Merge pull request #9745 from MicrosoftDocs/main

Publish main to live, 04/02, 3:30 PM IST
2025-05-13 05:47:23 +00:00 · 2024-04-02 15:30:21 +05:30 · 2024-04-02 15:30:21 +05:30 · 6866e0e72e
commit 6866e0e72e
parent d1c63e0d9b 03b10df013
10 changed files with 185 additions and 201 deletions
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@ -17,14 +17,10 @@
          href: update/waas-servicing-strategy-windows-10-updates.md
        - name: Deployment proof of concept
          items:
-            - name: Deploy Windows 10 with MDT and Configuration Manager
-              items:
-                - name: 'Step by step guide: Configure a test lab to deploy Windows 10'
-                  href: windows-10-poc.md
-                - name: Deploy Windows 10 in a test lab using MDT
-                  href: windows-10-poc-mdt.md
-                - name: Deploy Windows 10 in a test lab using Configuration Manager
-                  href: windows-10-poc-sc-config-mgr.md
+            - name: 'Step by step guide: Configure a test lab to deploy Windows 10'
+              href: windows-10-poc.md
+            - name: Deploy Windows 10 in a test lab using Configuration Manager
+              href: windows-10-poc-sc-config-mgr.md
        - name: Deployment process posters
          href: windows-10-deployment-posters.md

@ -79,12 +75,8 @@
          href: do/waas-delivery-optimization-setup.md?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
        - name: Configure BranchCache for Windows client updates
          href: update/waas-branchcache.md
-        - name: Prepare your deployment tools
-          items:
-            - name: Prepare for deployment with MDT
-              href: deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
-            - name: Prepare for deployment with Configuration Manager
-              href: deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+        - name: Prepare for deployment with Configuration Manager
+          href: deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
        - name: Build a successful servicing strategy
          items:
            - name: Check release health
@ -112,16 +104,6 @@
                  href: deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
                - name: In-place upgrade
                  href: deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
-            - name: Deploy Windows client with MDT
-              items:
-                - name: Deploy to a new device
-                  href: deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
-                - name: Refresh a device
-                  href: deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
-                - name: Replace a device
-                  href: deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
-                - name: In-place upgrade
-                  href: deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
        - name: Deploy Windows client updates
          items:
            - name: Assign devices to servicing channels
--- a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
@ -17,7 +17,7 @@ ms.date: 10/27/2022

 - Windows 10

-This article will show you how to refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager and Microsoft Deployment Toolkit (MDT). A computer refresh isn't the same as an in-place upgrade. A computer refresh involves storing user data and settings from the old installation, wiping the hard drives, installing a new OS, and then restoring the user data at the end of the installation. Also see the MDT refresh procedure: [Refresh a Windows 7 computer with Windows 10](../deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md).
+This article will show you how to refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager and Microsoft Deployment Toolkit (MDT). A computer refresh isn't the same as an in-place upgrade. A computer refresh involves storing user data and settings from the old installation, wiping the hard drives, installing a new OS, and then restoring the user data at the end of the installation.

 A computer refresh with Configuration Manager works the same as it does with MDT Lite Touch installation. Configuration Manager also uses the User State Migration Tool (USMT) from the Windows Assessment and Deployment Kit (Windows ADK) 10 in the background. A computer refresh with Configuration Manager has the following steps:

--- a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
@ -19,7 +19,7 @@ ms.date: 10/27/2022

 In this article, you'll learn how to replace a Windows 7 SP1 computer using Microsoft Configuration Manager. This process is similar to refreshing a computer, but since you're replacing the device, you have to run the backup job separately from the deployment of Windows 10.

-In this article, you'll create a backup-only task sequence that you run on PC0004 (the device you're replacing), deploy the PC0006 computer running Windows 10, and then restore this backup of PC0004 onto PC006. This process is similar to the MDT replace process: [Replace a Windows 7 computer with a Windows 10 computer](../deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md).
+In this article, you'll create a backup-only task sequence that you run on PC0004 (the device you're replacing), deploy the PC0006 computer running Windows 10, and then restore this backup of PC0004 onto PC006.

 ## Infrastructure

@ -221,11 +221,11 @@ Next, see [Perform an in-place upgrade to Windows 10 using Configuration Manager

 ## Related articles

-[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
-[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
-[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)<br>
-[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)<br>
-[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)<br>
-[Create a task sequence with Configuration Manager and MDT](./create-a-task-sequence-with-configuration-manager-and-mdt.md)<br>
-[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)<br>
-[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)<br>
+- [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
+- [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
+- [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
+- [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
+- [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
+- [Create a task sequence with Configuration Manager and MDT](./create-a-task-sequence-with-configuration-manager-and-mdt.md)
+- [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
+- [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
--- a/windows/deployment/index.yml
+++ b/windows/deployment/index.yml
@ -1,4 +1,4 @@
-### YamlMime:Hub
+### YamlMime:Landing

 title: Deploy and update Windows # < 60 chars; shows at top of hub page
 summary: Learn about deploying and updating Windows client devices in your organization. # < 160 chars
@ -6,7 +6,7 @@ summary: Learn about deploying and updating Windows client devices in your organ
 metadata:
  title: Windows client deployment documentation # Required; browser tab title displayed in search results. Include the brand. < 60 chars.
  description: Learn about deploying and updating Windows client devices in your organization. # Required; article description that is displayed in search results. < 160 chars.
-  ms.topic: hub-page
+  ms.topic: landing-page
  ms.service: windows-client
  ms.subservice: itpro-deploy
  ms.collection:
@ -15,166 +15,168 @@ metadata:
  author: aczechowski
  ms.author: aaroncz
  manager: aaroncz
-  ms.date: 01/18/2024
+  ms.date: 04/01/2024
  localization_priority: medium

-# common graphics: https://review.learn.microsoft.com/content-production-service/internal/image-gallery?branch=main
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new

-productDirectory:
-  title: Get started
-  items:
-    - title: Plan
-      imageSrc: /media/common/i_overview.svg
-      links:
-        - text: Plan for Windows 11
-          url: /windows/whats-new/windows-11-plan?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-        - text: Create a deployment plan
-          url: update/create-deployment-plan.md
-        - text: Define readiness criteria
-          url: update/plan-define-readiness.md
-        - text: Define your servicing strategy
-          url: update/plan-define-strategy.md
-        - text: Determine application readiness
-          url: update/plan-determine-app-readiness.md
-        - text: Plan for volume activation
-          url: volume-activation/plan-for-volume-activation-client.md
+landingContent:

-    - title: Prepare
-      imageSrc: /media/common/i_tasks.svg
-      links:
-        - text: Prepare for Windows 11
-          url: /windows/whats-new/windows-11-prepare?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-        - text: Prepare to deploy Windows updates
-          url: update/prepare-deploy-windows.md
-        - text: Prepare updates using Windows Update for Business
-          url: update/waas-manage-updates-wufb.md
-        - text: Evaluate and update infrastructure
-          url: update/update-policies.md
-        - text: Set up Delivery Optimization for Windows client updates
-          url: do/waas-delivery-optimization-setup.md?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-        - text: Prepare for imaging with Configuration Manager
-          url: deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+- title: Plan
+  linkLists:
+  - linkListType: concept
+    links:
+    - text: Plan for Windows 11
+      url: /windows/whats-new/windows-11-plan?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+    - text: Create a deployment plan
+      url: update/create-deployment-plan.md
+    - text: Define readiness criteria
+      url: update/plan-define-readiness.md
+    - text: Define your servicing strategy
+      url: update/plan-define-strategy.md
+    - text: Determine application readiness
+      url: update/plan-determine-app-readiness.md
+    - text: Plan for volume activation
+      url: volume-activation/plan-for-volume-activation-client.md

-    - title: Deploy
-      imageSrc: /media/common/i_deploy.svg
-      links:
-        - text: Deploy Windows with Autopilot
-          url: /mem/autopilot/tutorial/autopilot-scenarios
-        - text: Assign devices to servicing channels
-          url: update/waas-servicing-channels-windows-10-updates.md
-        - text: Deploy updates with Intune
-          url: update/deploy-updates-intune.md
-        - text: Deploy Windows updates with Configuration Manager
-          url: update/deploy-updates-configmgr.md
-        - text: Upgrade Windows using Configuration Manager
-          url: deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
-        - text: Check release health
-          url: update/check-release-health.md
+- title: Prepare
+  linkLists:
+  - linkListType: get-started
+    links:
+    - text: Prepare for Windows 11
+      url: /windows/whats-new/windows-11-prepare?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+    - text: Prepare to deploy Windows updates
+      url: update/prepare-deploy-windows.md
+    - text: Prepare updates using Windows Update for Business
+      url: update/waas-manage-updates-wufb.md
+    - text: Evaluate and update infrastructure
+      url: update/update-policies.md
+    - text: Set up Delivery Optimization for Windows client updates
+      url: do/waas-delivery-optimization-setup.md?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+    - text: Prepare for imaging with Configuration Manager
+      url: deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md

-additionalContent:
-  sections:
-    - title: Solutions
-      items:
+- title: Deploy
+  linkLists:
+  - linkListType: deploy
+    links:
+    - text: Deploy Windows with Autopilot
+      url: /mem/autopilot/tutorial/autopilot-scenarios
+    - text: Assign devices to servicing channels
+      url: update/waas-servicing-channels-windows-10-updates.md
+    - text: Deploy updates with Intune
+      url: update/deploy-updates-intune.md
+    - text: Deploy Windows updates with Configuration Manager
+      url: update/deploy-updates-configmgr.md
+    - text: Upgrade Windows using Configuration Manager
+      url: deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
+    - text: Check release health
+      url: update/check-release-health.md

-      - title: Windows Autopilot
-        links:
-          - text: Overview
-            url: /mem/autopilot/windows-autopilot
-          - text: Scenarios
-            url: /mem/autopilot/tutorial/autopilot-scenarios
-          - text: Device registration
-            url: /mem/autopilot/registration-overview
-          - text: Learn more about Windows Autopilot >
-            url: /mem/autopilot
+- title: Windows Autopilot
+  linkLists:
+  - linkListType: how-to-guide
+    links:
+      - text: Overview
+        url: /mem/autopilot/windows-autopilot
+      - text: Scenarios
+        url: /mem/autopilot/tutorial/autopilot-scenarios
+      - text: Device registration
+        url: /mem/autopilot/registration-overview
+      - text: Learn more about Windows Autopilot >
+        url: /mem/autopilot

-      - title: Windows Autopatch
-        links:
-          - text: What is Windows Autopatch?
-            url: windows-autopatch/overview/windows-autopatch-overview.md
-          - text: Frequently asked questions (FAQ)
-            url: windows-autopatch/overview/windows-autopatch-faq.yml
-          - text: Prerequisites
-            url: windows-autopatch/prepare/windows-autopatch-prerequisites.md
-          - text: Learn more about Windows Autopatch >
-            url: windows-autopatch/index.yml
+- title: Windows Autopatch
+  linkLists:
+  - linkListType: how-to-guide
+    links:
+      - text: What is Windows Autopatch?
+        url: windows-autopatch/overview/windows-autopatch-overview.md
+      - text: Frequently asked questions (FAQ)
+        url: windows-autopatch/overview/windows-autopatch-faq.yml
+      - text: Prerequisites
+        url: windows-autopatch/prepare/windows-autopatch-prerequisites.md
+      - text: Learn more about Windows Autopatch >
+        url: windows-autopatch/index.yml

-      - title: Windows Update for Business
-        links:
-          - text: What is Windows Update for Business?
-            url: update/waas-manage-updates-wufb.md
-          - text: Windows Update for Business deployment service
-            url: update/deployment-service-overview.md
-          - text: Manage Windows Update settings
-            url: update/waas-wu-settings.md
-          - text: Windows Update for Business reports overview
-            url: update/wufb-reports-overview.md
+- title: Windows Update for Business
+  linkLists:
+  - linkListType: how-to-guide
+    links:
+      - text: What is Windows Update for Business?
+        url: update/waas-manage-updates-wufb.md
+      - text: Windows Update for Business deployment service
+        url: update/deployment-service-overview.md
+      - text: Manage Windows Update settings
+        url: update/waas-wu-settings.md
+      - text: Windows Update for Business reports overview
+        url: update/wufb-reports-overview.md

-      - title: Optimize and cache content
-        links:
-          - text: What is Delivery Optimization?
-            url: do/waas-delivery-optimization.md
-          - text: What is Microsoft Connected Cache?
-            url: do/waas-microsoft-connected-cache.md
-          - text: Frequently asked questions
-            url: do/waas-delivery-optimization-faq.yml
-          - text: Learn more about Delivery Optimization >
-            url: do/index.yml
+- title: Optimize and cache content
+  linkLists:
+  - linkListType: how-to-guide
+    links:
+      - text: What is Delivery Optimization?
+        url: do/waas-delivery-optimization.md
+      - text: What is Microsoft Connected Cache?
+        url: do/waas-microsoft-connected-cache.md
+      - text: Frequently asked questions
+        url: do/waas-delivery-optimization-faq.yml
+      - text: Learn more about Delivery Optimization >
+        url: do/index.yml

-      - title: In-place upgrade and imaging
-        links:
-          - text: Upgrade Windows using Configuration Manager
-            url: deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
-          - text: Deploy a Windows image using Configuration Manager
-            url: deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
-          - text: Convert a disk from MBR to GPT
-            url: mbr-to-gpt.md
-          - text: Resolve Windows upgrade errors
-            url: upgrade/resolve-windows-upgrade-errors.md
+- title: In-place upgrade and imaging
+  linkLists:
+  - linkListType: how-to-guide
+    links:
+      - text: Upgrade Windows using Configuration Manager
+        url: deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
+      - text: Deploy a Windows image using Configuration Manager
+        url: deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+      - text: Convert a disk from MBR to GPT
+        url: mbr-to-gpt.md
+      - text: Resolve Windows upgrade errors
+        url: upgrade/resolve-windows-upgrade-errors.md

-      - title: Licensing and activation
-        links:
-          - text: Plan for volume activation
-            url: volume-activation/plan-for-volume-activation-client.md
-          - text: Subscription activation
-            url: windows-10-subscription-activation.md
-          - text: Volume activation management tool (VAMT)
-            url: volume-activation/introduction-vamt.md
-          - text: Activate using key management service (KMS)
-            url: volume-activation/activate-using-key-management-service-vamt.md
-          - text: Windows commercial licensing overview
-            url: /windows/whats-new/windows-licensing
+- title: Licensing and activation
+  linkLists:
+  - linkListType: how-to-guide
+    links:
+      - text: Plan for volume activation
+        url: volume-activation/plan-for-volume-activation-client.md
+      - text: Subscription activation
+        url: windows-10-subscription-activation.md
+      - text: Volume activation management tool (VAMT)
+        url: volume-activation/introduction-vamt.md
+      - text: Activate using key management service (KMS)
+        url: volume-activation/activate-using-key-management-service-vamt.md
+      - text: Windows commercial licensing overview
+        url: /windows/whats-new/windows-licensing

-    - title: More resources
-      items:
-
-      - title: Release and lifecycle
-        links:
-          - text: Windows release health dashboard
-            url: /windows/release-health
-          - text: Windows client features lifecycle
-            url: /windows/whats-new/feature-lifecycle
-          - text: Lifecycle FAQ - Windows
-            url: /lifecycle/faq/windows
-
-      - title: Windows hardware
-        links:
-          - text: Download and install the Windows ADK
-            url: /windows-hardware/get-started/adk-install
-          - text: Deployment tools
-            url: /windows-hardware/manufacture/desktop/boot-and-install-windows
-#          - text: 
-#            url: 
-#          - text: 
-#            url: 
-
-      - title: Community
-        links:
-          - text: Windows IT pro blog
-            url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog
-          - text: Windows office hours
-            url: https://aka.ms/windows/officehours
-#          - text: 
-#            url: 
-#          - text: 
-#            url: 
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new

+- title: More resources
+  linkLists:
+  - linkListType: reference
+    # Release and lifecycle
+    links:
+      - text: Windows release health dashboard
+        url: /windows/release-health
+      - text: Windows client features lifecycle
+        url: /windows/whats-new/feature-lifecycle
+      - text: Lifecycle FAQ - Windows
+        url: /lifecycle/faq/windows
+  - linkListType: download
+    # Windows hardware
+    links:
+      - text: Download and install the Windows ADK
+        url: /windows-hardware/get-started/adk-install
+      - text: Deployment tools
+        url: /windows-hardware/manufacture/desktop/boot-and-install-windows
+  - linkListType: whats-new
+    # Community
+    links:
+      - text: Windows IT pro blog
+        url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog
+      - text: Windows office hours
+        url: https://aka.ms/windows/officehours
--- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
+++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
@ -82,7 +82,7 @@ sections:
      - question: |
          Can I upgrade computers from Windows 7 or Windows 8.1 without deploying a new image?
        answer: |
-          Computers running Windows 7 or Windows 8.1 can be upgraded directly to Windows 10 through the in-place upgrade process without a need to reimage the device using MDT and/or Configuration Manager. For more information, see [Upgrade to Windows 10 with Microsoft Configuration Manager](../deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md) or [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md).
+          Computers running Windows 7 or Windows 8.1 can be upgraded directly to Windows 10 through the in-place upgrade process without a need to reimage the device. For more information, see [Upgrade to Windows 10 with Microsoft Configuration Manager](../deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md).

      - question: |
          Can I upgrade from Windows 7 Enterprise or Windows 8.1 Enterprise to Windows 10 Enterprise for free?
--- a/windows/deployment/wds-boot-support.md
+++ b/windows/deployment/wds-boot-support.md
@ -61,6 +61,5 @@ If you currently use WDS with **boot.wim** from installation media for end-to-en

 ## Also see

-[Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022#features-were-no-longer-developing)<br>
-[Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
-[Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)<br>
+- [Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022#features-were-no-longer-developing)
+- [Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
--- a/windows/deployment/windows-10-poc.md
+++ b/windows/deployment/windows-10-poc.md
@ -22,10 +22,7 @@ This guide contains instructions to configure a proof of concept (PoC) environme
 > [!NOTE]
 > Microsoft also offers a pre-configured lab using an evaluation version of Configuration Manager. For more information, see [Windows and Office deployment and management lab kit](/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab).

-This lab guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, see the following Windows 10 PoC deployment guides:
-
- [Step by step: Deploy Windows 10 in a test lab using Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md)
- [Step by step: Deploy Windows 10 in a test lab using MDT](windows-10-poc-mdt.md)
+This lab guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, see [Step by step: Deploy Windows 10 in a test lab using Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md).

 The proof of concept (PoC) deployment guides are intended to provide a demonstration of Windows 10 deployment tools and processes for IT professionals that aren't familiar with these tools, and you want to set up a PoC environment. Don't use the instructions in this guide in a production setting. They aren't meant to replace the instructions found in production deployment guidance.

@ -1044,4 +1041,5 @@ Use the following procedures to verify that the PoC environment is configured pr

 ## Next steps

- [Windows 10 deployment scenarios](windows-deployment-scenarios.md).
+- [Windows 10 deployment scenarios](windows-deployment-scenarios.md)
+- [Step by step: Deploy Windows 10 in a test lab using Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md)
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md
@ -11,7 +11,7 @@ ms.date: 12/01/2022
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).

-As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signing, you'll either need a publicly issued code signing certificate or an internal CA. If you've purchased a code-signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](wdac-deployment-guide.md).
+As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signing, you'll either need to use [Microsoft's Trusted Signing service](/azure/trusted-signing/), a publicly issued code signing certificate or an internal CA. If you've purchased a code signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](wdac-deployment-guide.md).

 If you have an internal CA, complete these steps to create a code signing certificate.

@ -20,7 +20,7 @@ If you have an internal CA, complete these steps to create a code signing certif
 >
 > - All policies, including base and supplemental, must be signed according to the [PKCS 7 Standard](https://datatracker.ietf.org/doc/html/rfc5652).
 > - Use RSA keys with 2K, 3K, or 4K key size only. ECDSA isn't supported.
-> - You can use SHA-256, SHA-384, or SHA-512 as the digest algorithm on Windows 11, as well as Windows 10 and Windows Server 2019 and above after applying the November 2022 cumulative security update. All other devices only support SHA-256.
+> - You can use SHA-256, SHA-384, or SHA-512 as the digest algorithm on Windows 11, as well as Windows 10 and Windows Server 2019 and above after applying the November 2022 cumulative security update. All other devices only support SHA256.
 > - Don't use UTF-8 encoding for certificate fields, like 'subject common name' and 'issuer common name'. These strings must be encoded as PRINTABLE_STRING, IA5STRING or BMPSTRING.

 1. Open the Certification Authority Microsoft Management Console (MMC) snap-in, and then select your issuing CA.
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md
@ -75,7 +75,7 @@ When finished, the tool saves the files to your desktop. You can view the `*.cdf

 ## Sign your catalog file

-Now that you've created a catalog file for your app, you're ready to sign it.
+Now that you've created a catalog file for your app, you're ready to sign it. We recommend using [Microsoft's Trusted Signing service](/azure/trusted-signing/) for catalog signing. Optionally, you can manually sign the catalog using Signtool using the following instructions.

 ### Catalog signing with SignTool.exe

@ -336,13 +336,16 @@ Some of the known issues using Package Inspector to build a catalog file are:
    - Get the value of the reg key at HKEY\_CURRENT\_USER/PackageInspectorRegistryKey/c: (this USN was the most recent one when you ran PackageInspector start). Then use fsutil.exe to read that starting location. Replace "RegKeyValue" in the following command with the value from the reg key:<br>
    `fsutil usn readjournal C: startusn=RegKeyValue > inspectedusn.txt`
    - The above command should return an error if the older USNs don't exist anymore due to overflow
-    - You can expand the USN Journal size using: `fsutil usn createjournal` with a new size and allocation delta. `Fsutil usn queryjournal` shows the current size and allocation delta, so using a multiple of that may help
+    - You can expand the USN Journal size using: `fsutil usn createjournal` with a new size and allocation delta. `Fsutil usn queryjournal` shows the current size and allocation delta, so using a multiple of that may help.
+
 - **CodeIntegrity - Operational event log is too small to track all files created by the installer**
  - To diagnose whether Eventlog size is the issue, after running through Package Inspector:
    - Open Event Viewer and expand the **Application and Services//Microsoft//Windows//CodeIntegrity//Operational**. Check for a 3076 audit block event for the initial installer launch.
-    - To increase the Event log size, in Event Viewer right-click the operational log, select Properties, and then set new values
+    - To increase the Event log size, in Event Viewer right-click the operational log, select Properties, and then set new values.
+
 - **Installer or app files that change hash each time the app is installed or run**
  - Some apps generate files at run time whose hash value is different every time. You can diagnose this issue by reviewing the hash values in the 3076 audit block events (or 3077 enforcement events) that are generated. If each time you attempt to run the file you observe a new block event with a different hash, the package doesn't work with Package Inspector.
+
 - **Files with an invalid signature blob or otherwise "unhashable" files**
  - This issue arises when a signed file was modified in a way that invalidates the file's PE header. A file modified in this way is unable to be hashed according to the Authenticode spec.
  - Although these "unhashable" files can't be included in the catalog file created by PackageInspector, you should be able to allow them by adding a hash ALLOW rule to your policy that uses the file's flat file hash.
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md
@ -38,6 +38,6 @@ For more information on using signed policies, see [Use signed policies to prote

 Some ways to obtain code signing certificates for your own use, include:

+- Use Microsoft's [Trusted Signing service](/azure/trusted-signing/).
 - Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root/participants-list).
 - To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-wdac.md).
- Use Microsoft's [Azure Code Signing (ACS) service](https://aka.ms/AzureCodeSigning).