoft Malware Protection Center blog](https://www.microsoft.com/security/blog/category/research/ransomware/)
 Also see [New capabilities of Microsoft Defender for Endpoint further maximizing the effectiveness and robustness of endpoint security](https://blogs.windows.com/business/2018/04/17/new-capabilities-of-windows-defender-atp-further-maximizing-the-effectiveness-and-robustness-of-endpoint-security/#62FUJ3LuMXLQidVE.97)
@ -170,11 +166,11 @@ This release enables support for WIP with Files on Demand, allows file encryptio
 ### BitLocker
-The minimum PIN length is being changed from 6 to 4, with a default of 6. For more information, see [BitLocker Group Policy settings](/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#configure-minimum-pin-length-for-startup).
+The minimum PIN length is being changed from 6 to 4, with a default of 6. For more information, see [BitLocker Group Policy settings](/windows/security/operating-system-security/data-protection/bitlocker/configure#bitlocker-policy-settings).
 #### Silent enforcement on fixed drives
-Through a Modern Device Management (MDM) policy, BitLocker can be enabled silently for standard Azure Active Directory (Azure AD) joined users. In Windows 10, version 1803 automatic BitLocker encryption was enabled for standard Azure AD users, but this still required modern hardware that passed the Hardware Security Test Interface (HSTI). This new functionality enables BitLocker via policy even on devices that don't pass the HSTI.
+Through a modern device management (MDM) policy, BitLocker can be enabled silently for standard Microsoft Entra ID joined users. In Windows 10, version 1803 automatic BitLocker encryption was enabled for standard Entra ID users, but this still required modern hardware that passed the Hardware Security Test Interface (HSTI). This new functionality enables BitLocker via policy even on devices that don't pass the HSTI.
 This change is an update to the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) and used by Intune and others.
@ -192,7 +188,7 @@ New features in [Windows Hello for Business](/windows/security/identity-protecti
 - For Windows desktops, users are able to reset a forgotten PIN through **Settings > Accounts > Sign-in options**. For more information, see [What if I forget my PIN?](/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset).
-Windows Hello for Business now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced support for shared devices, as described in [Kiosk configuration](#kiosk-configuration). 
+Windows Hello for Business now supports FIDO 2.0 authentication for Entra ID-joined Windows 10 devices and has enhanced support for shared devices, as described in [Kiosk configuration](#kiosk-configuration).
 - Windows Hello is now password-less on S-mode.
@ -212,18 +208,18 @@ For more information, see: [Windows Hello and FIDO2 Security Keys enable secure
 Credential Guard is a security service in Windows 10 built to protect Active Directory (AD) domain credentials so that they can't be stolen or misused by malware on a user's machine. It's designed to protect against well-known threats such as Pass-the-Hash and credential harvesting.
-Credential Guard has always been an optional feature, but Windows 10 in S mode turns on this functionality by default when the machine has been Azure Active Directory-joined. This feature provides an added level of security when connecting to domain resources not normally present on devices running Windows 10 in S mode.
+Credential Guard has always been an optional feature, but Windows 10 in S mode turns on this functionality by default when the machine has been Entra ID-joined. This feature provides an added level of security when connecting to domain resources not normally present on devices running Windows 10 in S mode.
 > [!NOTE]
 > Credential Guard is available only to S mode devices or Enterprise and Education Editions.
-For more information, see [Credential Guard Security Considerations](/windows/security/identity-protection/credential-guard/credential-guard-requirements#security-considerations).
+For more information, see [Credential Guard overview](/windows/security/identity-protection/credential-guard/credential-guard-requirements).
 ### Other security improvements
 #### Windows security baselines
-Microsoft has released new [Windows security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines) for Windows Server and Windows 10. A security baseline is a group of Microsoft-recommended configuration settings with an explanation of their security effect. For more information, and to download the Policy Analyzer tool, see [Microsoft Security Compliance Toolkit 1.0](/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10).
+Microsoft has released new [Windows security baselines](/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines) for Windows Server and Windows 10. A security baseline is a group of Microsoft-recommended configuration settings with an explanation of their security effect. For more information, and to download the Policy Analyzer tool, see [Microsoft Security Compliance Toolkit 1.0](/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10).
 #### SMBLoris vulnerability
@ -250,9 +246,9 @@ A new security policy setting
 #### Windows 10 in S mode
-We've continued to work on the **Current threats** area in  [Virus & threat protection](/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection), which now displays all threats that need action. You can quickly take action on threats from this screen:
+We've continued to work on the **Current threats** area in  [Virus & threat protection](/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection), which now displays all threats that need action. You can quickly take action on threats from this screen:
-:::image type="content" source="../images/virus-and-threat-protection.png" alt-text="Screenshot of the Virus & threat protection settings in Windows.":::
+:::image type="content" source="../images/virus-and-threat-protection.png" alt-text="Screenshot of the Virus & threat protection settings in Windows 10 Enterprise LTSC 2019.":::
 ## Deployment
@ -295,7 +291,7 @@ It's also now possible to run a script if the user rolls back their version of W
 `/PostRollback<location> [\setuprollback.cmd] [/postrollback {system / admin}]`
-For more information, see [Windows Setup Command-Line Options](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#postrollback).
+For more information, see [Windows Setup command-line options](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#postrollback).
 New command-line switches are also available to control BitLocker:
@ -309,7 +305,7 @@ For more information, see [Windows Setup Command-Line Options](/windows-hardware
 ### Feature update improvements
-Portions of the work done during the offline phases of a Windows update have been moved to the online phase. This change results in a significant reduction of offline time when installing updates. For more information, see [We're listening to you](https://insider.windows.com/articles/were-listening-to-you/).
+Portions of the work done during the offline phases of a Windows update have been moved to the online phase. This change results in a significant reduction of offline time when installing updates.
 ### SetupDiag
@ -331,7 +327,7 @@ If you have shared devices deployed in your work place, **Fast sign-in** enables
 3. Sign-in to a shared PC with your account.
-    :::image type="content" source="../images/fastsignin.png" alt-text="An animated image that demonstrates the fast sign-in feature.":::
+    :::image type="content" source="../images/fastsignin.png" alt-text="An animated image that demonstrates the fast sign-in feature in Windows 10 Enterprise LTSC 2019.":::
 ### Web sign-in to Windows 10
@ -339,7 +335,7 @@ Until now, Windows sign-in only supported the use of identities federated to ADF
 #### Try out web sign-in
-1. Azure AD Join your Windows 10 PC. (Web sign-in is only supported on Azure AD Joined PCs).
+1. Entra ID join your Windows 10 PC. (Web sign-in is only supported on Entra ID-joined PCs).
 2. Set the Policy CSP, and the Authentication and EnableWebSignIn policies to enable web sign-in.
@ -347,7 +343,7 @@ Until now, Windows sign-in only supported the use of identities federated to ADF
 4. Select "Sign in" to continue.
-    :::image type="content" source="../images/websignin.png" alt-text="A screenshot of the Windows sign-in screen that highlights the web sign-in feature.":::
+    :::image type="content" source="../images/websignin.png" alt-text="A screenshot of the Windows 10 sign-in screen that highlights the web sign-in feature.":::
 ## Update Compliance
@ -357,8 +353,6 @@ Update Compliance is a solution built using OMS Log Analytics that provides info
 New capabilities in Update Compliance let you monitor Windows Defender protection status, compare compliance with industry peers, and optimize bandwidth for deploying updates.
 For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](/windows/deployment/update/update-compliance-monitor).
 ## Accessibility and privacy
 ### Accessibility
@ -377,11 +371,11 @@ The new chromium-based Microsoft Edge has many improvements targeted to kiosks.
 Internet Explorer is included in Windows 10 LTSC releases as its feature set isn't changing, and it will continue to get security fixes for the life of a Windows 10 LTSC release.
-If you wish to take advantage of [Kiosk capabilities in Microsoft Edge](/previous-versions/windows/edge-legacy/microsoft-edge-kiosk-mode-deploy), consider [Kiosk mode](/windows/configuration/kiosk-methods) with a semi-annual release channel.
+If you wish to take advantage of kiosk capabilities in Microsoft Edge, consider [Kiosk mode](/windows/configuration/kiosk-methods) with a semi-annual release channel.
 ### Co-management
-Intune and Microsoft Configuration Manager policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management.
+Intune and Microsoft Configuration Manager policies have been added to enable hybrid Entra ID-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management.
 For more information, see [What's New in MDM enrollment and management](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management).
@ -389,9 +383,9 @@ For more information, see [What's New in MDM enrollment and management](/windows
 The OS uninstall period is a length of time that users are given when they can optionally roll back a Windows 10 update.  With this release, administrators can use Intune or [DISM](#dism) to customize the length of the OS uninstall period.
-### Azure Active Directory join in bulk
+### Microsoft Entra ID join in bulk
-Using the new wizards in Windows Configuration Designer, you can [create provisioning packages to enroll devices in Azure Active Directory](/windows/configuration/provisioning-packages/provisioning-packages#configuration-designer-wizards). Azure AD join in bulk is available in the desktop, mobile, kiosk, and Surface Hub wizards.
+Using the new wizards in Windows Configuration Designer, you can [create provisioning packages to enroll devices in Entra ID](/windows/configuration/provisioning-packages/provisioning-packages#configuration-designer-wizards). Entra ID join in bulk is available in the desktop, mobile, kiosk, and Surface Hub wizards.
 ### Windows Spotlight
@ -419,9 +413,9 @@ Previously, the customized taskbar could only be deployed using Group Policy or
 ### Windows Insider for Business
-We recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Azure Active Directory (Azure AD). By enrolling devices in Azure AD, you increase the visibility of feedback submitted by users in your organization - especially on features that support your specific business needs. For details, see [Windows Insider Program for Business](https://insider.windows.com/for-business).
+We recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Microsoft Entra ID. By enrolling devices in Entra ID, you increase the visibility of feedback submitted by users in your organization - especially on features that support your specific business needs. For details, see [Windows Insider Program for Business](https://www.microsoft.com/windowsinsider/for-business).
-You can now register your Azure AD domains to the Windows Insider Program. For more information, see [Windows Insider Program for Business](https://insider.windows.com/for-business).
+You can now register your Entra ID domains to the Windows Insider Program. For more information, see [Windows Insider Program for Business](https://www.microsoft.com/windowsinsider/for-business).
 ### Optimize update delivery
@ -470,7 +464,7 @@ Some of the other new CSPs are:
 For more information, see [What's new in mobile device enrollment and management](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management).
-MDM has been expanded to include domain joined devices with Azure Active Directory registration. Group policy can be used with Active Directory-joined devices to trigger auto-enrollment to MDM. For more information, see [Enroll a Windows 10 device automatically using Group Policy](/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy).
+MDM has been expanded to include domain joined devices with Microsoft Entra ID registration. Group policy can be used with Active Directory-joined devices to trigger auto-enrollment to MDM. For more information, see [Enroll a Windows 10 device automatically using Group Policy](/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy).
 Multiple new configuration items are also added. For more information, see [What's new in MDM enrollment and management](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management).
@ -556,11 +550,11 @@ If you have a device that has been updated to Windows 10 Enterprise LTSC 2019, t
 We added a dropdown that displays while you type to help complete the next part of the path. You can also press **Ctrl + Backspace** to delete the last word, and **Ctrl + Delete** to delete the next word.
-:::image type="content" source="../images/regeditor.png" alt-text="Screenshot of Registry Editor showing list of path completion.":::
+:::image type="content" source="../images/regeditor.png" alt-text="Screenshot of Registry Editor in Windows 10 showing list of path completion.":::
 ## Remote Desktop with Biometrics
-Azure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session.
+Microsoft Entra ID and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session.
 To get started, sign into your device using Windows Hello for Business. Bring up **Remote Desktop Connection** (mstsc.exe), type the name of the computer you want to connect to, and select **Connect**.
--- a/windows/whats-new/ltsc/whats-new-windows-10-2021.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2021.md
@ -8,7 +8,7 @@ author: mestew
 ms.localizationpriority: high
 ms.topic: conceptual
 ms.technology: itpro-fundamentals
-ms.date: 04/05/2023
+ms.date: 12/18/2023
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/" target="_blank">Windows 10 Enterprise LTSC 2021</a>
 ---
@ -18,8 +18,9 @@ appliesto:
 This article lists new and updated features and content that is of interest to IT Pros for Windows 10 Enterprise LTSC 2021, compared to Windows 10 Enterprise LTSC 2019 (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](overview.md).
 > [!NOTE]
-> Features in Windows 10 Enterprise LTSC 2021 are equivalent to Windows 10, version 21H2.<br>
+> Windows 10 Enterprise LTSC 2021 was first available on November 16, 2021. Features in Windows 10 Enterprise LTSC 2021 are equivalent to Windows 10, version 21H2.
-> The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools that are designed for the General Availability Channel release of Windows 10 might be limited.
+>
 > The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools that are designed for the general availability channel release of Windows 10 might be limited.
 Windows 10 Enterprise LTSC 2021 builds on Windows 10 Enterprise LTSC 2019, adding premium features such as advanced protection against modern security threats and comprehensive device management, app management, and control capabilities. 
@ -28,9 +29,9 @@ The Windows 10 Enterprise LTSC 2021 release includes the cumulative enhancements
 ## Lifecycle
 > [!IMPORTANT]
-> Windows 10 Enterprise LTSC 2021 has a 5 year lifecycle ([IoT Enterprise LTSC](/windows/iot/iot-enterprise/whats-new/windows-iot-enterprise-ltsc) continues to have a [10 year lifecycle](/lifecycle/products/windows-10-iot-enterprise-ltsc-2021)). Thus, the LTSC 2021 release is not a direct replacement for LTSC 2019, which has a 10 year lifecycle.
+> Windows 10 Enterprise LTSC 2021 has a 5 year lifecycle. ([IoT Enterprise LTSC](/windows/iot/iot-enterprise/whats-new/windows-iot-enterprise-ltsc) continues to have a [10 year lifecycle](/lifecycle/products/windows-10-iot-enterprise-ltsc-2021)). Thus, the LTSC 2021 release is not a direct replacement for LTSC 2019, which has a 10 year lifecycle.
-For more information about the lifecycle for this release, see [The next Windows 10 Long Term Servicing Channel (LTSC) release](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-next-windows-10-long-term-servicing-channel-ltsc-release/ba-p/2147232).
+For more information about the lifecycle for this release, see [The next Windows 10 long-term servicing channel (LTSC) release](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-next-windows-10-long-term-servicing-channel-ltsc-release/ba-p/2147232).
 ## Hardware security
@ -52,7 +53,7 @@ There are already devices in the market today that offer SMM Firmware Protection
 ### Encryption and data protection
-BitLocker and Mobile Device Management (MDM) with Azure Active Directory work together to protect your devices from accidental password disclosure. Now, a new key-rolling feature securely rotates recovery passwords on MDM-managed devices. The feature is activated whenever Microsoft Intune/MDM tools or a recovery password is used to unlock a BitLocker protected drive. As a result, the recovery password will be better protected when users manually unlock a BitLocker drive.
+BitLocker and Mobile Device Management (MDM) with Microsoft Entra ID work together to protect your devices from accidental password disclosure. Now, a new key-rolling feature securely rotates recovery passwords on MDM-managed devices. The feature is activated whenever Microsoft Intune/MDM tools or a recovery password is used to unlock a BitLocker protected drive. As a result, the recovery password will be better protected when users manually unlock a BitLocker drive.
 ### Network security
@ -97,11 +98,12 @@ Windows Defender Firewall also now supports [Windows Subsystem for Linux (WSL)](
 ### App isolation
-[Windows Sandbox](https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849): Isolated desktop environment where you can run untrusted software without the fear of lasting impact to your device.
+[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview): Isolated desktop environment where you can run untrusted software without the fear of lasting impact to your device.
 #### Microsoft Defender Application Guard
-[Microsoft Defender Application Guard](/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) enhancements include: 
+[Microsoft Defender Application Guard](/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) enhancements include:
  - Standalone users can install and configure their Windows Defender Application Guard settings without needing to change registry key settings. Enterprise users can check their settings to see what their administrators have configured for their machines to better understand the behavior.
  - Application Guard is now an extension in Google Chrome and Mozilla Firefox. Many users are in a hybrid browser environment, and would like to extend Application Guard's browser isolation technology beyond Microsoft Edge. In the latest release, users can install the Application Guard extension in their Chrome or Firefox browsers. This extension will redirect untrusted navigation to the Application Guard Edge browser. There's also a companion app to enable this feature in the Microsoft Store. Users can quickly launch Application Guard from their desktop using this app. This feature is also available in Windows 10, version 1803 or later with the latest updates.
@ -119,10 +121,6 @@ Application Guard performance is improved with optimized document opening times:
 - A memory issue is fixed that could cause an Application Guard container to use almost 1 GB of working set memory when the container is idle.
 - The performance of Robocopy is improved when copying files over 400 MB in size.
 [Edge support for Microsoft Defender Application Guard](/deployedge/microsoft-edge-security-windows-defender-application-guard) has been available for Chromium-based Edge since early 2020.
 **Application Guard now supports Office**: With [Microsoft Defender Application Guard for Office](/microsoft-365/security/office-365-security/install-app-guard), you can launch untrusted Office documents (from outside the Enterprise) in an isolated container to prevent potentially malicious content from compromising your device.
 ### Application Control
 [Application Control for Windows](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control): In Windows 10, version 1903, Windows Defender Application Control (WDAC) added many new features that light up key scenarios and provide feature parity with AppLocker.
@ -140,12 +138,12 @@ Windows Hello enhancements include:
 - Windows Hello is now supported as Fast Identity Online 2 (FIDO2) authenticator across all major browsers including Chrome and Firefox.
 - You can now enable passwordless sign-in for Microsoft accounts on your Windows 10 device by going to **Settings > Accounts > Sign-in options**, and selecting **On** under **Make your device passwordless**. Enabling passwordless sign-in will switch all Microsoft accounts on your Windows 10 device to modern authentication with Windows Hello Face, Fingerprint, or PIN.
 - Windows Hello PIN sign-in support is [added to Safe mode](/windows-insider/archive/new-in-20H1#windows-hello-pin-in-safe-mode-build-18995).
- Windows Hello for Business now has Hybrid Azure Active Directory support and phone number sign-in (Microsoft account). FIDO2 security key support is expanded to Azure Active Directory hybrid environments, enabling enterprises with hybrid environments to take advantage of [passwordless authentication](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see [Expanding Azure Active Directory support for FIDO2 preview to hybrid environments](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/expanding-azure-active-directory-support-for-fido2-preview-to/ba-p/981894).
+- Windows Hello for Business now has Microsoft Entra hybrid support and phone number sign-in (Microsoft account). FIDO2 security key support is expanded to Microsoft Entra hybrid environments, enabling enterprises with hybrid environments to take advantage of [passwordless authentication](/entra/identity/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see [Expanding Azure Active Directory support for FIDO2 preview to hybrid environments](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/expanding-azure-active-directory-support-for-fido2-preview-to/ba-p/981894).
 - With specialized hardware and software components available on devices shipping with Windows 10, version 20H2 configured out of factory, Windows Hello now offers added support for virtualization-based security with supporting fingerprint and face sensors. This feature isolates and secures a user's biometric authentication data.
 - Windows Hello multi-camera support is added, allowing users to choose an external camera priority when both external and internal Windows Hello-capable cameras are present.
- [Windows Hello FIDO2 certification](https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/): Windows Hello is now a FIDO2 Certified authenticator and enables password-less sign-in for websites supporting FIDO2 authentication, such as Microsoft account and Azure AD.
+- [Windows Hello FIDO2 certification](https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/): Windows Hello is now a FIDO2 Certified authenticator and enables password-less sign-in for websites supporting FIDO2 authentication, such as Microsoft account and Entra ID.
 - [Streamlined Windows Hello PIN reset experience](/windows/security/identity-protection/hello-for-business/hello-videos#windows-hello-for-business-forgotten-pin-user-experience): Microsoft account users have a revamped Windows Hello PIN reset experience with the same look and feel as signing in on the web.
- [Remote Desktop with Biometrics](/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop#remote-desktop-with-biometrics): Azure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session.
+- [Remote Desktop with Biometrics](/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop#remote-desktop-with-biometrics): Microsoft Entra ID and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session.
 ### Credential protection
@ -155,26 +153,19 @@ Windows Hello enhancements include:
 ### Privacy controls
-[Microphone privacy settings](https://support.microsoft.com/en-us/help/4468232/windows-10-camera-microphone-and-privacy-microsoft-privacy): A microphone icon appears in the notification area letting you see which apps are using your microphone.
+[Microphone privacy settings](https://support.microsoft.com/windows/windows-camera-microphone-and-privacy-a83257bc-e990-d54a-d212-b5e41beba857): A microphone icon appears in the notification area letting you see which apps are using your microphone.
 ## Cloud Services
-### Microsoft Intune family of products
+### Microsoft Intune
 Configuration Manager, Intune, Desktop Analytics, Co-Management, and the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) are now part of the [Microsoft endpoint management services](/mem/endpoint-manager-overview). See the Nov. 4 2019 [announcement](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace/).
 ### Configuration Manager
 An in-place upgrade wizard is available in Configuration Manager. For more information, see [Simplifying Windows 10 deployment with Configuration Manager](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-windows-10-deployment-with-configuration-manager/ba-p/1214364).
 #### Microsoft Intune
 Microsoft Intune supports Windows 10 Enterprise LTSC 2021 with the following exception:
 - [Update rings](/mem/intune/protect/windows-10-update-rings) can't be used for feature updates since Windows 10 LTSC versions don't receive feature updates. Update rings can be used for quality updates for Windows 10 Enterprise LTSC 2021 clients.
-A new Intune remote action: **Collect diagnostics**, lets you collect the logs from corporate devices without interrupting or waiting for the end user. For more information, see [Collect diagnostics remote action](/mem/intune/fundamentals/whats-new#collect-diagnostics-remote-action).
+A new Intune remote action: **Collect diagnostics**, lets you collect the logs from corporate devices without interrupting or waiting for the end user. For more information, see [Collect diagnostics remote action](/mem/intune/remote-actions/collect-diagnostics).
-Intune has also added capabilities to [Role-based access control](/mem/intune/fundamentals/whats-new#role-based-access-control) (RBAC) that can be used to further define profile settings for the Enrollment Status Page (ESP). For more information, see [Create Enrollment Status Page profile and assign to a group](/mem/intune/enrollment/windows-enrollment-status#create-enrollment-status-page-profile-and-assign-to-a-group). 
+Intune has also added capabilities to [Role-based access control](/mem/intune/fundamentals/role-based-access-control) (RBAC) that can be used to further define profile settings for the Enrollment Status Page (ESP). For more information, see [Create Enrollment Status Page profile and assign to a group](/mem/intune/enrollment/windows-enrollment-status).
 For a full list of what's new in Microsoft Intune, see [What's new in Microsoft Intune](/mem/intune/fundamentals/whats-new).
@ -189,7 +180,8 @@ Windows Management Instrumentation (WMI) Group Policy Service (GPSVC) has a perf
 #### Key-rolling and Key-rotation
-This release also includes two new features called Key-rolling and Key-rotation enables secure rolling of Recovery passwords on MDM-managed Azure Active Directory devices on demand from Microsoft Intune/MDM tools or when a recovery password is used to unlock the BitLocker protected drive. This feature will help prevent accidental recovery password disclosure as part of manual BitLocker drive unlock by users.
+This release also includes two new features called key-rolling and key-rotation enables secure rolling of recovery passwords on MDM-managed Microsoft Entra ID devices on demand from Microsoft Intune/MDM tools or when a recovery password is used to unlock the BitLocker protected drive. This feature will help prevent accidental recovery password disclosure as part of manual BitLocker drive unlock by users.
 ## Deployment
 ### SetupDiag