Merge branch 'main' into jmunck-patch-17

2025-05-13 13:57:22 +00:00 · 2022-10-19 14:38:37 -06:00 · 2022-10-19 14:38:37 -06:00 · 6eb85fbfce
commit 6eb85fbfce
parent 0d1dcb9d07 d82ae0698c
59 changed files with 3572 additions and 4427 deletions
--- a/education/docfx.json
+++ b/education/docfx.json
@ -30,8 +30,8 @@
      "recommendations": true,
      "ms.topic": "article",
      "ms.collection": "education",
-      "ms.prod": "windows",
+      "ms.prod": "windows-client",
-      "ms.technology": "windows",
+      "ms.technology": "itpro-edu",
      "author": "paolomatarazzo",
      "ms.author": "paoloma",
      "manager": "aaroncz",
--- a/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
@ -194,7 +194,7 @@ Requirements:
   - 21H1 --> [Administrative Templates (.admx) for Windows 10 May 2021 Update (21H1)](https://www.microsoft.com/download/details.aspx?id=103124)
-   - 21H2 --> [Administrative Templates (.admx) for Windows 10 November 2021 Update (21H2)](https://www.microsoft.com/download/103667)
+   - 21H2 --> [Administrative Templates (.admx) for Windows 10 November 2021 Update (21H2)-v2.0](https://www.microsoft.com/download/details.aspx?id=104042)
 2. Install the package on the Domain Controller.
@ -215,7 +215,7 @@ Requirements:
   - 21H1 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2021 Update (21H1)**
-   - 21H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2021 Update (21H2)**
+   - 21H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2021 Update V2 (21H2)**
 4. Rename the extracted Policy Definitions folder to `PolicyDefinitions`.
@ -305,7 +305,7 @@ To collect Event Viewer logs:
 ### Useful Links
- [Windows 10 Administrative Templates for Windows 10 November 2021 Update 21H2](https://www.microsoft.com/download/103667)
+- [Windows 10 Administrative Templates for Windows 10 November 2021 Update (21H2)-v2.0](https://www.microsoft.com/download/details.aspx?id=104042)
 - [Windows 10 Administrative Templates for Windows 10 May 2021 Update 21H1](https://www.microsoft.com/download/details.aspx?id=103124)
 - [Windows 10 Administrative Templates for Windows 10 November 2019 Update 1909](https://www.microsoft.com/download/details.aspx?id=100591)
 - [Windows 10 Administrative Templates for Windows 10 May 2019 Update 1903](https://www.microsoft.com/download/details.aspx?id=58495)
--- a/windows/client-management/mdm/personaldataencryption-csp.md
+++ b/windows/client-management/mdm/personaldataencryption-csp.md
@ -31,7 +31,7 @@ The following shows the PersonalDataEncryption configuration service provider in
 - 0 is default (disabled)
 - 1 (enabled) will make Personal Data Encryption (PDE) public API available to applications for the user: [UserDataProtectionManager Class](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). 
-The public API allows the applications running as the user to encrypt data as soon as this policy is enabled. However, prerequisites must be met for the PDE to be enabled.
+The public API allows the applications running as the user to encrypt data as soon as this policy is enabled. However, prerequisites must be met for PDE to be enabled.
 **Status/PersonalDataEncryptionStatus**: Reports the current status of Personal Data Encryption (PDE) for the user. If prerequisites of PDE aren't met, then the status will be 0. If all prerequisites are met for PDE, then PDE will be enabled and status will be 1.
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@ -9132,16 +9132,16 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
    <a href="./policy-csp-update.md#update-setedurestart" id="update-setedurestart">Update/SetEDURestart</a>
  </dd>
  <dd>
-    <a href="./policy-csp-update.md#update-setpolicydrivenupdatesourcefordriver" id="update-setpolicydrivenupdatesourcefordriver">Update/SetPolicyDrivenUpdateSourceForDriver</a>
+    <a href="./policy-csp-update.md#update-setpolicydrivenupdatesourcefordriverupdates" id="update-setpolicydrivenupdatesourcefordriverupdates">Update/SetPolicyDrivenUpdateSourceForDriverUpdates</a>
  </dd>
  <dd>
-    <a href="./policy-csp-update.md#update-setpolicydrivenupdatesourceforfeature" id="update-setpolicydrivenupdatesourceforfeature">Update/SetPolicyDrivenUpdateSourceForFeature</a>
+    <a href="./policy-csp-update.md#update-setpolicydrivenupdatesourceforfeatureupdates" id="update-setpolicydrivenupdatesourceforfeatureupdates">Update/SetPolicyDrivenUpdateSourceForFeatureUpdates</a>
  </dd>
  <dd>
-    <a href="./policy-csp-update.md#update-setpolicydrivenupdatesourceforother" id="update-setpolicydrivenupdatesourceforother">Update/SetPolicyDrivenUpdateSourceForOther</a>
+    <a href="./policy-csp-update.md#update-setpolicydrivenupdatesourceforotherupdates" id="update-setpolicydrivenupdatesourceforotherupdates">Update/SetPolicyDrivenUpdateSourceForOtherUpdates</a>
  </dd>
  <dd>
-    <a href="./policy-csp-update.md#update-setpolicydrivenupdatesourceforquality" id="update-setpolicydrivenupdatesourceforquality">Update/SetPolicyDrivenUpdateSourceForQuality</a>
+    <a href="./policy-csp-update.md#update-setpolicydrivenupdatesourceforqualityupdates" id="update-setpolicydrivenupdatesourceforqualityupdates">Update/SetPolicyDrivenUpdateSourceForQualityUpdates</a>
  </dd>
  <dd>
    <a href="./policy-csp-update.md#update-setproxybehaviorforupdatedetection"id="update-setproxybehaviorforupdatedetection">Update/SetProxyBehaviorForUpdateDetection</a>
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@ -93,7 +93,7 @@ Here's an example output from the dism default association export command:
  <Association Identifier=".pdf" ProgId="AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723" ApplicationName="Microsoft Edge" />
  <Association Identifier="http" ProgId="AppXq0fevzme2pys62n3e0fbqa7peapykr8v" ApplicationName="Microsoft Edge" />
  <Association Identifier="https" ProgId="AppX90nv6nhay5n6a98fnetv7tpk64pp35es" ApplicationName="Microsoft Edge" />
-</DefaultAssociations
+</DefaultAssociations>
 ```
 Here's the base64 encoded result:
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@ -206,16 +206,16 @@ ms.collection: highpri
    <a href="#update-setedurestart">Update/SetEDURestart</a>
  </dd>
  <dd>
-    <a href="#update-setpolicydrivenupdatesourcefordriver">Update/SetPolicyDrivenUpdateSourceForDriver</a>
+    <a href="#update-setpolicydrivenupdatesourcefordriverupdates">Update/SetPolicyDrivenUpdateSourceForDriverUpdates</a>
  </dd>
  <dd>
-    <a href="#update-setpolicydrivenupdatesourceforfeature">Update/SetPolicyDrivenUpdateSourceForFeature</a>
+    <a href="#update-setpolicydrivenupdatesourceforfeatureupdates">Update/SetPolicyDrivenUpdateSourceForFeatureUpdates</a>
  </dd>
  <dd>
-    <a href="#update-setpolicydrivenupdatesourceforother">Update/SetPolicyDrivenUpdateSourceForOther</a>
+    <a href="#update-setpolicydrivenupdatesourceforotherupdates">Update/SetPolicyDrivenUpdateSourceForOtherUpdates</a>
  </dd>
  <dd>
-    <a href="#update-setpolicydrivenupdatesourceforquality">Update/SetPolicyDrivenUpdateSourceForQuality</a>
+    <a href="#update-setpolicydrivenupdatesourceforqualityupdates">Update/SetPolicyDrivenUpdateSourceForQualityUpdates</a>
  </dd>
  <dd>
    <a href="#update-setproxybehaviorforupdatedetection">Update/SetProxyBehaviorForUpdateDetection</a>
@ -3527,7 +3527,7 @@ The following list shows the supported values:
 <hr/>
 <!--Policy-->
-<a href="" id="update-setpolicydrivenupdatesourcefordriver"></a>**Update/SetPolicyDrivenUpdateSourceForDriverUpdates**
+<a href="" id="update-setpolicydrivenupdatesourcefordriverupdates"></a>**Update/SetPolicyDrivenUpdateSourceForDriverUpdates**
 <!--SupportedSKUs-->
 The table below shows the applicability of Windows:
@ -3585,7 +3585,7 @@ The following list shows the supported values:
 <hr/>
 <!--Policy-->
-<a href="" id="update-setpolicydrivenupdatesourceforfeature"></a>**Update/SetPolicyDrivenUpdateSourceForFeatureUpdates**
+<a href="" id="update-setpolicydrivenupdatesourceforfeatureupdates"></a>**Update/SetPolicyDrivenUpdateSourceForFeatureUpdates**
 <!--SupportedSKUs-->
 The table below shows the applicability of Windows:
@ -3643,7 +3643,7 @@ The following list shows the supported values:
 <hr/>
 <!--Policy-->
-<a href="" id="update-setpolicydrivenupdatesourceforother"></a>**Update/SetPolicyDrivenUpdateSourceForOtherUpdates**
+<a href="" id="update-setpolicydrivenupdatesourceforotherupdates"></a>**Update/SetPolicyDrivenUpdateSourceForOtherUpdates**
 <!--SupportedSKUs-->
 The table below shows the applicability of Windows:
@ -3701,7 +3701,7 @@ The following list shows the supported values:
 <hr/>
 <!--Policy-->
-<a href="" id="update-setpolicydrivenupdatesourceforquality"></a>**Update/SetPolicyDrivenUpdateSourceForQualityUpdates**
+<a href="" id="update-setpolicydrivenupdatesourceforqualityupdates"></a>**Update/SetPolicyDrivenUpdateSourceForQualityUpdates**
 <!--SupportedSKUs-->
 The table below shows the applicability of Windows:
--- a/windows/deployment/breadcrumb/toc.yml
+++ b/windows/deployment/breadcrumb/toc.yml
@ -0,0 +1,12 @@
 items:
 - name: Learn
  tocHref: /
  topicHref: /
  items:
  - name: Windows
    tocHref: /troubleshoot/windows-client/
    topicHref: /windows/resources/
    items:
    - name: Deployment
      tocHref: /troubleshoot/windows-client/deployment/
      topicHref: /windows/deployment/
--- a/windows/deployment/update/deployment-service-troubleshoot.md
+++ b/windows/deployment/update/deployment-service-troubleshoot.md
@ -29,7 +29,7 @@ This troubleshooting guide addresses the most common issues that IT administrato
 - Check that the deployment to which the device is assigned has the state *offering*. Deployments that have the states *paused* or *scheduled* won't deploy content to devices.
 - Check that the device has scanned for updates and is scanning the Windows Update service. To learn more about scanning for updates, see [Scanning updates](how-windows-update-works.md#scanning-updates).
 - **Feature updates only**: Check that the device is successfully enrolled in feature update management by the deployment service. A device that is successfully enrolled will be represented by an Azure AD device resource with an update management enrollment for feature updates and have no Azure AD device registration errors.
-  **Expedited quality updates only**: Check that the device has the Update Health Tools installed (available for Windows 10 version 1809 or later in the update described in [KB 4023057 - Update for Windows 10 Update Service components](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a), or a more recent quality update). The Update Health Tools are required for a device to receive an expedited quality update. On a device, the program can be located at **C:\\Program Files\\Microsoft Update Health Tools**. You can verify its presence by reviewing **Add or Remove Programs** or using the following PowerShell script: `Get-WmiObject -Class Win32\_Product \| Where-Object {$\_.Name -amatch "Microsoft Update Health Tools"}`.
+-  **Expedited quality updates only**: Check that the device has the Update Health Tools installed (available for Windows 10 version 1809 or later in the update described in [KB 4023057 - Update for Windows 10 Update Service components](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a), or a more recent quality update). The Update Health Tools are required for a device to receive an expedited quality update. On a device, the program can be located at **C:\\Program Files\\Microsoft Update Health Tools**. You can verify its presence by reviewing **Add or Remove Programs** or using the following PowerShell script: `Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -match "Microsoft Update Health Tools"}`.
 ## The device is receiving an update that I didn't deploy
--- a/windows/deployment/upgrade/quick-fixes.md
+++ b/windows/deployment/upgrade/quick-fixes.md
@ -134,7 +134,7 @@ To check and repair system files:
 4. If you are prompted by UAC, click **Yes**.
-5. Type **sfc /scannow** and press ENTER. See the following example:
+5. Type **sfc /scannow** and press ENTER. See the following examples:
    ```console
    C:\>sfc /scannow
@ -146,6 +146,20 @@ To check and repair system files:
    Windows Resource Protection did not find any integrity violations.
    ```
    ```console
    C:\>sfc /scannow
    Beginning system scan.  This process will take some time.
    Beginning verification phase of system scan.
    Verification 100% complete.
    Windows Resource Protection found corrupt files and successfully repaired them.
    For online repairs, details are included in the CBS log file located at
    windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
    repairs, details are included in the log file provided by the /OFFLOGFILE flag.
    ```
 6. If you are running Windows 8.1 or later, type **DISM.exe /Online /Cleanup-image /Restorehealth** and press ENTER (the DISM command options are not available for Windows 7). See the following example:
    ```console
--- a/windows/privacy/Microsoft-DiagnosticDataViewer.md
+++ b/windows/privacy/Microsoft-DiagnosticDataViewer.md
@ -1,23 +1,20 @@
 ---
 title: Diagnostic Data Viewer for PowerShell Overview (Windows 10)
 description: Use this article to use the Diagnostic Data Viewer for PowerShell to review the diagnostic data sent to Microsoft by your device.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: how-to
 ms.topic: article
 ms.date: 11/29/2021
 ms.reviewer: 
 ms.technology: privacy
 ---
 # Diagnostic Data Viewer for PowerShell Overview
 **Applies to**
-   Windows 11
+-   Windows 11, version 21H2 and later
 -   Windows 10, version 1803 and later
 -   Windows Server, version 1803
 -   Windows Server 2019
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
@ -1,16 +1,13 @@
 ---
 description: Learn more about the Windows 10, version 1703 diagnostic data gathered at the basic level.
 title: Windows 10, version 1703 basic diagnostic events and fields (Windows 10)
-ms.prod: m365-security
+ms.prod: windows-client
-localizationpriority: high
+ms.technology: itpro-privacy
 localizationpriority: medium
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 11/29/2021
 ms.reviewer:
 ms.technology: privacy
 ---
@ -29,8 +26,9 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 You can learn more about Windows functional and diagnostic data through these articles:
- [Required Windows 11 diagnostic events and fields](required-windows-11-diagnostic-events-and-fields.md)
+- [Required diagnostic events and fields for Windows 11, version 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
 - [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
 - [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
 - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
 - [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
@ -1284,7 +1282,7 @@ This event sends type and capacity data about the battery on the device, as well
 The following fields are available:
 - **InternalBatteryCapablities**  Represents information about what the battery is capable of doing.
- **InternalBatteryCapacityCurrent**  Represents the battery's current fully charged capacity in mWh (or relative). Compare this value to DesignedCapacity to estimate the battery's wear.
+- **InternalBatteryCapacityCurrent**  Represents the battery's current fully charged capacity in mWh (or relative). Compare this value to DesignedCapacity  to estimate the battery's wear.
 - **InternalBatteryCapacityDesign**  Represents the theoretical capacity of the battery when new, in mWh.
 - **InternalBatteryNumberOfCharges**  Provides the number of battery charges. This is used when creating new products and validating that existing products meets targeted functionality performance.
 - **IsAlwaysOnAlwaysConnectedCapable**  Represents whether the battery enables the device to be AlwaysOnAlwaysConnected. Boolean value.
@ -1299,7 +1297,7 @@ The following fields are available:
 - **AzureOSIDPresent**  Represents the field used to identify an Azure machine.
 - **AzureVMType**  Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs.
 - **CDJType**  Represents the type of cloud domain joined for the machine.
- **CommercialId**  Represents the GUID for the commercial entity which the device is a member of. Will be used to reflect insights back to customers.
+- **CommercialId**  Represents the GUID for the commercial entity which the device is a member of.  Will be used to reflect insights back to customers.
 - **ContainerType**  The type of container, such as process or virtual machine hosted.
 - **HashedDomain**  The hashed representation of the user domain used for login.
 - **IsCloudDomainJoined**  Is this device joined to an Azure Active Directory (Azure AD) tenant? true/false
@ -1309,7 +1307,7 @@ The following fields are available:
 - **IsEDPEnabled**  Represents if Enterprise data protected on the device.
 - **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
 - **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment.
+- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an enterprise Configuration Manager environment.
 - **ServerFeatures**  Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
 - **SystemCenterID**  The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier.
@ -1446,7 +1444,7 @@ The following fields are available:
 - **ServiceMachineIP**  Retrieves the IP address of the KMS host used for anti-piracy.
 - **ServiceMachinePort**  Retrieves the port of the KMS host used for anti-piracy.
 - **ServiceProductKeyID**  Retrieves the License key of the KMS
- **SharedPCMode**  Returns Boolean for education devices used as shared cart
+- **SharedPCMode**  Returns Boolean for devices that have enabled the configuration EnableSharedPCMode.
 - **Signature**  Retrieves if it is a signature machine sold by Microsoft store.
 - **SLICStatus**  Whether a SLIC table exists on the device.
 - **SLICVersion**  Returns OS type/version from SLIC table.
@ -1866,7 +1864,6 @@ The following fields are available:
 - **CanCollectHeartbeats**  True if UTC is allowed to collect heartbeats.
 - **CanCollectOsTelemetry**  True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry).
 - **CanPerformDiagnosticEscalations**  True if UTC is allowed to perform all scenario escalations.
 - **CanPerformScripting**  True if UTC is allowed to perform scripting.
 - **CanPerformTraceEscalations**  True if UTC is allowed to perform scenario escalations with tracing actions.
 - **CanReportScenarios**  True if UTC is allowed to load and report scenario completion, failure, and cancellation events.
 - **PreviousPermissions**  Bitmask representing the previously configured permissions since the telemetry opt-in level was last changed.
@ -1882,10 +1879,9 @@ The following fields are available:
 - **CanAddMsaToMsTelemetry**  True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups.
 - **CanCollectAnyTelemetry**  True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism.
 - **CanCollectCoreTelemetry**  True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA.
- **CanCollectHeartbeats**  True if UTC is allowed to collect heartbeats.
+- **CanCollectHeartbeats**  True if we can collect heartbeat telemetry, false otherwise.
 - **CanCollectOsTelemetry**  True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry).
 - **CanPerformDiagnosticEscalations**  True if UTC is allowed to perform all scenario escalations.
 - **CanPerformScripting**  True if UTC is allowed to perform scripting.
 - **CanPerformTraceEscalations**  True if UTC is allowed to perform scenario escalations with tracing actions.
 - **CanReportScenarios**  True if we can report scenario completions, false otherwise.
 - **PreviousPermissions**  Bitmask representing the previously configured permissions since the telemetry client was last started.
@ -1902,10 +1898,9 @@ The following fields are available:
 - **CensusStartTime**  Returns timestamp corresponding to last successful census run.
 - **CensusTaskEnabled**  Returns Boolean value for the census task (Enable/Disable) on client machine.
 - **LastConnectivityLossTime**  Retrieves the last time the device lost free network.
 - **LastConntectivityLossTime**  Retrieves the last time the device lost free network.
 - **NetworkState**  Retrieves the network state: 0 = No network. 1 = Restricted network. 2 = Free network.
 - **NoNetworkTime**  Retrieves the time spent with no network (since the last time) in seconds.
- **RestrictedNetworkTime**  Retrieves the time spent on a metered (cost restricted) network in seconds.
+- **RestrictedNetworkTime**  The total number of seconds with restricted network during this heartbeat period.
 ### TelClientSynthetic.HeartBeat_5
@ -2129,7 +2124,7 @@ This event sends basic metadata about the starting point of uninstalling a featu
 ### Microsoft.Windows.HangReporting.AppHangEvent
-This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on client devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
+This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
 The following fields are available:
@ -2149,7 +2144,7 @@ The following fields are available:
 - **WaitingOnAppName**  If this is a cross process hang waiting for an application, this has the name of the application.
 - **WaitingOnAppVersion**  If this is a cross process hang, this has the version of the application for which it is waiting.
 - **WaitingOnPackageFullName**  If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting.
- **WaitingOnPackageRelativeAppId**  If this is a cross process hang waiting for a package, this has the relative applicationIDof the package.
+- **WaitingOnPackageRelativeAppId**  If this is a cross process hang waiting for a package, this has the relative application ID of the package.
 ## Inventory events
@ -2487,7 +2482,7 @@ The following fields are available:
 - **Enumerator**  Identifies the bus that enumerated the device.
 - **HWID**  A list of hardware IDs for the device. See [HWID](#hwid).
 - **Inf**  The name of the INF file (possibly renamed by the OS, such as oemXX.inf).
- **InstallState**  The device installation state. For a list of values, see: [Device Install State](https://msdn.microsoft.com/library/windows/hardware/ff543130.aspx)
+- **InstallState**  The device installation state. For a list of values, see: [Device Install State](/windows-hardware/drivers/ddi/wdm/ne-wdm-_device_install_state)
 - **InventoryVersion**  The version number of the inventory process generating the events.
 - **LowerClassFilters**  The identifiers of the Lower Class filters installed for the device.
 - **LowerFilters**  The identifiers of the Lower filters installed for the device.
@ -2552,7 +2547,7 @@ The following fields are available:
 - **DriverIsKernelMode**  Is it a kernel mode driver?
 - **DriverName**  The file name of the driver.
 - **DriverPackageStrongName**  The strong name of the driver package
- **DriverSigned**  The strong name of the driver package
+- **DriverSigned**  Is the driver signed?
 - **DriverTimeStamp**  The low 32 bits of the time stamp of the driver file.
 - **DriverType**  A bitfield of driver attributes: 1. define DRIVER_MAP_DRIVER_TYPE_PRINTER 0x0001. 2. define DRIVER_MAP_DRIVER_TYPE_KERNEL 0x0002. 3. define DRIVER_MAP_DRIVER_TYPE_USER 0x0004. 4. define DRIVER_MAP_DRIVER_IS_SIGNED 0x0008. 5. define DRIVER_MAP_DRIVER_IS_INBOX 0x0010. 6. define DRIVER_MAP_DRIVER_IS_WINQUAL 0x0040. 7. define DRIVER_MAP_DRIVER_IS_SELF_SIGNED 0x0020. 8. define DRIVER_MAP_DRIVER_IS_CI_SIGNED 0x0080. 9. define DRIVER_MAP_DRIVER_HAS_BOOT_SERVICE 0x0100. 10. define DRIVER_MAP_DRIVER_TYPE_I386 0x10000. 11. define DRIVER_MAP_DRIVER_TYPE_IA64 0x20000. 12. define DRIVER_MAP_DRIVER_TYPE_AMD64 0x40000. 13. define DRIVER_MAP_DRIVER_TYPE_ARM 0x100000. 14. define DRIVER_MAP_DRIVER_TYPE_THUMB 0x200000. 15. define DRIVER_MAP_DRIVER_TYPE_ARMNT 0x400000. 16. define DRIVER_MAP_DRIVER_IS_TIME_STAMPED 0x800000.
 - **DriverVersion**  The version of the driver file.
@ -2700,24 +2695,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd
 This event provides data on the installed Office add-ins. The data collected with this event is used to keep Windows performing properly.
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove
 This event indicates that the particular data object represented by the objectInstanceId is no longer present. The data collected with this event is used to keep Windows performing properly.
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInStartSync
 This event indicates that a new sync is being generated for this object type. The data collected with this event is used to keep Windows performing properly.
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd
 This event provides data on Unified Update Platform (UUP) products and what version they are at. The data collected with this event is used to keep Windows performing properly.
@ -3877,7 +3854,7 @@ This event sends basic metadata about the SetupPlatform update installation proc
 The following fields are available:
- **ActivityId**  Provides a uniqueIDto correlate events that occur between a activity start event, and a stop event
+- **ActivityId**  Provides a unique ID to correlate events that occur between a activity start event, and a stop event
 - **ActivityName**  Provides a friendly name of the package type that belongs to the ActivityId (Setup, LanguagePack, GDR, Driver, etc.)
 - **FieldName**  Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
 - **GroupName**  Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
@ -4038,7 +4015,7 @@ The following fields are available:
 - **DriverExclusionPolicy**  Indicates if the policy for not including drivers with Windows Update is enabled.
 - **DriverSyncPassPerformed**  Were drivers scanned this time?
 - **EventInstanceID**  A globally unique identifier for event instance.
- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was canceled, succeeded, or failed.
+- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
 - **ExtendedMetadataCabUrl**  Hostname that is used to download an update.
 - **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough.
 - **FailedUpdateGuids**  The GUIDs for the updates that failed to be evaluated during the scan.
@ -4109,7 +4086,7 @@ The following fields are available:
 - **EventInstanceID**  A globally unique identifier for event instance.
 - **EventScenario**  State of call
 - **EventType**  Possible values are "Child", "Bundle", or "Driver".
- **FlightId**  The specificIDof the flight the device is getting
+- **FlightId**  The specific ID of the flight the device is getting
 - **HandlerType**  Indicates the kind of content (app, driver, windows patch, etc.)
 - **RevisionNumber**  Unique revision number of Update
 - **ServerId**  Identifier for the service to which the software distribution client is connecting, such as Windows Update and Microsoft Store.
@ -4155,13 +4132,13 @@ The following fields are available:
 - **Edition**  Identifies the edition of Windows currently running on the device.
 - **EventInstanceID**  A globally unique identifier for event instance.
 - **EventNamespaceID**  The ID of the test events environment.
- **EventScenario**  Indicates the purpose for sending this event: whether because the software distribution just started downloading content; or whether it was canceled, succeeded, or failed.
+- **EventScenario**  Indicates the purpose for sending this event: whether because the software distribution just started downloading content; or whether it was cancelled, succeeded, or failed.
 - **EventType**  Identifies the type of the event (Child, Bundle, or Driver).
 - **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough.
 - **FeatureUpdatePause**  Indicates whether feature OS updates are paused on the device.
 - **FlightBranch**  The branch that a device is on if participating in flighting (pre-release builds).
 - **FlightBuildNumber**  If this download was for a flight (pre-release build), this indicates the build number of that flight.
- **FlightId**  The specificIDof the flight (pre-release build) the device is getting.
+- **FlightId**  The specific ID of the flight (pre-release build) the device is getting.
 - **FlightRing**  The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds).
 - **HandlerType**  Indicates what kind of content is being downloaded (app, driver, windows patch, etc.).
 - **HardwareId**  If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
@ -4183,7 +4160,7 @@ The following fields are available:
 - **RelatedCV**  The Correlation Vector that was used before the most recent change to a new Correlation Vector.
 - **RepeatFailFlag**  Indicates whether this specific piece of content had previously failed to download.
 - **RevisionNumber**  The revision number of the specified piece of content.
- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid**  A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
 - **Setup360Phase**  Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
 - **ShippingMobileOperator**  The mobile operator linked to the device when the device shipped.
 - **StatusCode**  Indicates the result of a Download event (success, cancellation, failure code HResult).
@ -4212,7 +4189,7 @@ The following fields are available:
 - **CallerApplicationName**  The name provided by the caller who initiated API calls into the software distribution client
 - **ClientVersion**  The version number of the software distribution client
- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was canceled, succeeded, or failed
+- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed
 - **EventType**  Possible values are "Child", "Bundle", "Release" or "Driver"
 - **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough
 - **FileId**  A hash that uniquely identifies a file
@ -4245,7 +4222,7 @@ The following fields are available:
 - **PowerState**  Indicates the power state of the device at the time of heartbeat (DC, AC, Battery Saver, or Connected Standby)
 - **RelatedCV**  The previous correlation vector that was used by the client, before swapping with a new one
 - **ResumeCount**  Number of times this active download has resumed from a suspended state
- **ServiceID**  Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.)
+- **ServiceID**  Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
 - **SuspendCount**  Number of times this active download has entered a suspended state
 - **SuspendReason**  Last reason for why this active download entered a suspended state
@ -4280,8 +4257,8 @@ The following fields are available:
 - **DriverPingBack**  Contains information about the previous driver and system state.
 - **Edition**  Indicates the edition of Windows being used.
 - **EventInstanceID**  A globally unique identifier for event instance.
- **EventNamespaceID**  Indicates whether the event succeeded or failed. Has the format EventType+Event where Event is Succeeded, Canceled, Failed, etc.
+- **EventNamespaceID**  Indicates whether the event succeeded or failed. Has the format EventType+Event where Event is Succeeded, Cancelled, Failed, etc.
- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was canceled, succeeded, or failed.
+- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
 - **EventType**  Possible values are Child, Bundle, or Driver.
 - **ExtendedErrorCode**  The extended error code.
 - **ExtendedStatusCode**  Secondary error code for certain scenarios where StatusCode wasn't specific enough.
@ -4306,7 +4283,7 @@ The following fields are available:
 - **MsiProductCode**  The unique identifier of the MSI installer.
 - **PackageFullName**  The package name of the content being installed.
 - **PhonePreviewEnabled**  Indicates whether a phone was getting preview build, prior to flighting being introduced.
- **PlatformRole**  The PowerPlatformRole as defined on MSDN.
+- **PlatformRole**  The PowerPlatformRole.
 - **ProcessName**  The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
 - **ProcessorArchitecture**  Processor architecture of the system (x86, AMD64, ARM).
 - **QualityUpdatePause**  Are quality OS updates paused on the device?
@ -4337,7 +4314,7 @@ This event sends data about the ability of Windows to discover the location of a
 The following fields are available:
- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was canceled, succeeded, or failed
+- **EventScenario**  Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed
 - **HResult**  Indicates the result code of the event (success, cancellation, failure code HResult)
 - **IsBackground**  Indicates whether the SLS discovery event took place in the foreground or background
 - **NextExpirationTime**  Indicates when the SLS cab expires
@ -4407,7 +4384,7 @@ The following fields are available:
 - **DeviceIsMdmManaged**  This device is MDM managed.
 - **IsNetworkAvailable**  If the device network is not available.
 - **IsNetworkMetered**  If network is metered.
- **IsSccmManaged**  This device is managed by Configuration Manager .
+- **IsSccmManaged**  This device is managed by Configuration Manager.
 - **NewlyInstalledOs**  OS is newly installed quiet period.
 - **PausedByPolicy**  Updates are paused by policy.
 - **RecoveredFromRS3**  Previously recovered from RS3.
@ -4506,7 +4483,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgent_FellBackToCanonical
-This event collects information when Express could not be used, and the update had to fall back to “canonical” during the new UUP (Unified Update Platform) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information when Express could not be used, and the update had to fall back to “canonical” during the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -4531,7 +4508,7 @@ The following fields are available:
 - **FlightMetadata**  Contains the FlightId and the build being flighted.
 - **ObjectId**  Unique value for each Update Agent mode.
 - **RelatedCV**  Correlation vector value generated from the latest USO scan.
- **Result**  Result of the initialize phase of update. 0 = Succeeded, 1 = Failed, 2 = Canceled, 3 = Blocked, 4 = BlockCanceled
+- **Result**  Result of the initialize phase of update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled
 - **ScenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
 - **SessionData**  Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios).
 - **SessionId**  Unique value for each Update Agent mode attempt .
@ -4548,7 +4525,7 @@ The following fields are available:
 - **FlightId**  Unique ID for each flight.
 - **ObjectId**  Unique value for each Update Agent mode.
 - **RelatedCV**  Correlation vector value generated from the latest scan.
- **Result**  Result of the install phase of update. 0 = Succeeded 1 = Failed, 2 = Canceled, 3 = Blocked, 4 = BlockCanceled
+- **Result**  Result of the install phase of update. 0 = Succeeded 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled
 - **ScenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
 - **SessionId**  Unique value for each Update Agent mode attempt.
 - **UpdateId**  Unique ID for each update.
@ -4604,7 +4581,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentCommit
-This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -4620,7 +4597,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentDownloadRequest
-This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -4651,7 +4628,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentExpand
-This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -4671,7 +4648,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentInitialize
-This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -4737,7 +4714,7 @@ This event sends a summary of all the update agent mitigations available for an
 ### Update360Telemetry.UpdateAgentModeStart
-This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -4753,13 +4730,13 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentOneSettings
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 ### Update360Telemetry.UpdateAgentSetupBoxLaunch
-The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -4814,7 +4791,7 @@ The following fields are available:
 - **Setup360Result**  The result of Setup360 (HRESULT used to diagnose errors).
 - **Setup360Scenario**  The Setup360 flow type (for example, Boot, Media, Update, MCT).
 - **SetupVersionBuildNumber**  The build number of Setup360 (build number of the target OS).
- **State**  Exit state of given Setup360 run. Example: succeeded, failed, blocked, canceled.
+- **State**  Exit state of given Setup360 run. Example: succeeded, failed, blocked, cancelled.
 - **TestId**  An ID that uniquely identifies a group of events.
 - **WuId**  This is the Windows Update Client ID. In the Windows Update scenario, this is the same as the clientId.
@ -4835,7 +4812,7 @@ The following fields are available:
 - **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
 - **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
 - **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
+- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
 - **TestId**  ID that uniquely identifies a group of events.
 - **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
@ -4856,7 +4833,7 @@ The following fields are available:
 - **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
 - **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT
 - **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
- **State**  Exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
+- **State**  Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
 - **TestId**  ID that uniquely identifies a group of events.
 - **WuId**  Windows Update client ID.
@ -4877,7 +4854,7 @@ The following fields are available:
 - **Setup360Result**  The result of Setup360. This is an HRESULT error code that's used to diagnose errors.
 - **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT
 - **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled
+- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled
 - **TestId**  A string to uniquely identify a group of events.
 - **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as ClientId.
@ -4919,7 +4896,7 @@ The following fields are available:
 - **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
 - **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
 - **SetupVersionBuildNumber**  The build number of Setup360 (build number of the target OS).
- **State**  The exit state of the Setup360 run. Example: succeeded, failed, blocked, canceled.
+- **State**  The exit state of the Setup360 run. Example: succeeded, failed, blocked, cancelled.
 - **TestId**  ID that uniquely identifies a group of events.
 - **WuId**  Windows Update client ID.
@ -4940,7 +4917,7 @@ The following fields are available:
 - **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
 - **Setup360Scenario**  Setup360 flow type (Boot, Media, Update, MCT).
 - **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
+- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
 - **TestId**  A string to uniquely identify a group of events.
 - **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
@ -4961,7 +4938,7 @@ The following fields are available:
 - **Setup360Result**  The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
 - **Setup360Scenario**  The Setup360 flow type, Example: Boot, Media, Update, MCT.
 - **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
+- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
 - **TestId**  A string to uniquely identify a group of events.
 - **WuId**  Windows Update client ID.
@ -5001,7 +4978,7 @@ This event sends a summary of all the setup mitigations available for this updat
 ### Setup360Telemetry.Setup360OneSettings
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
@ -5021,7 +4998,7 @@ The following fields are available:
 - **Setup360Result**  The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
 - **Setup360Scenario**  The Setup360 flow type. Example: Boot, Media, Update, MCT.
 - **SetupVersionBuildNumber**  The build number of Setup360 (build number of target OS).
- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
+- **State**  The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
 - **TestId**  A string to uniquely identify a group of events.
 - **WuId**  This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
@ -5043,7 +5020,7 @@ The following fields are available:
 - **DumpFileAttributes**  Codes that identify the type of data contained in the dump file
 - **DumpFileSize**  Size of the dump file
 - **IsValidDumpFile**  True if the dump file is valid for the debugger, false otherwise
- **ReportId**  WER Report ID associated with this bug check (used for finding the corresponding report archive in Watson).
+- **ReportId**  WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson).
 ### WerTraceloggingProvider.AppCrashEvent
@ -5071,7 +5048,7 @@ The following fields are available:
 - **TargetAppId**  The target app ID.
 - **TargetAppVer**  The target app version.
-<!-- 01.06.2022 mandia: Commenting out, as these events are specific to Windows Phone.
+
 ## Windows Phone events
 ### Microsoft.Windows.Phone.Telemetry.OnBoot.RebootReason
@ -5083,7 +5060,7 @@ The following fields are available:
 - **BootId**  The system boot ID.
 - **BoottimeSinceLastShutdown**  The boot time since the last shutdown.
 - **RebootReason**  Reason for the reboot.
-->
+
 ## Windows Store events
@ -5500,7 +5477,7 @@ The following fields are available:
 ## Windows Update Delivery Optimization events
-### Microsoft.OSG.DU.DeliveryOptClient.Downloadcanceled
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadCanceled
 This event describes when a download was canceled with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
@ -5866,7 +5843,7 @@ The following fields are available:
 - **detectionBlockreason**  The reason detection did not complete.
 - **detectionDeferreason**  A log of deferral reasons for every update state.
 - **errorCode**  The error code returned for the current process.
- **eventScenario**  End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was canceled, succeeded, or failed.
+- **eventScenario**  End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
 - **flightID**  The unique identifier for the flight (Windows Insider pre-release build) should be delivered to the device, if applicable.
 - **interactive**  Indicates whether the user initiated the session.
 - **revisionNumber**  The Update revision number.
@ -6436,6 +6413,3 @@ The following fields are available:
 - **LicenseXuid**  If the license type is 1 (User), this field contains the XUID (Xbox User ID) of the registered owner of the license.
 - **ProductGuid**  The Xbox product GUID (Globally-Unique ID) of the application.
 - **UserId**  The XUID (Xbox User ID) of the current user.
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
@ -1,16 +1,13 @@
 ---
 description: Learn more about the Windows 10, version 1709 diagnostic data gathered at the basic level.
 title: Windows 10, version 1709 basic diagnostic events and fields (Windows 10)
-ms.prod: m365-security
+ms.prod: windows-client
-localizationpriority: high
+ms.technology: itpro-privacy
 localizationpriority: medium
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 
 ms.reviewer:
 ms.technology: privacy
 ---
@ -29,8 +26,9 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 You can learn more about Windows functional and diagnostic data through these articles:
- [Required Windows 11 diagnostic events and fields](required-windows-11-diagnostic-events-and-fields.md)
+- [Required diagnostic events and fields for Windows 11, version 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
 - [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
 - [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
 - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
 - [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
@ -40,7 +38,6 @@ You can learn more about Windows functional and diagnostic data through these ar
 ## Appraiser events
 ### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
@ -51,19 +48,19 @@ The following fields are available:
 - **DatasourceApplicationFile_RS4**  The total number of objects of this type present on this device.
 - **DatasourceDevicePnp_RS4**  The total number of objects of this type present on this device.
- **DatasourceDriverPackage_RS4**  The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_RS4**  The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoBlock_RS4**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoBlock_RS4**  The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoPassive_RS4**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPassive_RS4**  The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoPostUpgrade_RS4**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS4**  The count of the number of this particular object type present on this device.
 - **DatasourceSystemBios_19H1Setup**  The total number of objects of this type present on this device.
- **DatasourceSystemBios_RS4**  The total number of objects of this type present on this device.
+- **DatasourceSystemBios_RS4**  The count of the number of this particular object type present on this device.
- **DecisionApplicationFile_RS4**  The total number of objects of this type present on this device.
+- **DecisionApplicationFile_RS4**  The count of the number of this particular object type present on this device.
- **DecisionDevicePnp_RS4**  The total number of objects of this type present on this device.
+- **DecisionDevicePnp_RS4**  The count of the number of this particular object type present on this device.
- **DecisionDriverPackage_RS4**  The total number of objects of this type present on this device.
+- **DecisionDriverPackage_RS4**  The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoBlock_RS4**  The total number of objects of this type present on this device.
+- **DecisionMatchingInfoBlock_RS4**  The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoPassive_RS4**  The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPassive_RS4**  The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoPostUpgrade_RS4**  The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPostUpgrade_RS4**  The count of the number of this particular object type present on this device.
- **DecisionMediaCenter_RS4**  The total number of objects of this type present on this device.
+- **DecisionMediaCenter_RS4**  The count of the number of this particular object type present on this device.
 - **DecisionSystemBios_19H1Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_RS4**  The total number of objects of this type present on this device.
 - **InventoryApplicationFile**  The total number of objects of this type present on this device.
@ -82,7 +79,7 @@ The following fields are available:
 - **SystemWim**  The total number of objects of this type present on this device.
 - **SystemWindowsActivationStatus**  The total number of objects of this type present on this device.
 - **SystemWlan**  The total number of objects of this type present on this device.
- **Wmdrm_RS4**  The total number of objects of this type present on this device.
+- **Wmdrm_RS4**  The total Wmdrm objects targeting Windows 10, version 1803 present on this device.
 ### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd
@ -1377,8 +1374,8 @@ The following fields are available:
 - **IsEDPEnabled**  Represents if Enterprise data protected on the device.
 - **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
 - **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment.
+- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an enterprise Configuration Manager environment.
- **ServerFeatures**  Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
+- **ServerFeatures**  Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
 - **SystemCenterID**  The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
@ -1519,7 +1516,7 @@ The following fields are available:
 - **ServiceMachineIP**  Retrieves the IP address of the KMS host used for anti-piracy.
 - **ServiceMachinePort**  Retrieves the port of the KMS host used for anti-piracy.
 - **ServiceProductKeyID**  Retrieves the License key of the KMS
- **SharedPCMode**  Returns Boolean for education devices used as shared cart
+- **SharedPCMode**  Returns Boolean for devices that have enabled the configuration EnableSharedPCMode.
 - **Signature**  Retrieves if it is a signature machine sold by Microsoft store.
 - **SLICStatus**  Whether a SLIC table exists on the device.
 - **SLICVersion**  Returns OS type/version from SLIC table.
@ -1676,7 +1673,7 @@ The following fields are available:
 - **UpdateServiceURLConfigured**  Retrieves if the device is managed by Windows Server Update Services (WSUS).
 - **WUDeferUpdatePeriod**  Retrieves if deferral is set for Updates.
 - **WUDeferUpgradePeriod**  Retrieves if deferral is set for Upgrades.
- **WUDODownloadMode**  Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update(WU) updates to other devices on the same network.
+- **WUDODownloadMode**  Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update (WU) updates to other devices on the same network.
 - **WUMachineId**  Retrieves the Windows Update (WU) Machine Identifier.
 - **WUPauseState**  Retrieves Windows Update setting to determine if updates are paused.
 - **WUServer**  Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default).
@ -1954,6 +1951,18 @@ This event is fired by UTC at state transitions to signal what data we are allow
 This event is fired by UTC at startup to signal what data we are allowed to collect. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
 The following fields are available:
 - **CanAddMsaToMsTelemetry**  True if UTC is allowed to add MSA user identity onto telemetry from the OS provider groups.
 - **CanCollectAnyTelemetry**  True if UTC is allowed to collect non-OS telemetry. Non-OS telemetry is responsible for providing its own opt-in mechanism.
 - **CanCollectCoreTelemetry**  True if UTC is allowed to collect data which is tagged with both MICROSOFT_KEYWORD_CRITICAL_DATA and MICROSOFT_EVENTTAG_CORE_DATA.
 - **CanCollectHeartbeats**  True if we can collect heartbeat telemetry, false otherwise.
 - **CanCollectOsTelemetry**  True if UTC is allowed to collect telemetry from the OS provider groups (often called Microsoft Telemetry).
 - **CanPerformDiagnosticEscalations**  True if UTC is allowed to perform all scenario escalations.
 - **CanPerformTraceEscalations**  True if UTC is allowed to perform scenario escalations with tracing actions.
 - **CanReportScenarios**  True if we can report scenario completions, false otherwise.
 - **PreviousPermissions**  Bitmask representing the previously configured permissions since the telemetry client was last started.
 - **TransitionFromEverythingOff**  True if this transition is moving from not allowing core telemetry to allowing core telemetry.
 ### TelClientSynthetic.ConnectivityHeartBeat_0
@ -1962,7 +1971,7 @@ This event sends data about the connectivity status of the Connected User Experi
 The following fields are available:
- **CensusExitCode**  Returns last execution codes from census client run.
+- **CensusExitCode**  Last exit code of Census task
 - **CensusStartTime**  Returns timestamp corresponding to last successful census run.
 - **CensusTaskEnabled**  Returns Boolean value for the census task (Enable/Disable) on client machine.
 - **LastConnectivityLossTime**  The FILETIME at which the last free network loss occurred.
@ -2212,7 +2221,7 @@ This event sends basic metadata about the starting point of uninstalling a featu
 ### Microsoft.Windows.HangReporting.AppHangEvent
-This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on client devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
+This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
 The following fields are available:
@ -2518,7 +2527,7 @@ The following fields are available:
 - **Enumerator**  Identifies the bus that enumerated the device.
 - **HWID**  A list of hardware IDs for the device.
 - **Inf**  The name of the INF file (possibly renamed by the OS, such as oemXX.inf).
- **InstallState**  The device installation state. For a list of values, see: [Device Install State](https://msdn.microsoft.com/library/windows/hardware/ff543130.aspx)
+- **InstallState**  The device installation state. For a list of values, see: [Device Install State](/windows-hardware/drivers/ddi/wdm/ne-wdm-_device_install_state)
 - **InventoryVersion**  The version number of the inventory process generating the events.
 - **LowerClassFilters**  The identifiers of the Lower Class filters installed for the device.
 - **LowerFilters**  The identifiers of the Lower filters installed for the device.
@ -2594,7 +2603,7 @@ The following fields are available:
 - **DriverIsKernelMode**  Is it a kernel mode driver?
 - **DriverName**  The file name of the driver.
 - **DriverPackageStrongName**  The strong name of the driver package
- **DriverSigned**  The strong name of the driver package
+- **DriverSigned**  Is the driver signed?
 - **DriverTimeStamp**  The low 32 bits of the time stamp of the driver file.
 - **DriverType**  A bitfield of driver attributes: 1. define DRIVER_MAP_DRIVER_TYPE_PRINTER 0x0001. 2. define DRIVER_MAP_DRIVER_TYPE_KERNEL 0x0002. 3. define DRIVER_MAP_DRIVER_TYPE_USER 0x0004. 4. define DRIVER_MAP_DRIVER_IS_SIGNED 0x0008. 5. define DRIVER_MAP_DRIVER_IS_INBOX 0x0010. 6. define DRIVER_MAP_DRIVER_IS_WINQUAL 0x0040. 7. define DRIVER_MAP_DRIVER_IS_SELF_SIGNED 0x0020. 8. define DRIVER_MAP_DRIVER_IS_CI_SIGNED 0x0080. 9. define DRIVER_MAP_DRIVER_HAS_BOOT_SERVICE 0x0100. 10. define DRIVER_MAP_DRIVER_TYPE_I386 0x10000. 11. define DRIVER_MAP_DRIVER_TYPE_IA64 0x20000. 12. define DRIVER_MAP_DRIVER_TYPE_AMD64 0x40000. 13. define DRIVER_MAP_DRIVER_TYPE_ARM 0x100000. 14. define DRIVER_MAP_DRIVER_TYPE_THUMB 0x200000. 15. define DRIVER_MAP_DRIVER_TYPE_ARMNT 0x400000. 16. define DRIVER_MAP_DRIVER_IS_TIME_STAMPED 0x800000.
 - **DriverVersion**  The version of the driver file.
@ -2743,59 +2752,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd
 This event provides data on the installed Office add-ins. The data collected with this event is used to keep Windows performing properly.
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 The following fields are available:
 - **AddinCLSID**  The class identifier key for the Microsoft Office add-in.
 - **AddInCLSID**  The class identifier key for the Microsoft Office add-in.
 - **AddInId**  The identifier for the Microsoft Office add-in.
 - **AddinType**  The type of the Microsoft Office add-in.
 - **BinFileTimestamp**  The timestamp of the Office add-in.
 - **BinFileVersion**  The version of the Microsoft Office add-in.
 - **Description**  Description of the Microsoft Office add-in.
 - **FileId**  The file identifier of the Microsoft Office add-in.
 - **FileSize**  The file size of the Microsoft Office add-in.
 - **FriendlyName**  The friendly name for the Microsoft Office add-in.
 - **FullPath**  The full path to the Microsoft Office add-in.
 - **InventoryVersion**  The version of the inventory binary generating the events.
 - **LoadBehavior**  Integer that describes the load behavior.
 - **LoadTime**  Load time for the Office add-in.
 - **OfficeApplication**  The Microsoft Office application associated with the add-in.
 - **OfficeArchitecture**  The architecture of the add-in.
 - **OfficeVersion**  The Microsoft Office version for this add-in.
 - **OutlookCrashingAddin**  Indicates whether crashes have been found for this add-in.
 - **ProductCompany**  The name of the company associated with the Office add-in.
 - **ProductName**  The product name associated with the Microsoft Office add-in.
 - **ProductVersion**  The version associated with the Office add-in.
 - **ProgramId**  The unique program identifier of the Microsoft Office add-in.
 - **Provider**  Name of the provider for this add-in.
 - **Usage**  Data regarding usage of the add-in.
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove
 This event indicates that the particular data object represented by the objectInstanceId is no longer present. The data collected with this event is used to keep Windows performing properly.
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInStartSync
 This event indicates that a new sync is being generated for this object type. The data collected with this event is used to keep Windows performing properly.
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 The following fields are available:
 - **InventoryVersion**  The version of the inventory binary generating the events.
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd
 This event provides data on Unified Update Platform (UUP) products and what version they are at. The data collected with this event is used to keep Windows performing properly.
@ -3025,6 +2981,22 @@ The following fields are available:
 - **winInetError**  The HResult of the operation.
 ## Other events
 ### Microsoft.ServerManagementExperience.Gateway.Service.ManagedNodeProperties
 This is a periodic rundown event that contains more detailed information about the nodes added to this Windows Admin Center gateway for management.
 The following fields are available:
 - **nodeId**  The nodeTypeId concatenated with the hostname or IP address that gateway uses to connect to this node.
 - **nodeOperatingSystem**  A user friendly description of the node's OS version.
 - **nodeOSVersion**  A major or minor build version string for the node's OS.
 - **nodeTypeId**  A string that distinguishes between a connection target, whether it is a client, server, cluster or a hyper-converged cluster.
 - **otherProperties**  Contains a JSON object with variable content and may contain: "nodes": a list of host names or IP addresses of the servers belonging to a cluster, "aliases": the alias if it is set for this connection, "lastUpdatedTime": the number of milliseconds since Unix epoch when this connection was last updated, "ncUri", "caption", "version", "productType", "networkName", "operatingSystem", "computerManufacturer", "computerModel", "isS2dEnabled". This JSON object is formatted as an quotes-escaped string.
 ## Privacy logging notification events
 ### Microsoft.Windows.Shell.PrivacyNotifierLogging.PrivacyNotifierCompleted
@ -3727,7 +3699,7 @@ Activity for deletion of a user account for devices set up for Shared PC mode as
 The following fields are available:
- **accountType**  The type of account that was deleted. Example: AD, Azure Active Directory (AAD), or Local
+- **accountType**  The type of account that was deleted. Example: AD, Azure Active Directory (Azure AD), or Local
 - **deleteState**  Whether the attempted deletion of the user account was successful.
 - **userSid**  The security identifier of the account.
 - **wilActivity**  Windows Error Reporting data collected when there is a failure in deleting a user account with the Transient Account Manager. See [wilActivity](#wilactivity).
@ -4353,7 +4325,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgent_FellBackToCanonical
-This event collects information when Express could not be used, and the update had to fall back to “canonical” during the new UUP (Unified Update Platform) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information when Express could not be used, and the update had to fall back to “canonical” during the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -4451,7 +4423,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentCommit
-This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -4467,7 +4439,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentDownloadRequest
-This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -4499,7 +4471,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentExpand
-This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -4519,7 +4491,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentFellBackToCanonical
-This event collects information when express could not be used and we fall back to canonical during the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information when express could not be used and we fall back to canonical during the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -4535,7 +4507,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentInitialize
-This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -4631,7 +4603,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentModeStart
-This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -4647,7 +4619,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentOneSettings
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -4665,7 +4637,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentPostRebootResult
-This event collects information regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -4682,7 +4654,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentSetupBoxLaunch
-The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -5056,7 +5028,7 @@ This event sends a summary of all the setup mitigations available for this updat
 ### Setup360Telemetry.Setup360OneSettings
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -6568,7 +6540,3 @@ This event indicates whether the system detected an activation error in the app.
 ### Microsoft.Xbox.XamTelemetry.AppActivity
 This event is triggered whenever the current app state is changed by: launch, switch, terminate, snap, etc.
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
@ -1,16 +1,13 @@
 ---
 description: Learn more about the Windows 10, version 1803 diagnostic data gathered at the basic level.
 title: Windows 10, version 1803 basic diagnostic events and fields (Windows 10)
-ms.prod: m365-security
+ms.prod: windows-client
-localizationpriority: high
+ms.technology: itpro-privacy
 localizationpriority: medium
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 
 ms.reviewer:
 ms.technology: privacy
 ---
@ -29,8 +26,9 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 You can learn more about Windows functional and diagnostic data through these articles:
- [Required Windows 11 diagnostic events and fields](required-windows-11-diagnostic-events-and-fields.md)
+- [Required diagnostic events and fields for Windows 11, version 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
 - [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
 - [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
 - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
 - [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
@ -39,7 +37,6 @@ You can learn more about Windows functional and diagnostic data through these ar
 - [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
 ## Appraiser events
 ### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
@ -50,50 +47,50 @@ The following fields are available:
 - **DatasourceApplicationFile_RS1**  The total number of objects of this type present on this device.
 - **DatasourceApplicationFile_RS3**  The total number of objects of this type present on this device.
- **DatasourceApplicationFile_RS5**  The total number of objects of this type present on this device.
+- **DatasourceApplicationFile_RS5**  The count of the number of this particular object type present on this device.
 - **DatasourceDevicePnp_RS1**  The total number of objects of this type present on this device.
 - **DatasourceDevicePnp_RS3**  The total number of objects of this type present on this device.
- **DatasourceDevicePnp_RS5**  The total number of objects of this type present on this device.
+- **DatasourceDevicePnp_RS5**  The count of the number of this particular object type present on this device.
 - **DatasourceDriverPackage_RS1**  The total number of objects of this type present on this device.
 - **DatasourceDriverPackage_RS3**  The total number of objects of this type present on this device.
- **DatasourceDriverPackage_RS5**  The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_RS5**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoBlock_RS1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoBlock_RS3**  The total number of objects of this type present on this device.
- **DataSourceMatchingInfoBlock_RS5**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoBlock_RS5**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPassive_RS1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPassive_RS3**  The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPassive_RS5**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPassive_RS5**  The count of the number of this particular object type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS3**  The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPostUpgrade_RS5**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS5**  The count of the number of this particular object type present on this device.
 - **DatasourceSystemBios_RS1**  The total number of objects of this type present on this device.
 - **DatasourceSystemBios_RS3**  The total number of objects of this type present on this device.
- **DatasourceSystemBios_RS5**  The total number of objects of this type present on this device.
+- **DatasourceSystemBios_RS5**  The count of the number of this particular object type present on this device.
 - **DatasourceSystemBios_RS5Setup**  The total number of objects of this type present on this device.
 - **DecisionApplicationFile_RS1**  The total number of objects of this type present on this device.
 - **DecisionApplicationFile_RS3**  The total number of objects of this type present on this device.
- **DecisionApplicationFile_RS5**  The total number of objects of this type present on this device.
+- **DecisionApplicationFile_RS5**  The count of the number of this particular object type present on this device.
 - **DecisionDevicePnp_RS1**  The total number of objects of this type present on this device.
 - **DecisionDevicePnp_RS3**  The total number of objects of this type present on this device.
- **DecisionDevicePnp_RS5**  The total number of objects of this type present on this device.
+- **DecisionDevicePnp_RS5**  The count of the number of this particular object type present on this device.
 - **DecisionDriverPackage_RS1**  The total number of objects of this type present on this device.
 - **DecisionDriverPackage_RS3**  The total number of objects of this type present on this device.
- **DecisionDriverPackage_RS5**  The total number of objects of this type present on this device.
+- **DecisionDriverPackage_RS5**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoBlock_RS1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoBlock_RS3**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoBlock_RS5**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPassive_RS1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPassive_RS3**  The total number of objects of this type present on this device.
- **DecisionMatchingInfoPassive_RS5**  The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPassive_RS5**  The count of the number of this particular object type present on this device.
 - **DecisionMatchingInfoPostUpgrade_RS1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPostUpgrade_RS3**  The total number of objects of this type present on this device.
- **DecisionMatchingInfoPostUpgrade_RS5**  The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPostUpgrade_RS5**  The count of the number of this particular object type present on this device.
 - **DecisionMediaCenter_RS1**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_RS3**  The total number of objects of this type present on this device.
- **DecisionMediaCenter_RS5**  The total number of objects of this type present on this device.
+- **DecisionMediaCenter_RS5**  The count of the number of this particular object type present on this device.
 - **DecisionSystemBios_RS1**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_RS3**  The total number of objects of this type present on this device.
- **DecisionSystemBios_RS5**  The total number of objects of this type present on this device.
+- **DecisionSystemBios_RS5**  The total DecisionSystemBios objects targeting the next release of Windows on this device.
 - **DecisionSystemBios_RS5Setup**  The total number of objects of this type present on this device.
 - **DecisionTest_RS1**  The total number of objects of this type present on this device.
 - **InventoryApplicationFile**  The total number of objects of this type present on this device.
@ -115,7 +112,7 @@ The following fields are available:
 - **SystemWlan**  The total number of objects of this type present on this device.
 - **Wmdrm_RS1**  The total number of objects of this type present on this device.
 - **Wmdrm_RS3**  The total number of objects of this type present on this device.
- **Wmdrm_RS5**  The total number of objects of this type present on this device.
+- **Wmdrm_RS5**  The count of the number of this particular object type present on this device.
 ### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd
@ -1434,8 +1431,8 @@ The following fields are available:
 - **IsEDPEnabled**  Represents if Enterprise data protected on the device.
 - **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
 - **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment.
+- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an enterprise Configuration Manager environment.
- **ServerFeatures**  Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
+- **ServerFeatures**  Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
 - **SystemCenterID**  The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
@ -1576,7 +1573,7 @@ The following fields are available:
 - **ServiceMachineIP**  Retrieves the IP address of the KMS host used for anti-piracy.
 - **ServiceMachinePort**  Retrieves the port of the KMS host used for anti-piracy.
 - **ServiceProductKeyID**  Retrieves the License key of the KMS
- **SharedPCMode**  Returns Boolean for education devices used as shared cart
+- **SharedPCMode**  Returns Boolean for devices that have enabled the configuration EnableSharedPCMode.ration EnableSharedPCMode.
 - **Signature**  Retrieves if it is a signature machine sold by Microsoft store.
 - **SLICStatus**  Whether a SLIC table exists on the device.
 - **SLICVersion**  Returns OS type/version from SLIC table.
@ -2323,9 +2320,6 @@ The following fields are available:
 - **EtwDroppedBufferCount**  Number of buffers dropped in the UTC ETW session.
 - **EtwDroppedCount**  Number of events dropped at ETW layer of telemetry client.
 - **EventsPersistedCount**  Number of events that reached the PersistEvent stage.
 - **EventStoreLifetimeResetCounter**  Number of times event DB was reset for the lifetime of UTC.
 - **EventStoreResetCounter**  Number of times event DB was reset.
 - **EventStoreResetSizeSum**  Total size of event DB across all resets reports in this instance.
 - **EventSubStoreResetCounter**  Number of times event DB was reset.
 - **EventSubStoreResetSizeSum**  Total size of event DB across all resets reports in this instance.
 - **EventsUploaded**  Number of events uploaded.
@ -3164,7 +3158,7 @@ This event sends basic metadata about the starting point of uninstalling a featu
 ### Microsoft.Windows.HangReporting.AppHangEvent
-This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on client devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
+This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
 The following fields are available:
@ -3477,7 +3471,7 @@ The following fields are available:
 - **Enumerator**  Identifies the bus that enumerated the device.
 - **HWID**  A list of hardware IDs for the device.
 - **Inf**  The name of the INF file (possibly renamed by the OS, such as oemXX.inf).
- **InstallState**  The device installation state. For a list of values, see: [Device Install State](https://msdn.microsoft.com/library/windows/hardware/ff543130.aspx)
+- **InstallState**  The device installation state. For a list of values, see: [Device Install State](/windows-hardware/drivers/ddi/wdm/ne-wdm-_device_install_state)
 - **InventoryVersion**  The version number of the inventory process generating the events.
 - **LowerClassFilters**  The identifiers of the Lower Class filters installed for the device.
 - **LowerFilters**  The identifiers of the Lower filters installed for the device.
@ -3553,7 +3547,7 @@ The following fields are available:
 - **DriverIsKernelMode**  Is it a kernel mode driver?
 - **DriverName**  The file name of the driver.
 - **DriverPackageStrongName**  The strong name of the driver package
- **DriverSigned**  The strong name of the driver package
+- **DriverSigned**  Is the driver signed?
 - **DriverTimeStamp**  The low 32 bits of the time stamp of the driver file.
 - **DriverType**  A bitfield of driver attributes: 1. define DRIVER_MAP_DRIVER_TYPE_PRINTER 0x0001. 2. define DRIVER_MAP_DRIVER_TYPE_KERNEL 0x0002. 3. define DRIVER_MAP_DRIVER_TYPE_USER 0x0004. 4. define DRIVER_MAP_DRIVER_IS_SIGNED 0x0008. 5. define DRIVER_MAP_DRIVER_IS_INBOX 0x0010. 6. define DRIVER_MAP_DRIVER_IS_WINQUAL 0x0040. 7. define DRIVER_MAP_DRIVER_IS_SELF_SIGNED 0x0020. 8. define DRIVER_MAP_DRIVER_IS_CI_SIGNED 0x0080. 9. define DRIVER_MAP_DRIVER_HAS_BOOT_SERVICE 0x0100. 10. define DRIVER_MAP_DRIVER_TYPE_I386 0x10000. 11. define DRIVER_MAP_DRIVER_TYPE_IA64 0x20000. 12. define DRIVER_MAP_DRIVER_TYPE_AMD64 0x40000. 13. define DRIVER_MAP_DRIVER_TYPE_ARM 0x100000. 14. define DRIVER_MAP_DRIVER_TYPE_THUMB 0x200000. 15. define DRIVER_MAP_DRIVER_TYPE_ARMNT 0x400000. 16. define DRIVER_MAP_DRIVER_IS_TIME_STAMPED 0x800000.
 - **DriverVersion**  The version of the driver file.
@ -3707,61 +3701,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd
 This event provides data on the installed Office add-ins. The data collected with this event is used to keep Windows performing properly.
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 The following fields are available:
 - **AddinCLSID**  The class identifier key for the Microsoft Office add-in.
 - **AddInCLSID**  The class identifier key for the Microsoft Office add-in.
 - **AddInId**  The identifier for the Microsoft Office add-in.
 - **AddinType**  The type of the Microsoft Office add-in.
 - **BinFileTimestamp**  The timestamp of the Office add-in.
 - **BinFileVersion**  The version of the Microsoft Office add-in.
 - **Description**  Description of the Microsoft Office add-in.
 - **FileId**  The file identifier of the Microsoft Office add-in.
 - **FileSize**  The file size of the Microsoft Office add-in.
 - **FriendlyName**  The friendly name for the Microsoft Office add-in.
 - **FullPath**  The full path to the Microsoft Office add-in.
 - **InventoryVersion**  The version of the inventory binary generating the events.
 - **LoadBehavior**  Integer that describes the load behavior.
 - **LoadTime**  Load time for the office addin
 - **OfficeApplication**  The Microsoft Office application associated with the add-in.
 - **OfficeArchitecture**  The architecture of the add-in.
 - **OfficeVersion**  The Microsoft Office version for this add-in.
 - **OutlookCrashingAddin**  Indicates whether crashes have been found for this add-in.
 - **ProductCompany**  The name of the company associated with the Office add-in.
 - **ProductName**  The product name associated with the Microsoft Office add-in.
 - **ProductVersion**  The version associated with the Office add-in.
 - **ProgramId**  The unique program identifier of the Microsoft Office add-in.
 - **Provider**  Name of the provider for this add-in.
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove
 This event indicates that the particular data object represented by the objectInstanceId is no longer present. The data collected with this event is used to keep Windows performing properly.
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 The following fields are available:
 - **InventoryVersion**  The version of the inventory binary generating the events.
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInStartSync
 This event indicates that a new sync is being generated for this object type. The data collected with this event is used to keep Windows performing properly.
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 The following fields are available:
 - **InventoryVersion**  The version of the inventory binary generating the events.
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd
 This event provides data on Unified Update Platform (UUP) products and what version they are at. The data collected with this event is used to keep Windows performing properly.
@ -4363,10 +4302,6 @@ The following fields are available:
 - **winInetError**  The HResult of the operation.
 ## Other events
 ## Privacy consent logging events
 ### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
@ -4984,7 +4919,7 @@ Activity for deletion of a user account for devices set up for Shared PC mode as
 The following fields are available:
- **accountType**  The type of account that was deleted. Example: AD, Azure Active Directory (AAD), or Local.
+- **accountType**  The type of account that was deleted. Example: AD, Azure Active Directory (Azure AD), or Local
 - **deleteState**  Whether the attempted deletion of the user account was successful.
 - **userSid**  The security identifier of the account.
 - **wilActivity**  Windows Error Reporting data collected when there is a failure in deleting a user account with the Transient Account Manager. See [wilActivity](#wilactivity).
@ -5460,6 +5395,7 @@ The following fields are available:
 - **UpdateId**  The update ID for a specific piece of content.
 - **ValidityWindowInDays**  The validity window that's in effect when verifying the timestamp.
 ## Surface events
 ### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
@ -5576,7 +5512,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentCommit
-This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -5592,7 +5528,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentDownloadRequest
-This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -5624,7 +5560,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentExpand
-This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -5644,7 +5580,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentFellBackToCanonical
-This event collects information when express could not be used and we fall back to canonical during the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information when express could not be used and we fall back to canonical during the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -5660,7 +5596,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentInitialize
-This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -5758,7 +5694,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentModeStart
-This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -5774,7 +5710,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentOneSettings
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -5792,7 +5728,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentPostRebootResult
-This event collects information regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -5814,7 +5750,7 @@ This event sends information indicating that a request has been sent to suspend
 ### Update360Telemetry.UpdateAgentSetupBoxLaunch
-The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -6258,7 +6194,7 @@ The following fields are available:
 ### Setup360Telemetry.Setup360OneSettings
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -8296,6 +8232,3 @@ The following fields are available:
 - **LicenseXuid**  If the license type is 1 (User), this field contains the XUID (Xbox User ID) of the registered owner of the license.
 - **ProductGuid**  The Xbox product GUID (Globally-Unique ID) of the application.
 - **UserId**  The XUID (Xbox User ID) of the current user.
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
@ -1,16 +1,13 @@
 ---
 description: Learn more about the Windows 10, version 1809 diagnostic data gathered at the basic level.
 title: Windows 10, version 1809 basic diagnostic events and fields (Windows 10)
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date:
 ms.reviewer:
 ms.technology: privacy
 ---
@ -28,8 +25,9 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 You can learn more about Windows functional and diagnostic data through these articles:
- [Required Windows 11 diagnostic events and fields](required-windows-11-diagnostic-events-and-fields.md)
+- [Required diagnostic events and fields for Windows 11, version 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
 - [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
 - [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
 - [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
 - [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
@ -38,8 +36,6 @@ You can learn more about Windows functional and diagnostic data through these ar
 - [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
 ## Account trace logging provider events
 ### Microsoft.Windows.Mitigation.AccountTraceLoggingProvider.General
@ -2166,8 +2162,8 @@ The following fields are available:
 - **IsEDPEnabled**  Represents if Enterprise data protected on the device.
 - **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
 - **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment.
+- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an enterprise Configuration Manager environment.
- **ServerFeatures**  Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
+- **ServerFeatures**  Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
 - **SystemCenterID**  The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
@ -2310,7 +2306,7 @@ The following fields are available:
 - **ServiceMachineIP**  Retrieves the IP address of the KMS host used for anti-piracy.
 - **ServiceMachinePort**  Retrieves the port of the KMS host used for anti-piracy.
 - **ServiceProductKeyID**  Retrieves the License key of the KMS
- **SharedPCMode**  Returns Boolean for education devices used as shared cart
+- **SharedPCMode**  Returns Boolean for devices that have enabled the configuration EnableSharedPCMode.
 - **Signature**  Retrieves if it is a signature machine sold by Microsoft store.
 - **SLICStatus**  Whether a SLIC table exists on the device.
 - **SLICVersion**  Returns OS type/version from SLIC table.
@ -2569,7 +2565,7 @@ The following fields are available:
 - **UpdateServiceURLConfigured**  Retrieves if the device is managed by Windows Server Update Services (WSUS).
 - **WUDeferUpdatePeriod**  Retrieves if deferral is set for Updates.
 - **WUDeferUpgradePeriod**  Retrieves if deferral is set for Upgrades.
- **WUDODownloadMode**  Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update (WU) updates to other devices on the same network.
+- **WUDODownloadMode**  Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update updates to other devices on the same network.
 - **WUMachineId**  Retrieves the Windows Update (WU) Machine Identifier.
 - **WUPauseState**  Retrieves Windows Update setting to determine if updates are paused.
 - **WUServer**  Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default).
@ -2587,6 +2583,27 @@ The following fields are available:
 - **XboxLiveSandboxId**  Retrieves the developer sandbox ID if the device is internal to Microsoft.
 ## Code Integrity events
 ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Compatibility
 Fires when the compatibility check completes. Gives the results from the check.
 The following fields are available:
 - **IsRecommended**  Denotes whether all compatibility checks have passed and, if so, returns true. Otherwise returns false.
 - **Issues**  If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-hvci-default-enablement).
 ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HVCIActivity
 Fires at the beginning and end of the HVCI auto-enablement process in sysprep.
 The following fields are available:
 - **wilActivity**  Contains the thread ID used to match the begin and end events, and for the end event also a HResult indicating sucess or failure. See [wilActivity](#wilactivity).
 ## Common data extensions
 ### Common Data Extensions.app
@ -3181,7 +3198,7 @@ This event sends data about the connectivity status of the Connected User Experi
 The following fields are available:
- **CensusExitCode**  Returns last execution codes from census client run.
+- **CensusExitCode**  Last exit code of Census task
 - **CensusStartTime**  Returns timestamp corresponding to last successful census run.
 - **CensusTaskEnabled**  Returns Boolean value for the census task (Enable/Disable) on client machine.
 - **LastConnectivityLossTime**  The FILETIME at which the last free network loss occurred.
@ -4446,7 +4463,7 @@ This event sends basic metadata about the starting point of uninstalling a featu
 ### Microsoft.Windows.HangReporting.AppHangEvent
-This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on client devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
+This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
 The following fields are available:
@ -4804,7 +4821,7 @@ The following fields are available:
 - **HWID**  A list of hardware IDs for the device.
 - **Inf**  The name of the INF file (possibly renamed by the OS, such as oemXX.inf).
 - **InstallDate**  The date of the most recent installation of the device on the machine.
- **InstallState**  The device installation state. For a list of values, see: [Device Install State](https://msdn.microsoft.com/library/windows/hardware/ff543130.aspx)
+- **InstallState**  The device installation state. For a list of values, see: [Device Install State](/windows-hardware/drivers/ddi/wdm/ne-wdm-_device_install_state)
 - **InventoryVersion**  The version number of the inventory process generating the events.
 - **LowerClassFilters**  The identifiers of the Lower Class filters installed for the device.
 - **LowerFilters**  The identifiers of the Lower filters installed for the device.
@ -4903,7 +4920,7 @@ The following fields are available:
 - **DriverIsKernelMode**  Is it a kernel mode driver?
 - **DriverName**  The file name of the driver.
 - **DriverPackageStrongName**  The strong name of the driver package
- **DriverSigned**  The strong name of the driver package
+- **DriverSigned**  Is the driver signed?
 - **DriverTimeStamp**  The low 32 bits of the time stamp of the driver file.
 - **DriverType**  A bitfield of driver attributes: 1. define DRIVER_MAP_DRIVER_TYPE_PRINTER 0x0001. 2. define DRIVER_MAP_DRIVER_TYPE_KERNEL 0x0002. 3. define DRIVER_MAP_DRIVER_TYPE_USER 0x0004. 4. define DRIVER_MAP_DRIVER_IS_SIGNED 0x0008. 5. define DRIVER_MAP_DRIVER_IS_INBOX 0x0010. 6. define DRIVER_MAP_DRIVER_IS_WINQUAL 0x0040. 7. define DRIVER_MAP_DRIVER_IS_SELF_SIGNED 0x0020. 8. define DRIVER_MAP_DRIVER_IS_CI_SIGNED 0x0080. 9. define DRIVER_MAP_DRIVER_HAS_BOOT_SERVICE 0x0100. 10. define DRIVER_MAP_DRIVER_TYPE_I386 0x10000. 11. define DRIVER_MAP_DRIVER_TYPE_IA64 0x20000. 12. define DRIVER_MAP_DRIVER_TYPE_AMD64 0x40000. 13. define DRIVER_MAP_DRIVER_TYPE_ARM 0x100000. 14. define DRIVER_MAP_DRIVER_TYPE_THUMB 0x200000. 15. define DRIVER_MAP_DRIVER_TYPE_ARMNT 0x400000. 16. define DRIVER_MAP_DRIVER_IS_TIME_STAMPED 0x800000.
 - **DriverVersion**  The version of the driver file.
@ -5053,61 +5070,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd
 This event provides data on the installed Office add-ins. The data collected with this event is used to keep Windows performing properly.
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 The following fields are available:
 - **AddinCLSID**  The class identifier key for the Microsoft Office add-in.
 - **AddInCLSID**  The class identifier key for the Microsoft Office add-in.
 - **AddInId**  The identifier for the Microsoft Office add-in.
 - **AddinType**  The type of the Microsoft Office add-in.
 - **BinFileTimestamp**  The timestamp of the Office add-in.
 - **BinFileVersion**  The version of the Microsoft Office add-in.
 - **Description**  Description of the Microsoft Office add-in.
 - **FileId**  The file identifier of the Microsoft Office add-in.
 - **FileSize**  The file size of the Microsoft Office add-in.
 - **FriendlyName**  The friendly name for the Microsoft Office add-in.
 - **FullPath**  The full path to the Microsoft Office add-in.
 - **InventoryVersion**  The version of the inventory binary generating the events.
 - **LoadBehavior**  Integer that describes the load behavior.
 - **LoadTime**  Load time for the Office add-in.
 - **OfficeApplication**  The Microsoft Office application associated with the add-in.
 - **OfficeArchitecture**  The architecture of the add-in.
 - **OfficeVersion**  The Microsoft Office version for this add-in.
 - **OutlookCrashingAddin**  Indicates whether crashes have been found for this add-in.
 - **ProductCompany**  The name of the company associated with the Office add-in.
 - **ProductName**  The product name associated with the Microsoft Office add-in.
 - **ProductVersion**  The version associated with the Office add-in.
 - **ProgramId**  The unique program identifier of the Microsoft Office add-in.
 - **Provider**  Name of the provider for this add-in.
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove
 This event indicates that the particular data object represented by the objectInstanceId is no longer present. The data collected with this event is used to keep Windows performing properly.
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 The following fields are available:
 - **InventoryVersion**  The version of the inventory binary generating the events.
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInStartSync
 This event indicates that a new sync is being generated for this object type. The data collected with this event is used to keep Windows performing properly.
 This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
 The following fields are available:
 - **InventoryVersion**  The version of the inventory binary generating the events.
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd
 This event provides data on Unified Update Platform (UUP) products and what version they are at. The data collected with this event is used to keep Windows performing properly.
@ -5470,6 +5432,25 @@ The following fields are available:
 - **utc_flags**  Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
 ### Microsoft.Edge.Crashpad.CrashEvent
 This event sends simple Product and Service Performance data on a crashing Microsoft Edge browser process to help mitigate future instances of the crash.
 The following fields are available:
 - **app_name**  The name of the crashing process.
 - **app_session_guid**  Encodes the boot session, process id, and process start time.
 - **app_version**  The version of the crashing process.
 - **client_id_hash**  Hash of the browser client ID which helps identify installations.
 - **etag**  Encodes the running experiments in the browser.
 - **module_name**  The name of the module in which the crash originated.
 - **module_offset**  Memory offset into the module in which the crash originated.
 - **module_version**  The version of the module in which the crash originated.
 - **process_type**  The type of the browser process that crashed, e.g., renderer, gpu-process, etc.
 - **stack_hash**  Hash of the stack trace representing the crash. Currently not used or set to zero.
 - **sub_code**  The exception/error code representing the crash.
 ### Microsoft.WebBrowser.Installer.EdgeUpdate.Ping
 This event sends hardware and software inventory information about the Microsoft Edge Update service, Microsoft Edge applications, and the current system environment, including app configuration, update configuration, and hardware capabilities. It's used to measure the reliability and performance of the EdgeUpdate service and if Microsoft Edge applications are up to date. This is an indication that the event is designed to keep Windows secure and up to date.
@ -5785,6 +5766,7 @@ The following fields are available:
 - **totalRunDuration**  Total running/evaluation time from last time.
 - **totalRuns**  Total number of running/evaluation from last time.
 ## Privacy consent logging events
 ### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
@ -5919,6 +5901,140 @@ The following fields are available:
 - **WusaInstallHResult**  Internal result code from WUSA when used to install the quality update.
 ### Microsoft.Windows.Shell.EM.EMCompleted
 Event that tracks the effectiveness of an operation to mitigate an issue on devices that meet certain requirements.
 The following fields are available:
 - **cleanUpScheduledTaskHR**  The result of the operation to clean up the scheduled task the launched the operation.
 - **eulaHashHR**  The result of the operation to generate a hash of the EULA file that's currently on-disk.
 - **mitigationHR**  The result of the operation to take corrective action on a device that's impacted.
 - **mitigationResult**  The enumeration value representing the action that was taken on the device.
 - **mitigationResultReason**  The string value representing the action that was taken on the device.
 - **mitigationSuccessWriteHR**  The result of writing the success value to the registry.
 - **region**  The device's default region at the time of execution.
 - **windowsVersionString**  The version of Windows that was computed at the time of execution.
 ### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantCompatCheckResult
 This event provides the result of running the compatibility check for update assistant. The data collected with this event is used to help keep Windows up to date.
 The following fields are available:
 - **CV**  The correlation vector.
 - **GlobalEventCounter**  The global event counter for all telemetry on the device.
 - **UpdateAssistantCompatCheckResultOutput**  Output of compatibility check for update assistant.
 - **UpdateAssistantVersion**  Current package version of UpdateAssistant.
 ### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantDeviceInformation
 This event provides basic information about the device where update assistant was run. The data collected with this event is used to help keep Windows up to date.
 The following fields are available:
 - **CV**  The correlation vector.
 - **GlobalEventCounter**  The global event counter for all telemetry on the device.
 - **UpdateAssistantAppFilePath**  Path to Update Assistant app.
 - **UpdateAssistantDeviceId**  Device Id of the Update Assistant Candidate Device.
 - **UpdateAssistantExeName**  Exe name running as Update Assistant.
 - **UpdateAssistantExternalId**  External Id of the Update Assistant Candidate Device.
 - **UpdateAssistantIsDeviceCloverTrail**  True/False is the device clovertrail.
 - **UpdateAssistantIsPushing**  True if the update is pushing to the device.
 - **UpdateAssistantMachineId**  Machine Id of the Update Assistant Candidate Device.
 - **UpdateAssistantOsVersion**  Update Assistant OS Version.
 - **UpdateAssistantPartnerId**  Partner Id for Assistant application.
 - **UpdateAssistantReportPath**  Path to report for Update Assistant.
 - **UpdateAssistantStartTime**  Start time for UpdateAssistant.
 - **UpdateAssistantTargetOSVersion**  Update Assistant Target OS Version.
 - **UpdateAssistantUiType**  The type of UI whether default or OOBE.
 - **UpdateAssistantVersion**  Current package version of UpdateAssistant.
 - **UpdateAssistantVersionInfo**  Information about Update Assistant application.
 ### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantInteractive
 An user action such as button click happens.
 The following fields are available:
 - **CV**  The correlation vector.
 - **GlobalEventCounter**  The global event counter for all telemetry on the device.
 - **UpdateAssistantInteractiveObjective**  The objective of the action performed.
 - **UpdateAssistantInteractiveUiAction**  The action performed through UI.
 - **UpdateAssistantVersion**  Current package version of Update Assistant.
 ### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState
 This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date.
 The following fields are available:
 - **CV**  The correlation vector.
 - **GlobalEventCounter**  The global event counter for all telemetry on the device.
 - **UpdateAssistantStateAcceptEULA**  True at the start of AcceptEULA.
 - **UpdateAssistantStateCheckingCompat**  True at the start of Checking Compat
 - **UpdateAssistantStateDownloading**  True at the start Downloading.
 - **UpdateAssistantStateInitializingApplication**  True at the start of the state InitializingApplication.
 - **UpdateAssistantStateInitializingStates**  True at the start of InitializingStates.
 - **UpdateAssistantVersion**  Current package version of UpdateAssistant.
 ### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStateGeneralErrorDetails
 Details about errors of current state.
 The following fields are available:
 - **CV**  The correlation vector.
 - **GlobalEventCounter**  The global event counter for all telemetry on the device.
 - **UpdateAssistantGeneralErrorHResult**  HResult of current state.
 - **UpdateAssistantGeneralErrorOriginalState**  State name of current state.
 - **UpdateAssistantVersion**  Current package version of Update Assistant.
 ### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantUserActionDetails
 This event provides details about user action. The data collected with this event is used to help keep Windows up to date.
 The following fields are available:
 - **CV**  The correlation vector.
 - **GlobalEventCounter**  The global event counter for all telemetry on the device.
 - **UpdateAssistantUserActionExitingState**  Exiting state name user performed action on.
 - **UpdateAssistantUserActionHResult**  HRESULT of user action.
 - **UpdateAssistantUserActionState**  State name user performed action on.
 - **UpdateAssistantVersion**  Current package version of UpdateAssistant.
 ### Microsoft.Windows.UpdateAssistantDwnldr.UpdateAssistantDownloadDetails
 Details about the Update Assistant ESD download.
 The following fields are available:
 - **CV**  The correlation vector.
 - **GlobalEventCounter**  The counter for all telemetry on the device.
 - **UpdateAssistantDownloadCancelled**  True when the ESD download is cancelled.
 - **UpdateAssistantDownloadDownloadTotalBytes**  The total size in bytes of the download.
 - **UpdateAssistantDownloadEditionMismatch**  True if downloaded ESD doesn't match edition.
 - **UpdateAssistantDownloadESDEncrypted**  True if ESD is encrypted.
 - **UpdateAssistantDownloadIs10s**  True if ESD is 10s.
 - **UpdateAssistantDownloadMessage**  Message from a completed or failed download.
 - **UpdateAssistantDownloadMsgSize**  Size of the download.
 - **UpdateAssistantDownloadNEdition**  True if ESD is N edition.
 - **UpdateAssistantDownloadPath**  Full path to the download.
 - **UpdateAssistantDownloadPathSize**  Size of the path.
 - **UpdateAssistantDownloadProductsXml**  Full path of products xml.
 - **UpdateAssistantDownloadTargetEdition**  The targeted edition for the download.
 - **UpdateAssistantDownloadTargetLanguage**  The targeted language for the download.
 - **UpdateAssistantDownloadUseCatalog**  True if update assistant is using catalog.
 - **UpdateAssistantVersion**  Current package version of Update Assistant.
 ## Remediation events
 ### Microsoft.Windows.Remediation.Applicable
@ -6994,6 +7110,7 @@ The following fields are available:
 - **UpdateId**  The update ID for a specific piece of content.
 - **ValidityWindowInDays**  The validity window that's in effect when verifying the timestamp.
 ## Surface events
 ### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
@ -7010,7 +7127,6 @@ The following fields are available:
 - **szBatteryInfo**  Battery performance data.
 ## System Resource Usage Monitor events
 ### Microsoft.Windows.Srum.Sdp.CpuUsage
@ -7061,7 +7177,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentCommit
-This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -7077,7 +7193,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentDownloadRequest
-This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -7114,7 +7230,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentExpand
-This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -7134,7 +7250,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentFellBackToCanonical
-This event collects information when express could not be used and we fall back to canonical during the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information when express could not be used and we fall back to canonical during the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -7150,7 +7266,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentInitialize
-This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -7249,7 +7365,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentModeStart
-This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -7265,7 +7381,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentOneSettings
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -7283,7 +7399,7 @@ The following fields are available:
 ### Update360Telemetry.UpdateAgentPostRebootResult
-This event collects information regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -7549,7 +7665,7 @@ This event sends data regarding OS Updates and Upgrades from Windows 7.X, Window
 The following fields are available:
 - **ClientId**  For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
- **FlightData**  In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData**  In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
 - **HostOSBuildNumber**  The build number of the previous operating system.
 - **HostOsSkuName**  The OS edition which is running the Setup360 instance (previous operating system).
 - **InstanceId**  Unique GUID that identifies each instance of setuphost.exe.
@ -7686,7 +7802,7 @@ The following fields are available:
 ### Setup360Telemetry.Setup360OneSettings
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
 The following fields are available:
@ -8291,7 +8407,7 @@ The following fields are available:
 - **oSVersion**  Build number of the device.
 - **paused**  Indicates whether the device is paused.
 - **rebootRequestSucceeded**  Reboot Configuration Service Provider (CSP) call success status.
- **wUfBConnected**  Result of Windows Update for Business connection check.
+- **wUfBConnected**  Result of WUfB connection check.
 ### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureNotApplicable
@ -8305,7 +8421,7 @@ The following fields are available:
 - **oSVersion**  Build number of the device.
 - **paused**  Indicates whether the device is paused.
 - **rebootRequestSucceeded**  Reboot Configuration Service Provider (CSP) call success status.
- **wUfBConnected**  Result of Windows Update for Business connection check.
+- **wUfBConnected**  Result of WUfB connection check.
 ### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureStarted
@ -8346,7 +8462,7 @@ The following fields are available:
 - **oSVersion**  Build number of the device.
 - **paused**  Indicates whether the device is paused.
 - **rebootRequestSucceeded**  Reboot Configuration Service Provider (CSP) call success status.
- **wUfBConnected**  Result of Windows Update for Business connection check.
+- **wUfBConnected**  Result of WUfB connection check.
 ### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualitySucceeded
@ -9562,10 +9678,10 @@ The following fields are available:
 - **CV**  The correlation vector.
 - **GlobalEventCounter**  Counts the events at the global level for telemetry.
 - **PackageVersion**  The package version for currency tools.
- **UnifiedInstallerDeviceAADJoinedHresult**  The result code after checking if device is Azure Active Directoryjoined.
+- **UnifiedInstallerDeviceAADJoinedHresult**  The result code after checking if device is AAD joined.
 - **UnifiedInstallerDeviceInDssPolicy**  Boolean indicating whether the device is found to be in a DSS policy.
 - **UnifiedInstallerDeviceInDssPolicyHresult**  The result code for checking whether the device is found to be in a DSS policy.
- **UnifiedInstallerDeviceIsAADJoined**  Boolean indicating whether a device is Azure Active Directory-joined.
+- **UnifiedInstallerDeviceIsAADJoined**  Boolean indicating whether a device is AADJ.
 - **UnifiedInstallerDeviceIsAdJoined**  Boolean indicating whether a device is AD joined.
 - **UnifiedInstallerDeviceIsAdJoinedHresult**  The result code for checking whether a device is AD joined.
 - **UnifiedInstallerDeviceIsEducationSku**  Boolean indicating whether a device is Education SKU.
@ -9579,8 +9695,8 @@ The following fields are available:
 - **UnifiedInstallerDeviceIsProSkuHresult**  The result code from checking whether a device is Pro SKU.
 - **UnifiedInstallerDeviceIsSccmManaged**  Boolean indicating whether a device is managed by Configuration Manager.
 - **UnifiedInstallerDeviceIsSccmManagedHresult**  The result code from checking whether a device is managed by Configuration Manager.
- **UnifiedInstallerDeviceWufbManaged**  Boolean indicating whether a device is Windows Update for Business managed.
+- **UnifiedInstallerDeviceWufbManaged**  Boolean indicating whether a device is Wufb managed.
- **UnifiedInstallerDeviceWufbManagedHresult**  The result code from checking whether a device is Windows Update for Business managed.
+- **UnifiedInstallerDeviceWufbManagedHresult**  The result code from checking whether a device is Wufb managed.
 - **UnifiedInstallerPlatformResult**  The result code from checking what platform type the device is.
 - **UnifiedInstallerPlatformType**  The enum indicating the type of platform detected.
 - **UnifiedInstUnifiedInstallerDeviceIsHomeSkuHresultllerDeviceIsHomeSku**  The result code from checking whether a device is Home SKU.
@ -9647,7 +9763,7 @@ The following fields are available:
 ### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceBlockedByNoDSSJoin
-This event is sent when the device is not joined to Azure Active Directory. The data collected with this event is used to help keep Windows up to date and secure.
+This event is sent when the device is not joined to AAD. The data collected with this event is used to help keep Windows up to date and secure.
 The following fields are available:
@ -9667,6 +9783,16 @@ The following fields are available:
 - **PackageVersion**  Current package version of remediation.
 ### Microsoft.Windows.WindowsUpdate.RUXIM.ICOInteractionCampaignComplete
 This event is generated whenever a RUXIM user interaction campaign becomes complete. The data collected with this event is used to help keep Windows up to date and performing properly.
 The following fields are available:
 - **InteractionCampaignID**  GUID identifying the interaction campaign that became complete.
 - **ResultId**  The final result of the interaction campaign.
 ### Microsoft.Windows.WindowsUpdate.RUXIM.ICSEvaluateInteractionCampaign
 This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) finishes processing an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
@ -9811,7 +9937,7 @@ This event sends data specific to the FixAppXReparsePoints mitigation used for O
 The following fields are available:
- **ClientId**  In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **ClientId**  In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
 - **FlightId**  Unique GUID that identifies each instances of setuphost.exe.
 - **InstanceId**  Unique GUID that identifies each instances of setuphost.exe.
 - **MitigationScenario**  The update scenario in which the mitigation was executed.
@ -9833,7 +9959,7 @@ This event sends data specific to the FixupEditionId mitigation used for OS upda
 The following fields are available:
- **ClientId**  In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **ClientId**  In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
 - **EditionIdUpdated**  Determine whether EditionId was changed.
 - **FlightId**  Unique identifier for each flight.
 - **InstanceId**  Unique GUID that identifies each instances of setuphost.exe.
@ -9856,7 +9982,7 @@ This event sends data specific to the FixupWimmountSysPath mitigation used for O
 The following fields are available:
- **ClientId**  In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **ClientId**  In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
 - **FlightId**  Unique identifier for each flight.
 - **ImagePathDefault**  Default path to wimmount.sys driver defined in the system registry.
 - **ImagePathFixedup**  Boolean indicating whether the wimmount.sys driver path was fixed by this mitigation.
@ -9983,6 +10109,3 @@ The following fields are available:
 - **LicenseXuid**  If the license type is 1 (User), this field contains the XUID (Xbox User ID) of the registered owner of the license.
 - **ProductGuid**  The Xbox product GUID (Globally-Unique ID) of the application.
 - **UserId**  The XUID (Xbox User ID) of the current user.
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@ -1,21 +1,19 @@
 ---
 title: Changes to Windows diagnostic data collection
 description: This article provides information on changes to Windows diagnostic data collection Windows 10 and Windows 11.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: conceptual
 ms.topic: article
 ms.date: 11/29/2021
 ms.technology: privacy
 ---
 # Changes to Windows diagnostic data collection
 **Applies to**
- Windows 11
+- Windows 11, version 21H2 and later
 - Windows 10, version 1903 and later
 - Windows Server 2022
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@ -1,17 +1,14 @@
 ---
 description: Use this article to make informed decisions about how you can configure Windows diagnostic data in your organization.
 title: Configure Windows diagnostic data in your organization (Windows 10 and Windows 11)
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection:
+ms.collection: highpri
-  - M365-security-compliance
+ms.topic: conceptual
  - highpri
 ms.topic: article
 ms.date: 11/29/2021
 ms.technology: privacy
 ---
 # Configure Windows diagnostic data in your organization
--- a/windows/privacy/diagnostic-data-viewer-overview.md
+++ b/windows/privacy/diagnostic-data-viewer-overview.md
@ -1,25 +1,22 @@
 ---
 title: Diagnostic Data Viewer Overview (Windows 10 and Windows 11)
 description: Use this article to use the Diagnostic Data Viewer application to review the diagnostic data sent to Microsoft by your device.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection:
+ms.collection: highpri
-  - M365-security-compliance
+ms.topic: how-to
  - highpri
 ms.topic: article
 ms.date: 11/29/2021
 ms.reviewer:
 ms.technology: privacy 
 ---
 # Diagnostic Data Viewer Overview
 **Applies to**
-   Windows 10, version 1803 and later and Windows 11
+- Windows 11, version 21H2 and later  
 - Windows 10, version 1803 and later
 ## Introduction
--- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
+++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
@ -1,16 +1,13 @@
 ---
 title: Enhanced diagnostic data required by Windows Analytics (Windows 10)
 description: Use this article to learn more about the limit enhanced diagnostic data events policy used by Desktop Analytics
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 11/29/2021
 ms.reviewer:
 ms.technology: privacy 
 ---
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@ -1,22 +1,21 @@
 ---
 title: Essential services and connected experiences for Windows
 description: Explains what the essential services and connected experiences are for Windows
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
 ms.technology: privacy
 ms.date: 11/24/2021
 ms.collection: highpri
-
+ms.topic: reference
 ---
 # Essential services and connected experiences for Windows
 **Applies to**
- Windows 11
+- Windows 11, version 21H2 and later
 - Windows 10, version 1903 and later
 Windows includes features that connect to the internet to provide enhanced experiences and additional service-based capabilities. These features are called connected experiences. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
@ -36,37 +35,38 @@ Although enterprise admins can turn off most essential services, we recommend, w
 | **Essential service** | **Description** |
 | --- | --- |
-|Authentication|The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in. <br/>To turn it off, see [Microsoft Account](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#12-microsoft-account).|
+|Authentication|The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in. <br/><br/>To turn it off, see [Microsoft Account](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#12-microsoft-account).|
-|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism. <br/>If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device. <br/>To turn it off, see [Automatic Root Certificates Update](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update).|
+|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism. <br/><br/>If automatic updates are turned off, applications and websites may stop working because they didn't receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device. <br/><br/>To turn it off, see [Automatic Root Certificates Update](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update).|
-| Services Configuration | Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working. <br/>To turn it off, see [Services Configuration](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#31-services-configuration).|
+| Services Configuration | Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working. <br/><br/>To turn it off, see [Services Configuration](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#31-services-configuration).|
-| Licensing | Licensing services are used for the activation of Windows, and apps purchased from the Microsoft Store. If you disable the Windows License Manager Service or the Software Protection Platform Service, it may prevent activation of genuine Windows and store applications. <br/>To turn off licensing services, see [License Manager](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#9-license-manager) and [Software Protection Platform](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#19-software-protection-platform).|
+| Licensing | Licensing services are used for the activation of Windows, and apps purchased from the Microsoft Store. If you disable the Windows License Manager Service or the Software Protection Platform Service, it may prevent activation of genuine Windows and store applications. <br/><br/>To turn off licensing services, see [License Manager](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#9-license-manager) and [Software Protection Platform](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#19-software-protection-platform).|
-| Networking | Networking in Windows provides connectivity to and from your devices to the local intranet and internet. If you turn off networking, Windows devices will lose network connectivity. <br/>To turn off Network Adapters, see [Disable-NetAdapter](/powershell/module/netadapter/disable-netadapter).|
+| Networking | Networking in Windows provides connectivity to and from your devices to the local intranet and internet. If you turn off networking, Windows devices will lose network connectivity. <br/><br/>To turn off Network Adapters, see [Disable-NetAdapter](/powershell/module/netadapter/disable-netadapter).|
-| Device setup | The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed. <br/>To customize the initial setup experience, see [Customize Setup](/windows-hardware/customize/desktop/customize-oobe).|
+| Device setup | The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed. <br/><br/>To customize the initial setup experience, see [Customize Setup](/windows-hardware/customize/desktop/customize-oobe).|
-| Diagnostic Data | Microsoft collects diagnostic data including error data about your devices with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behaves in the real world, focus on user priorities, find and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality will not be available to Microsoft. <br/>To turn it off, see [Telemetry Services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics).|
+| Diagnostic Data | Microsoft collects diagnostic data including error data about your devices with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behaves in the real world, focus on user priorities, find and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality won't be available to Microsoft. <br/><br/>To turn it off, see [Telemetry Services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics).|
-| Update | Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users download apps from the Microsoft Store and keep them up to date. Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/>Other services like Device metadata retrieval and Font streaming also ensure that the content on your devices is kept up to date. <br/>To turn off updates, see [Windows Update](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update), [Device Metadata Retrieval](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#4-device-metadata-retrieval), and [Font Streaming](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#6-font-streaming).|
+| Update | Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users to download apps from the Microsoft Store and keep them up to date. Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/><br/>Other services like Device metadata retrieval and Font streaming also ensure that the content on your devices is kept up to date. <br/><br/>To turn off updates, see [Windows Update](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update), [Device Metadata Retrieval](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#4-device-metadata-retrieval), and [Font Streaming](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#6-font-streaming).|
-| Microsoft Store | Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps. <br/>To turn it off, see [Microsoft Store](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store).|
+| Microsoft Store | Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps. <br/><br/>To turn it off, see [Microsoft Store](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store).|
 |Device Management |Device management includes Mobile Device Management (MDM), which helps IT pros manage company security policies and business applications. A built-in management component can communicate with the management server. If this is turned off, the device may no longer be compliant with company policy and the user might lose access to company resources.<br/><br/> [Learn more about Mobile Device Management](../client-management/mdm-overview) |
 ## Windows connected experiences
 | **Connected experience** | **Description** |
 | --- | --- |
-|Activity History|Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user. Synchronization across devices only works when a user signs in with the same account. <br/>To turn it off, see [Activity History](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1822-activity-history). |
+|Activity History|Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user. Synchronization across devices only works when a user signs in with the same account. <br/><br/>To turn it off, see [Activity History](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1822-activity-history). |
-|Cloud Clipboard|Cloud Clipboard enables users to copy images and text across all Windows devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.<br/>To turn it off, see [Cloud Clipboard](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#30-cloud-clipboard). |
+|Cloud Clipboard|Cloud Clipboard enables users to copy images and text across all Windows devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.<br/><br/>To turn it off, see [Cloud Clipboard](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#30-cloud-clipboard). |
-| Date and Time | The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It's installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start. <br/>To turn it off, see [Date and Time](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time). |
+| Date and Time | The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It's installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start. <br/><br/>To turn it off, see [Date and Time](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time). |
-| Delivery Optimization | Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources, such as other peers on the network, in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date. <br/>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet. By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network. <br/>To turn it off, see [Delivery Optimization](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization). |
+| Delivery Optimization | Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources, such as other peers on the network, in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date. <br/><br/>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet. By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network. <br/><br/>To turn it off, see [Delivery Optimization](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization). |
-| Emojis and more | The Emoji and more menu allows users to insert a variety of content like emoji, kaomoji, GIFs, symbols, and clipboard history. This connected experience is new in Windows 11. <br/>To turn it off, see [Emojis availability](/windows/client-management/mdm/policy-csp-textinput). |
+| Emojis and more | The Emoji and more menu allows users to insert a variety of content like emoji, kaomoji, GIFs, symbols, and clipboard history. This connected experience is new in Windows 11. <br/><br/>To turn it off, see [Emojis availability](/windows/client-management/mdm/policy-csp-textinput). |
-| Find My Device | Find My Device is a feature that can help users locate their Windows device if it's lost or stolen. This feature only works if a Microsoft account is used to sign in to the device, the user is an administrator on the device, and when location is turned on for the device. Users can find their device by logging in to [https://account.microsoft.com/devices](https://account.microsoft.com/devices) under the Find My Device tab. <br/>To turn it off, see [Find My Device](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device). |
+| Find My Device | Find My Device is a feature that can help users locate their Windows device if it's lost or stolen. This feature only works if a Microsoft account is used to sign in to the device, the user is an administrator on the device, and when location is turned on for the device. Users can find their device by logging in to [https://account.microsoft.com/devices](https://account.microsoft.com/devices) under the Find My Device tab. <br/><br/>To turn it off, see [Find My Device](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device). |
-| Location services | The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely. <br/>To turn it off, see [Location services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location). |
+| Location services | The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely. <br/><br/>To turn it off, see [Location services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location). |
-| Microsoft Defender Antivirus | Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization. Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/>To turn it off, see [Microsoft Defender Antivirus](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-defender). |
+| Microsoft Defender Antivirus | Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization. Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/><br/>To turn it off, see [Microsoft Defender Antivirus](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-defender). |
-| Microsoft Defender SmartScreen | Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files. Turning off Microsoft Defender SmartScreen means you cannot block a website or warn users they may be accessing a malicious site. <br/>To turn it off, see [Microsoft Defender SmartScreen](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-microsoft-defender-smartscreen). |
+| Microsoft Defender SmartScreen | Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files. Turning off Microsoft Defender SmartScreen means you can't block a website or warn users they may be accessing a malicious site.<br/> <br/>To turn it off, see [Microsoft Defender SmartScreen](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-microsoft-defender-smartscreen). |
-| OneDrive | OneDrive is a cloud storage system that allows you to save your files and photos, and access them from any device, anywhere. <br/>To turn off OneDrive, see [OneDrive](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#16-onedrive). |
+| OneDrive | OneDrive is a cloud storage system that allows you to save your files and photos, and access them from any device, anywhere. <br/><br/>To turn off OneDrive, see [OneDrive](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#16-onedrive). |
-| Troubleshooting Service | Windows troubleshooting service will automatically fix critical issues like corrupt settings that keep critical services from running. The service will also make adjustments to work with your hardware, or make other specific changes required for Windows to operate with the hardware, apps, and settings you’ve selected. In addition, it will recommend troubleshooting for other problems that aren’t critical to normal Windows operation but might impact your experience. <br/>To turn it off, see [Troubleshooting service](/windows/client-management/mdm/policy-csp-troubleshooting). |
+| Troubleshooting Service | Windows troubleshooting service will automatically fix critical issues like corrupt settings that keep critical services from running. The service will also make adjustments to work with your hardware, or make other specific changes required for Windows to operate with the hardware, apps, and settings you’ve selected. In addition, it will recommend troubleshooting for other problems that aren’t critical to normal Windows operation but might impact your experience. <br/><br/>To turn it off, see [Troubleshooting service](/windows/client-management/mdm/policy-csp-troubleshooting). |
-| Voice Typing | Voice typing (also referred to as Windows dictation in earlier versions of Windows) allows users to write text by speaking by using Microsoft’s online speech recognition technology. <br/>To turn it off, see [Speech recognition](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#186-speech). |
+| Voice Typing | Voice typing (also referred to as Windows dictation in earlier versions of Windows) allows users to write text by speaking by using Microsoft’s online speech recognition technology. <br/><br/>To turn it off, see [Speech recognition](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#186-speech). |
-| Windows backup | When settings synchronization is turned on, a user's settings are synced across all Windows devices when they sign in with the same account. <br/>To turn it off, see [Sync your settings](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-sync-your-settings). |
+| Windows backup | When settings synchronization is turned on, a user's settings are synced across all Windows devices when they sign in with the same account. <br/><br/>To turn it off, see [Sync your settings](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-sync-your-settings). |
 | Windows Dashboard Widgets | Windows Dashboard widget is a dynamic view that shows users personalized content like news, weather, their calendar and to-do list, and recent photos. It provides a quick glance view, which allows users to be productive without needing to go to multiple apps or websites. This connected experience is new in Windows 11. |
-| Windows Insider Program | The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to builds of Windows. Once you've registered for the program, you can run Insider Preview builds on as many devices as you want, each in the channel of your choice. Learn how to join the Windows Insider program by visiting the program’s [website](https://insider.windows.com/). <br/>To turn it off, see [Windows Insider Program](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#7-insider-preview-builds). |
+| Windows Insider Program | The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to builds of Windows. Once you've registered for the program, you can run Insider Preview builds on as many devices as you want, each in the channel of your choice. Learn how to join the Windows Insider program by visiting the program’s [website](https://insider.windows.com/). <br/><br/>To turn it off, see [Windows Insider Program](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#7-insider-preview-builds). |
-| Windows Search | Windows Search lets users use the search box on the taskbar to find what they are looking for, whether it’s on their device, in the cloud, or on the web. Windows Search can provide results for items from the device (including apps, settings, and files), the users account (including OneDrive, SharePoint, and other Microsoft services), and the internet. <br/>To turn it off, see [Windows Search](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#2-cortana-and-search). |
+| Windows Search | Windows Search lets users use the search box on the taskbar to find what they're looking for, whether it’s on their device, in the cloud, or on the web. Windows Search can provide results for items from the device (including apps, settings, and files), the users account (including OneDrive, SharePoint, and other Microsoft services), and the internet. <br/><br/>To turn it off, see [Windows Search](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#2-cortana-and-search). |
-| Windows Spotlight | Windows Spotlight displays new background images on the lock screen each day. Additionally, it provides feature suggestions, fun facts, and tips on the lock screen background. <br/>Administrators can turn off Windows Spotlight features to prevent users from using the Windows Spotlight background. <br/>To turn it off, see [Windows Spotlight](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#25-windows-spotlight). |
+| Windows Spotlight | Windows Spotlight displays new background images on the lock screen each day. Additionally, it provides feature suggestions, fun facts, and tips on the lock screen background. <br/><br/>Administrators can turn off Windows Spotlight features to prevent users from using the Windows Spotlight background. <br/><br/>To turn it off, see [Windows Spotlight](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#25-windows-spotlight). |
 ## Microsoft Edge essential services and connected experiences
@ -81,11 +81,11 @@ Internet Explorer shares many of the Windows essential services listed above. Th
 | **Connected experience** | **Description** |
 | --- | --- |
-|ActiveX Filtering|ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without a user's permission.</br> ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps which, can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on. <br/>Note: To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls. |
+|ActiveX Filtering|ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without a user's permission.</br> ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps, which can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on. <br/>Note: To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls. |
 |Suggested Sites|Suggested Sites is an online experience that recommends websites, images, or videos a user might be interested in. When Suggested Sites is turned on, a user’s web browsing history is periodically sent to Microsoft.|
 | Address Bar and Search suggestions | With search suggestions enabled, users will be offered suggested search terms as they type in the Address Bar. As users type information, it will be sent to the default search provider. |
 | Auto-complete feature for web addresses | The auto-complete feature suggests possible matches when users are typing web addresses in the browser address bar. |
-| Compatibility logging | This feature is designed for use by developers and IT professionals to determine the compatibility of their websites with Internet Explorer. It is disabled by default and needs to be enabled to start logging Internet Explorer events in the Windows Event Viewer. These events describe failures that might have happened on the site and can include information about specific controls and webpages that failed. |
+| Compatibility logging | This feature is designed for use by developers and IT professionals to determine the compatibility of their websites with Internet Explorer. It's disabled by default and needs to be enabled to start logging Internet Explorer events in the Windows Event Viewer. These events describe failures that might have happened on the site and can include information about specific controls and webpages that failed. |
 | Compatibility View | Compatibility View helps make websites designed for older browsers look better when viewed in Internet Explorer. The compatibility view setting allows you to choose whether an employee can fix website display problems they encounter while browsing. |
 | Flip ahead | Flip ahead enables users to flip through web content quickly by swiping across the page or by clicking forward. When flip ahead is turned on, web browsing history is periodically sent to Microsoft. If you turn off this setting, users will no longer be able swipe across a screen or click forward to go to the next pre-loaded page of a website. |
 | Web Slices | A Web Slice enables users to subscribe to and automatically receive updates to content directly within a web page. Disabling the RSS Feeds setting will turn off background synchronization for feeds and Web Slices. |
--- a/windows/privacy/index.yml
+++ b/windows/privacy/index.yml
@ -7,12 +7,9 @@ brand: m365
 metadata:
  title: Windows Privacy
  description: Learn about how privacy is managed in Windows.
-  services: windows
+  ms.prod: windows-client
  ms.prod: windows
  ms.topic: hub-page # Required
-  ms.collection:
+  ms.collection: highpri
    - M365-security-compliance
    - highpri
  author: DHB-MSFT
  ms.author: danbrown
  manager: dougeby
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
@ -1,13 +1,13 @@
 ---
 title: Manage connections from Windows operating system components to Microsoft services using Microsoft Intune MDM Server
 description: Use MDM CSPs to minimize connections from Windows to Microsoft services, or to configure particular privacy settings.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.date: 11/29/2021
+ms.topic: conceptual
 ms.technology: privacy
 ---
 # Manage connections from Windows 10 and Windows 11 operating system components to Microsoft services using Microsoft Intune MDM Server
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@ -1,18 +1,14 @@
 ---
 title: Manage connections from Windows 10 and Windows 11 Server/Enterprise editions operating system components to Microsoft services
 description: Learn how to minimize connections from Windows to Microsoft services, and configure particular privacy settings related to these connections.
-ms.reviewer:
+ms.prod: windows-client
-ms.prod: m365-security
+ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection:
+ms.collection: highpri
-  - M365-security-compliance
+ms.topic: conceptual
  - highpri
 ms.topic: article
 ms.date: 12/14/2021
 ms.technology: privacy
 ---
 # Manage connections from Windows 10 and Windows 11 operating system components to Microsoft services
--- a/windows/privacy/manage-windows-11-endpoints.md
+++ b/windows/privacy/manage-windows-11-endpoints.md
@ -1,15 +1,13 @@
 ---
 title: Connection endpoints for Windows 11 Enterprise
 description: Explains what Windows 11 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 11.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 11/29/2021
 ms.technology: privacy
 ---
 # Manage connection endpoints for Windows 11 Enterprise
--- a/windows/privacy/manage-windows-1809-endpoints.md
+++ b/windows/privacy/manage-windows-1809-endpoints.md
@ -1,17 +1,13 @@
 ---
 title: Connection endpoints for Windows 10, version 1809
 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1809.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 11/29/2021
 ms.reviewer: 
 ms.technology: privacy
 ---
 # Manage connection endpoints for Windows 10 Enterprise, version 1809
--- a/windows/privacy/manage-windows-1903-endpoints.md
+++ b/windows/privacy/manage-windows-1903-endpoints.md
@ -1,15 +1,13 @@
 ---
 title: Connection endpoints for Windows 10 Enterprise, version 1903
 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1903.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 11/29/2021
 ms.technology: privacy
 ---
 # Manage connection endpoints for Windows 10 Enterprise, version 1903
--- a/windows/privacy/manage-windows-1909-endpoints.md
+++ b/windows/privacy/manage-windows-1909-endpoints.md
@ -1,15 +1,13 @@
 ---
 title: Connection endpoints for Windows 10 Enterprise, version 1909
 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1909.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 11/29/2021
 ms.technology: privacy
 ---
 # Manage connection endpoints for Windows 10 Enterprise, version 1909
--- a/windows/privacy/manage-windows-2004-endpoints.md
+++ b/windows/privacy/manage-windows-2004-endpoints.md
@ -1,15 +1,13 @@
 ---
 title: Connection endpoints for Windows 10 Enterprise, version 2004
 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 2004.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 11/29/2021
 ms.technology: privacy
 ---
 # Manage connection endpoints for Windows 10 Enterprise, version 2004
--- a/windows/privacy/manage-windows-20H2-endpoints.md
+++ b/windows/privacy/manage-windows-20H2-endpoints.md
@ -1,15 +1,13 @@
 ---
 title: Connection endpoints for Windows 10 Enterprise, version 20H2
 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 20H2.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 11/29/2021
 ms.technology: privacy
 ---
 # Manage connection endpoints for Windows 10 Enterprise, version 20H2
--- a/windows/privacy/manage-windows-21H1-endpoints.md
+++ b/windows/privacy/manage-windows-21H1-endpoints.md
@ -1,15 +1,13 @@
 ---
 title: Connection endpoints for Windows 10 Enterprise, version 21H1
 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 21H1.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 11/29/2021
 ms.technology: privacy
 ---
 # Manage connection endpoints for Windows 10 Enterprise, version 21H1
--- a/windows/privacy/manage-windows-21h2-endpoints.md
+++ b/windows/privacy/manage-windows-21h2-endpoints.md
@ -1,15 +1,13 @@
 ---
 title: Connection endpoints for Windows 10 Enterprise, version 21H2
 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 21H2.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 11/29/2021
 ms.technology: privacy
 ---
 # Manage connection endpoints for Windows 10 Enterprise, version 21H2
--- a/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md
+++ b/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md
@ -2,15 +2,13 @@
 description: Learn more about the Windows 11, version 22H2 diagnostic data gathered.
 title: Required diagnostic events and fields for Windows 11, version 22H2
 keywords: privacy, telemetry
-ms.prod: w10
+ms.prod: windows-client
 ms.technology: itpro-privacy
 localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 audience: ITPro
 ms.date: 09/20/2022
 ---
@ -29,7 +27,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 You can learn more about Windows functional and diagnostic data through these articles:
 - [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
- [Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
 - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
 - [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
 - [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
@ -40,6 +38,7 @@ You can learn more about Windows functional and diagnostic data through these ar
 ## Appraiser events
 ### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
@ -187,7 +186,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
 The following fields are available:
 - **AppraiserVersion**  The version of the appraiser file generating the events.
 - **SdbEntries**  Deprecated in RS3.
 ### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockRemove
@ -210,7 +208,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
 The following fields are available:
 - **AppraiserVersion**  The version of the appraiser file generating the events.
 - **SdbEntries**  Deprecated in RS3.
 ### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd
@ -222,7 +219,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
 The following fields are available:
 - **AppraiserVersion**  The version of the Appraiser file generating the events.
 - **SdbEntries**  Deprecated in RS3.
 ### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosStartSync
@ -966,9 +962,9 @@ The following fields are available:
 - **IsMDMEnrolled**  Whether the device has been MDM Enrolled or not.
 - **MDMServiceProvider**  A hash of the specific MDM authority, such as Microsoft Intune, that is managing the device.
 - **MPNId**  Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment.
+- **SCCMClientId**  This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an enterprise Configuration Manager environment.
 - **ServerFeatures**  Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID**  The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier
+- **SystemCenterID**  The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
 ### Census.Memory
@ -1039,7 +1035,7 @@ The following fields are available:
 - **ServiceMachineIP**  Retrieves the IP address of the KMS host used for anti-piracy.
 - **ServiceMachinePort**  Retrieves the port of the KMS host used for anti-piracy.
 - **ServiceProductKeyID**  Retrieves the License key of the KMS
- **SharedPCMode**  Returns Boolean for education devices used as shared cart
+- **SharedPCMode**  Returns Boolean for devices that have enabled the configuration EnableSharedPCMode.
 - **Signature**  Retrieves if it is a signature machine sold by Microsoft store.
 - **SLICStatus**  Whether a SLIC table exists on the device.
 - **SLICVersion**  Returns OS type/version from SLIC table.
@ -1108,6 +1104,12 @@ The following fields are available:
 - **Language**  String containing the incompatible language pack detected.
 ### MicrosoftWindowsCodeIntegrityTraceLoggingProvider.CodeIntegrityHvciSysprepHvciAlreadyEnabled
 This event fires when HVCI is already enabled so no need to continue auto-enablement.
 ## Common data extensions
 ### Common Data Extensions.app
@ -1270,6 +1272,7 @@ The following fields are available:
 - **uts**  A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts.
 - **xid**  A list of base10-encoded XBOX User IDs.
 ## Common data fields
 ### Ms.Device.DeviceInventoryChange
@ -1283,6 +1286,7 @@ The following fields are available:
 - **objectInstanceId**  Object identity which is unique within the device scope.
 - **objectType**  Indicates the object type that the event applies to.
 - **syncId**  A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
 ## Component-based servicing events
@ -2151,6 +2155,22 @@ The following fields are available:
 - **requestUid**  A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''.
 ### Microsoft.Edge.Crashpad.HangEvent
 This event sends simple Product and Service Performance data on a hanging/frozen Microsoft Edge browser process to help mitigate future instances of the hang.
 The following fields are available:
 - **app_name**  The name of the hanging process.
 - **app_session_guid**  Encodes the boot session, process, and process start time.
 - **app_version**  The version of the hanging process.
 - **client_id_hash**  Hash of the browser client id to help identify the installation.
 - **etag**  Identifier to help identify running browser experiments.
 - **hang_source**  Identifies how the hang was detected.
 - **process_type**  The type of the hanging browser process, for example, gpu-process, renderer, etc.
 - **stack_hash**  A hash of the hanging stack. Currently not used or set to zero.
 ## OneSettings events
 ### Microsoft.Windows.OneSettingsClient.Status
@ -2175,122 +2195,6 @@ The following fields are available:
 - **resultCode**  HR result of the cancellation.
 ## Other events
 ### Microsoft.Edge.Crashpad.HangEvent
 This event sends simple Product and Service Performance data on a hanging/frozen Microsoft Edge browser process to help mitigate future instances of the hang.
 The following fields are available:
 - **app_name**  The name of the hanging process.
 - **app_session_guid**  Encodes the boot session, process, and process start time.
 - **app_version**  The version of the hanging process.
 - **client_id_hash**  Hash of the browser client id to help identify the installation.
 - **etag**  Identifier to help identify running browser experiments.
 - **hang_source**  Identifies how the hang was detected.
 - **process_type**  The type of the hanging browser process, for example, gpu-process, renderer, etc.
 - **stack_hash**  A hash of the hanging stack. Currently not used or set to zero.
 ### Microsoft.Gaming.Critical.Error
 Common error event used by the Gaming Telemetry Library to provide centralized monitoring for critical errors logged by callers using the library.
 The following fields are available:
 - **callStack**  List of active subroutines running during error occurrence.
 - **componentName**  Friendly name meant to represent what feature area this error should be attributed to. Used for aggregations and pivots of data.
 - **customAttributes**  List of custom attributes.
 - **errorCode**  Error code.
 - **extendedData**  JSON blob representing additional, provider-level properties common to the component.
 - **featureName**  Friendly name meant to represent which feature this should be attributed to.
 - **identifier**  Error identifier.
 - **message**  Error message.
 - **properties**  List of properties attributed to the error.
 ### Microsoft.Gaming.Critical.ProviderRegistered
 Indicates that a telemetry provider has been registered with the Gaming Telemetry Library.
 The following fields are available:
 - **providerNamespace**  The telemetry Namespace for the registered provider.
 ### Microsoft.Gaming.OOBE.HDDBackup
 This event describes whether an External HDD back up has been found.
 The following fields are available:
 - **backupVersion**  version number of backup.
 - **extendedData**  JSON blob representing additional, provider-level properties common to the component.
 - **hasConsoleSettings**  Indicates whether the console settings stored.
 - **hasUserSettings**  Indicates whether the user settings stored.
 - **hasWirelessProfile**  Indicates whether the wireless profile stored.
 - **hddBackupFound**  Indicates whether hdd backup is found.
 - **osVersion**  Operating system version.
 ### Microsoft.Gaming.OOBE.OobeComplete
 This event is triggered when OOBE activation is complete.
 The following fields are available:
 - **allowAutoUpdate**  Allows auto update.
 - **allowAutoUpdateApps**  Allows auto update for apps.
 - **appliedTransferToken**  Applied transfer token.
 - **connectionType**  Connection type.
 - **curSessionId**  Current session id.
 - **extendedData**  JSON blob representing additional, provider-level properties common to the component.
 - **instantOn**  Instant on.
 - **moobeAcceptedState**  Moobe accepted state.
 - **phaseOneElapsedTimeMs**  Total elapsed time in milliseconds for phase 1.
 - **phaseOneVersion**  Version of phase 1.
 - **phaseTwoElapsedTimeMs**  Total elapsed time in milliseconds for phase 2.
 - **phaseTwoVersion**  Version of phase 2.
 - **systemUpdateRequired**  Indicates whether a system update required.
 - **totalElapsedTimeMs**  Total elapsed time in milliseconds of all phases.
 - **usedCloudBackup**  Indicates whether cloud backup is used.
 - **usedHDDBackup**  Indicates whether HDD backup is used.
 - **usedOffConsole**  Indicates whether off console is used.
 ### Microsoft.Gaming.OOBE.SessionStarted
 This event is sent at the start of OOBE session.
 The following fields are available:
 - **customAttributes**  customAttributes.
 - **extendedData**  extendedData.
 ### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState
 This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date.
 The following fields are available:
 - **CV**  The correlation vector.
 - **GlobalEventCounter**  The global event counter for all telemetry on the device.
 - **UpdateAssistantStateDownloading**  True at the start Downloading.
 - **UpdateAssistantStateInitializingApplication**  True at the start of the state InitializingApplication.
 - **UpdateAssistantStateInitializingStates**  True at the start of InitializingStates.
 - **UpdateAssistantStateInstalling**  True at the start of Installing.
 - **UpdateAssistantStatePostInstall**  True at the start of PostInstall.
 - **UpdateAssistantVersion**  Current package version of UpdateAssistant.
 ### MicrosoftWindowsCodeIntegrityTraceLoggingProvider.CodeIntegrityHvciSysprepHvciAlreadyEnabled
 This event fires when HVCI is already enabled so no need to continue auto-enablement.
 ## Privacy consent logging events
 ### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
@ -2480,6 +2384,24 @@ The following fields are available:
 - **UpdateAttempted**  Indicates if installation of the current update has been attempted before.
 ## Update Assistant events
 ### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState
 This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date.
 The following fields are available:
 - **CV**  The correlation vector.
 - **GlobalEventCounter**  The global event counter for all telemetry on the device.
 - **UpdateAssistantStateDownloading**  True at the start Downloading.
 - **UpdateAssistantStateInitializingApplication**  True at the start of the state InitializingApplication.
 - **UpdateAssistantStateInitializingStates**  True at the start of InitializingStates.
 - **UpdateAssistantStateInstalling**  True at the start of Installing.
 - **UpdateAssistantStatePostInstall**  True at the start of PostInstall.
 - **UpdateAssistantVersion**  Current package version of UpdateAssistant.
 ## Update events
 ### Update360Telemetry.UpdateAgentDownloadRequest
@ -3400,7 +3322,6 @@ The following fields are available:
 This event is derived event results for the LaunchPageDuration scenario.
 ### Microsoft.Windows.WindowsUpdate.RUXIM.ICSExit
 This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
@ -3454,6 +3375,3 @@ The following fields are available:
 - **SessionId**  The UpdateAgent “SessionId” value.
 - **UpdateId**  Unique identifier for the Update.
 - **WuId**  Unique identifier for the Windows Update client.
--- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
+++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
--- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
+++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
--- a/windows/privacy/toc.yml
+++ b/windows/privacy/toc.yml
@ -15,21 +15,21 @@
          href: Microsoft-DiagnosticDataViewer.md
    - name: Required Windows diagnostic data events and fields
      items: 
-        - name: Windows 11, version 22H2 required diagnostic events and fields
+        - name: Windows 11, version 22H2
          href: required-diagnostic-events-fields-windows-11-22H2.md
-        - name: Windows 11, version 21H2 required diagnostic events and fields
+        - name: Windows 11, version 21H2
          href: required-windows-11-diagnostic-events-and-fields.md
-        - name:  Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic data events and fields
+        - name: Windows 10, versions 22H2, 21H2, 21H1, 20H2, and 2004
          href: required-windows-diagnostic-data-events-and-fields-2004.md
-        - name: Windows 10, version 1909 and Windows 10, version 1903 required level Windows diagnostic events and fields
+        - name: Windows 10, versions 1909 and 1903
          href: basic-level-windows-diagnostic-events-and-fields-1903.md
-        - name: Windows 10, version 1809 required Windows diagnostic events and fields
+        - name: Windows 10, version 1809
          href: basic-level-windows-diagnostic-events-and-fields-1809.md
-        - name: Windows 10, version 1803 required Windows diagnostic events and fields
+        - name: Windows 10, version 1803
          href: basic-level-windows-diagnostic-events-and-fields-1803.md
-        - name: Windows 10, version 1709 required Windows diagnostic events and fields
+        - name: Windows 10, version 1709
          href: basic-level-windows-diagnostic-events-and-fields-1709.md
-        - name: Windows 10, version 1703 required Windows diagnostic events and fields
+        - name: Windows 10, version 1703
          href: basic-level-windows-diagnostic-events-and-fields-1703.md
    - name: Optional Windows diagnostic data events and fields
      items:
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@ -1,15 +1,13 @@
 ---
 title: Windows Privacy Compliance Guide
 description: This article provides information to help IT and compliance professionals understand the personal data policies as related to Windows.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: conceptual
 ms.topic: article
 ms.date: 12/01/2021
 ms.technology: privacy
 ---
 # Windows Privacy Compliance:<br />A Guide for IT and Compliance Professionals
--- a/windows/privacy/windows-11-endpoints-non-enterprise-editions.md
+++ b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md
@ -1,15 +1,13 @@
 ---
 title: Windows 11 connection endpoints for non-Enterprise editions
 description: Explains what Windows 11 endpoints are used in non-Enterprise editions. Specific to Windows 11.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 12/01/2021
 ms.technology: privacy
 ---
 # Windows 11 connection endpoints for non-Enterprise editions
--- a/windows/privacy/windows-diagnostic-data-1703.md
+++ b/windows/privacy/windows-diagnostic-data-1703.md
@ -1,16 +1,13 @@
 ---
 title: Windows 10 diagnostic data for the Full diagnostic data level (Windows 10)
 description: Use this article to learn about the types of data that is collected the Full diagnostic data level.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 12/01/2021
 ms.reviewer: 
 ms.technology: privacy
 ---
 # Windows 10 diagnostic data for the Full diagnostic data level
--- a/windows/privacy/windows-diagnostic-data.md
+++ b/windows/privacy/windows-diagnostic-data.md
@ -1,24 +1,22 @@
 ---
 title: Windows 10, version 1709 and Windows 11 and later optional diagnostic data (Windows 10)
 description: Use this article to learn about the types of optional diagnostic data that is collected.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection:
+ms.collection: highpri
-  - M365-security-compliance
+ms.topic: reference
  - highpri
 ms.topic: article
 ms.reviewer:
 ms.technology: privacy 
 ---
 # Windows 10, version 1709 and later and Windows 11 optional diagnostic data
 Applies to:
- Windows 11
+- Windows 11, version 22H2
 - Windows 11, version 21H2
 - Windows 10, version 22H2
 - Windows 10, version 21H2
 - Windows 10, version 21H1
 - Windows 10, version 20H2
--- a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
@ -1,16 +1,13 @@
 ---
 title: Windows 10, version 1809, connection endpoints for non-Enterprise editions
 description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1809.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 12/01/2021
 ms.reviewer: 
 ms.technology: privacy
 ---
 # Windows 10, version 1809, connection endpoints for non-Enterprise editions
--- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
@ -1,15 +1,13 @@
 ---
 title: Windows 10, version 1903, connection endpoints for non-Enterprise editions
 description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1903.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 12/01/2021
 ms.technology: privacy
 ---
 # Windows 10, version 1903, connection endpoints for non-Enterprise editions
--- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
@ -1,15 +1,13 @@
 ---
 title: Windows 10, version 1909, connection endpoints for non-Enterprise editions
 description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1909.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 12/01/2021
 ms.technology: privacy
 ---
 # Windows 10, version 1909, connection endpoints for non-Enterprise editions
--- a/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md
@ -1,15 +1,13 @@
 ---
 title: Windows 10, version 2004, connection endpoints for non-Enterprise editions
 description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 2004.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 12/01/2021
 ms.technology: privacy
 ---
 # Windows 10, version 2004, connection endpoints for non-Enterprise editions
--- a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
@ -1,15 +1,13 @@
 ---
 title: Windows 10, version 20H2, connection endpoints for non-Enterprise editions
 description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 20H2.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 12/01/2021
 ms.technology: privacy
 ---
 # Windows 10, version 20H2, connection endpoints for non-Enterprise editions
--- a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md
@ -1,15 +1,13 @@
 ---
 title: Windows 10, version 21H1, connection endpoints for non-Enterprise editions
 description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 21H1.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
 manager: dougeby
-ms.collection: M365-security-compliance
+ms.topic: reference
 ms.topic: article
 ms.date: 12/01/2021
 ms.technology: privacy
 ---
 # Windows 10, version 21H1, connection endpoints for non-Enterprise editions
--- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
+++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
@ -69,7 +69,7 @@ If the error occurs again, check the error code against the following table to s
 | 0x801C044D | Authorization token does not contain device ID.                    | Unjoin the device from Azure AD and rejoin. |
 |            | Unable to obtain user token.                                       | Sign out and then sign in again. Check network and credentials. |
 | 0x801C044E | Failed to receive user credentials input.                          | Sign out and then sign in again. |
-| 0xC00000BB | Your PIN or this option is temporarily unavailable.                | The destination domain controller doesn't support the login method. Most often the KDC service doesn't have the proper certificate to support the login. Another common cause can be the client can not verify the KDC certificate CRL. Use a different login method.|
+| 0xC00000BB | Your PIN or this option is temporarily unavailable.                | The destination domain controller doesn't support the login method. Most often the KDC service doesn't have the proper certificate to support the login. Another common cause can be the client cannot verify the KDC certificate CRL. Use a different login method.|
 ## Errors with unknown mitigation
@ -108,5 +108,5 @@ For errors listed in this table, contact Microsoft Support for assistance.
 - [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
 - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
 - [Windows Hello and password changes](hello-and-password-changes.md)
- [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
+- [Event ID 300 - Windows Hello successfully created](/troubleshoot/windows-client/user-profiles-and-logon/event-id-300-windows-hello-successfully-created-in-windows-10)
 - [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
--- a/windows/security/identity-protection/hello-for-business/hello-event-300.md
+++ b/windows/security/identity-protection/hello-for-business/hello-event-300.md
@ -41,5 +41,5 @@ This is a normal condition. No further action is required.
 - [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
 - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
 - [Windows Hello and password changes](hello-and-password-changes.md)
- [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
+- [Windows Hello errors during PIN creation](/troubleshoot/windows-client/user-profiles-and-logon/windows-hello-errors-during-pin-creation-in-windows-10)
 - [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@ -93,7 +93,7 @@ It's fundamentally important to understand which deployment model to use for a s
 A deployment's trust type defines how each Windows Hello for Business client authenticates to the on-premises Active Directory.  There are two trust types: key trust and certificate trust.
 > [!NOTE]
-> Windows Hello for Business introduced a new trust model called cloud Kerberos trust, in early 2022. This model enables deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD-joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see ./hello-hybrid-cloud-kerberos-trust.md.
+> Windows Hello for Business introduced a new trust model called cloud Kerberos trust, in early 2022. This model enables deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD-joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see [Hybrid Cloud Kerberos Trust Deployment](./hello-hybrid-cloud-kerberos-trust.md).
 The key trust type does not require issuing authentication certificates to end users. Users authenticate using a hardware-bound key created during the built-in provisioning experience. This requires an adequate distribution of Windows Server 2016 or later domain controllers relative to your existing authentication and the number of users included in your Windows Hello for Business deployment. Read the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
@ -349,4 +349,4 @@ If boxes **2a** or **2b** read **modern management** and you want devices to aut
 ## Congratulations, You're Done
-Your Windows Hello for Business planning worksheet should be complete.  This guide provided understanding of the components used in the Windows Hello for Business infrastructure and rationalization of why they are used.  The worksheet gives you an overview of the requirements needed to continue the next phase of the deployment.  With this worksheet, you'll be able to identify key elements of your Windows Hello for Business deployment.
+Your Windows Hello for Business planning worksheet should be complete.  This guide provided understanding of the components used in the Windows Hello for Business infrastructure and rationalization of why they are used.  The worksheet gives you an overview of the requirements needed to continue the next phase of the deployment.  With this worksheet, you'll be able to identify key elements of your Windows Hello for Business deployment.
--- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
@ -57,7 +57,7 @@ When the BitLocker Drive Encryption Wizard launches, it verifies the computer me
 |Operating system|BitLocker is an optional feature that can be installed by Server Manager on Windows Server 2012 and later.|
 |Hardware TPM|TPM version 1.2 or 2.0. <p> A TPM isn't required for BitLocker; however, only a computer with a TPM can provide the additional security of pre-startup system integrity verification and multifactor authentication.|
 |BIOS configuration|<li> A Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware.</li> <li> The boot order must be set to start first from the hard disk, and not the USB or CD drives.</li>  <li> The firmware must be able to read from a USB flash drive during startup.</li>|
-|File system|For computers that boot natively with UEFI firmware, at least one FAT32 partition for the system drive and one NTFS partition for the operating system drive. <br/> For computers with legacy BIOS firmware, at least two NTFS disk partitions, one for the system drive and one for the operating system drive. <br/> For either firmware, the system drive partition must be at least 350 megabytes (MB) and set as the active partition.|
+|File system| One FAT32 partition for the system drive and one NTFS partition for the operating system drive. This is applicable for computers that boot natively with UEFI firmware. <br/> For computers with legacy BIOS firmware, at least two NTFS disk partitions, one for the system drive and one for the operating system drive. <br/> For either firmware, the system drive partition must be at least 350 megabytes (MB) and set as the active partition.|
 |Hardware encrypted drive prerequisites (optional)|To use a hardware encrypted drive as the boot drive, the drive must be in the uninitialized state and in the security inactive state. In addition, the system must always boot with native UEFI version 2.3.1 or higher and the CSM (if any) disabled.|
 Upon passing the initial configuration, users are required to enter a password for the volume. If the volume doesn't pass the initial configuration for BitLocker, the user is presented with an error dialog describing the appropriate actions to be taken.
@ -109,7 +109,7 @@ The following table shows the compatibility matrix for systems that have been Bi
 Table 1: Cross compatibility for Windows 11, Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes
 |Encryption Type|Windows 11, Windows 10, and Windows 8.1|Windows 8|Windows 7|
-|--- |--- |--- |--- |
+|---|---|---|---|
 |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted|
 |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted|
 |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A|
--- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
@ -82,9 +82,9 @@ This helps mitigate DMA and memory remanence attacks.
 On computers with a compatible TPM, operating system drives that are BitLocker-protected can be unlocked in four ways:
- **TPM-only.** Using TPM-only validation doesn't require any interaction with the user to unlock and provide access to the drive. If the TPM validation succeeds, the user sign-in experience is the same as a standard sign in. If the TPM is missing or changed or if BitLocker detects changes to the BIOS or UEFI code or configuration, critical operating system startup files, or the boot configuration, BitLocker enters recovery mode, and the user must enter a recovery password to regain access to the data. This option is more convenient for sign-in but less secure than the other options, which require an additional authentication factor.  
+- **TPM-only.** Using TPM-only validation doesn't require any interaction with the user to unlock and provide access to the drive. If the TPM validation succeeds, the user sign-in experience is the same as a standard sign-in. If the TPM is missing or changed or if BitLocker detects changes to the BIOS or UEFI code or configuration, critical operating system startup files, or the boot configuration, BitLocker enters recovery mode, and the user must enter a recovery password to regain access to the data. This option is more convenient for sign-in but less secure than the other options, which require an additional authentication factor.  
 - **TPM with startup key.** In addition to the protection that the TPM-only provides, part of the encryption key is stored on a USB flash drive, referred to as a startup key. Data on the encrypted volume can't be accessed without the startup key.
- **TPM with PIN.** In addition to the protection that the TPM provides, BitLocker requires that the user enter a PIN. Data on the encrypted volume can't be accessed without entering the PIN. TPMs also have [anti-hammering protection](/windows/security/hardware-protection/tpm/tpm-fundamentals#anti-hammering) that is designed to prevent brute force attacks that attempt to determine the PIN.  
+- **TPM with PIN.** In addition to the protection that the TPM provides, BitLocker requires that the user enters a PIN. Data on the encrypted volume can't be accessed without entering the PIN. TPMs also have [anti-hammering protection](/windows/security/hardware-protection/tpm/tpm-fundamentals#anti-hammering) that is designed to prevent brute force attacks that attempt to determine the PIN.  
 - **TPM with startup key and PIN.** In addition to the core component protection that the TPM-only provides, part of the encryption key is stored on a USB flash drive, and a PIN is required to authenticate the user to the TPM. This configuration provides multifactor authentication so that if the USB key is lost or stolen, it can't be used for access to the drive, because the correct PIN is also required.
 In the following group policy example, TPM + PIN is required to unlock an operating system drive:
@ -130,7 +130,7 @@ This section covers countermeasures for specific types of attacks.
 ### Bootkits and rootkits
-A physically-present attacker might attempt to install a bootkit or rootkit-like piece of software into the boot chain in an attempt to steal the BitLocker keys. 
+A physically present attacker might attempt to install a bootkit or rootkit-like piece of software into the boot chain in an attempt to steal the BitLocker keys. 
 The TPM should observe this installation via PCR measurements, and the BitLocker key won't be released. 
 This is the default configuration.
@ -163,6 +163,7 @@ The following sections cover mitigations for different types of attackers.
 Physical access may be limited by a form factor that doesn't expose buses and memory. 
 For example, there are no external DMA-capable ports, no exposed screws to open the chassis, and memory is soldered to the mainboard. 
 This attacker of opportunity doesn't use destructive methods or sophisticated forensics hardware/software. 
 Mitigation: 
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@ -17,13 +17,11 @@ ms.custom: bitlocker
 # Overview of BitLocker Device Encryption in Windows
 **Applies to**
 -   Windows 10
 -   Windows 11
-   Windows Server 2016 and above
+-   Windows Server 2016 and later 
-This article explains how BitLocker Device Encryption can help protect data on devices running Windows. 
+This article explains how BitLocker Device Encryption can help protect data on devices running Windows. For a general overview and list of articles about BitLocker, see [BitLocker](bitlocker-overview.md). 
 For a general overview and list of articles about BitLocker, see [BitLocker](bitlocker-overview.md). 
 When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives. Windows consistently improves data protection by improving existing options and providing new strategies.
--- a/windows/security/information-protection/bitlocker/bitlocker-overview.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md
@ -28,9 +28,9 @@ This topic provides a high-level overview of BitLocker, including a list of syst
 BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
-BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline.
+BitLocker provides the maximum protection when used with a Trusted Platform Module (TPM) version 1.2 or later versions. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline.
-On computers that do not have a TPM version 1.2 or later, you can still use BitLocker to encrypt the Windows operating system drive. However, this implementation will require the user to insert a USB startup key to start the computer or resume from hibernation. Starting with Windows 8, you can use an operating system volume password to protect the operating system volume on a computer without TPM. Both options do not provide the pre-startup system integrity verification offered by BitLocker with a TPM.
+On computers that do not have a TPM version 1.2 or later versions, you can still use BitLocker to encrypt the Windows operating system drive. However, this implementation requires the user to insert a USB startup key to start the computer or resume from hibernation. Starting with Windows 8, you can use an operating system volume password to protect the operating system volume on a computer without TPM. Both options do not provide the pre-startup system integrity verification offered by BitLocker with a TPM.
 In addition to the TPM, BitLocker offers the option to lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable device, such as a USB flash drive, that contains a startup key. These additional security measures provide multifactor authentication and assurance that the computer will not start or resume from hibernation until the correct PIN or startup key is presented.
@ -38,13 +38,13 @@ In addition to the TPM, BitLocker offers the option to lock the normal startup p
 Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.
-There are two additional tools in the Remote Server Administration Tools, which you can use to manage BitLocker.
+There are two additional tools in the Remote Server Administration Tools which you can use to manage BitLocker.
 -   **BitLocker Recovery Password Viewer**. The BitLocker Recovery Password Viewer enables you to locate and view BitLocker Drive Encryption recovery passwords that have been backed up to Active Directory Domain Services (AD DS). You can use this tool to help recover data that is stored on a drive that has been encrypted by using BitLocker. The BitLocker Recovery Password Viewer tool is an extension for the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in.
    By using this tool, you can examine a computer object's **Properties** dialog box to view the corresponding BitLocker recovery passwords. Additionally, you can right-click a domain container and then search for a BitLocker recovery password across all the domains in the Active Directory forest. To view recovery passwords, you must be a domain administrator, or you must have been delegated permissions by a domain administrator.
 -   **BitLocker Drive Encryption Tools**. BitLocker Drive Encryption Tools include the command-line tools, manage-bde and repair-bde, and the BitLocker cmdlets for Windows PowerShell. Both manage-bde and the BitLocker cmdlets can be used to perform any task that can be accomplished through the 
-BitLocker control panel, and they are appropriate to use for automated deployments and other scripting scenarios. Repair-bde is provided for disaster recovery scenarios in which a BitLocker protected drive cannot be unlocked normally or by using the recovery console.
+BitLocker control panel, and they are appropriate to be used for automated deployments and other scripting scenarios. Repair-bde is provided for disaster recovery scenarios in which a BitLocker-protected drive cannot be unlocked normally or by using the recovery console.
 ## <a href="" id="bkmk-new"></a>New and changed functionality
@ -54,7 +54,7 @@ To find out what's new in BitLocker for Windows, such as support for the XTS-AES
 BitLocker has the following hardware requirements:
-For BitLocker to use the system integrity check provided by a Trusted Platform Module (TPM), the computer must have TPM 1.2 or later. If your computer does not have a TPM, enabling BitLocker requires that you save a startup key on a removable device, such as a USB flash drive.
+For BitLocker to use the system integrity check provided by a TPM, the computer must have TPM 1.2 or later versions. If your computer does not have a TPM, enabling BitLocker makes it mandatory for you to save a startup key on a removable device, such as a USB flash drive.
 A computer with a TPM must also have a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware. The BIOS or UEFI firmware establishes a chain of trust for the pre-operating system startup, and it must include support for TCG-specified Static Root of Trust Measurement. A computer without a TPM does not require TCG-compliant firmware.
@ -64,37 +64,41 @@ The system BIOS or UEFI firmware (for TPM and non-TPM computers) must support th
 > From Windows 7, you can encrypt an OS drive without a TPM and USB flash drive. For this procedure, see [Tip of the Day: Bitlocker without TPM or USB](https://social.technet.microsoft.com/Forums/en-US/eac2cc67-8442-42db-abad-2ed173879751/bitlocker-without-tpm?forum=win10itprosetup).
 > [!NOTE]
-> TPM 2.0 is not supported in Legacy and CSM Modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as Native UEFI only. The Legacy and Compatibility Support Module (CSM) options must be disabled. For added security Enable the Secure Boot feature.
+> TPM 2.0 is not supported in Legacy and Compatibility Support Module (CSM) modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as native UEFI only. The Legacy and CSM options must be disabled. For added security, enable the secure boot feature.
->
+
-> Installed Operating System on hardware in legacy mode will stop the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](/windows/deployment/mbr-to-gpt) before changing the BIOS mode which will prepare the OS and the disk to support UEFI.
+> Installed Operating System on hardware in Legacy mode stops the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](/windows/deployment/mbr-to-gpt.md) before changing the BIOS mode, which prepares the OS and the disk to support UEFI.
 The hard disk must be partitioned with at least two drives:
 -   The operating system drive (or boot drive) contains the operating system and its support files. It must be formatted with the NTFS file system.
-   The system drive contains the files that are needed to load Windows after the firmware has prepared the system hardware. BitLocker is not enabled on this drive. For BitLocker to work, the system drive must not be encrypted, must differ from the operating system drive, and must be formatted with the FAT32 file system on computers that use UEFI-based firmware or with the NTFS file system on computers that use BIOS firmware. We recommend that system drive be approximately 350 MB in size. After BitLocker is turned on it should have approximately 250 MB of free space.
+-   The system drive contains the files that are needed to load Windows after the firmware has prepared the system hardware. BitLocker is not enabled on this drive. For BitLocker to work, the system drive must not be encrypted, must differ from the operating system drive, and must be formatted with the FAT32 file system on computers that use UEFI-based firmware or with the NTFS file system on computers that use BIOS firmware. We recommend that system drive be approximately 350 MB in size. After BitLocker is turned on, it should have approximately 250 MB of free space.
 When installed on a new computer, Windows automatically creates the partitions that are required for BitLocker.
 A partition subject to encryption cannot be marked as an active partition (this applies to the operating system, fixed data, and removable data drives).
 When installed on a new computer, Windows will automatically create the partitions that are required for BitLocker.
-When installing the BitLocker optional component on a server you will also need to install the Enhanced Storage feature, which is used to support hardware encrypted drives.
+When installing the BitLocker optional component on a server, you will also need to install the Enhanced Storage feature, which is used to support hardware encrypted drives.
 ## In this section
 | Topic | Description |
 | - | - |
-| [Overview of BitLocker Device Encryption in Windows](bitlocker-device-encryption-overview-windows-10.md) | This topic for the IT professional provides an overview of the ways that BitLocker Device Encryption can help protect data on devices running Windows.  |
+| [Overview of BitLocker Device Encryption in Windows 10](bitlocker-device-encryption-overview-windows-10.md) | This topic provides an overview of the ways in which BitLocker Device Encryption can help protect data on devices running Windows 10.  |
-| [BitLocker frequently asked questions (FAQ)](bitlocker-frequently-asked-questions.yml) | This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.| 
+| [BitLocker frequently asked questions (FAQ)](bitlocker-frequently-asked-questions.yml) | This topic answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.| 
-| [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)| This topic for the IT professional explains how can you plan your BitLocker deployment. |
+| [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)| This topic explains the procedure you can use to plan your BitLocker deployment. |
-| [BitLocker basic deployment](bitlocker-basic-deployment.md) | This topic for the IT professional explains how BitLocker features can be used to protect your data through drive encryption. |
+| [BitLocker basic deployment](bitlocker-basic-deployment.md) | This topic explains how BitLocker features can be used to protect your data through drive encryption. |
-| [BitLocker: How to deploy on Windows Server](bitlocker-how-to-deploy-on-windows-server.md)| This topic for the IT professional explains how to deploy BitLocker on Windows Server.| 
+| [BitLocker: How to deploy on Windows Server](bitlocker-how-to-deploy-on-windows-server.md)| This topic explains how to deploy BitLocker on Windows Server.| 
-| [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) | This topic for the IT professional describes how BitLocker Network Unlock works and how to configure it. |
+| [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) | This topic describes how BitLocker Network Unlock works and how to configure it. |
-| [BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md)| This topic for the IT professional describes how to use tools to manage BitLocker.| 
+| [BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md)| This topic describes how to use tools to manage BitLocker.| 
-| [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md) | This topic for the IT professional describes how to use the BitLocker Recovery Password Viewer. |
+| [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md) | This topic describes how to use the BitLocker Recovery Password Viewer. |
-| [BitLocker Group Policy settings](bitlocker-group-policy-settings.md) | This topic for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker. |
+| [BitLocker Group Policy settings](bitlocker-group-policy-settings.md) | This topic describes the function, location, and effect of each group policy setting that is used to manage BitLocker. |
-| [BCD settings and BitLocker](bcd-settings-and-bitlocker.md) | This topic for IT professionals describes the BCD settings that are used by BitLocker.| 
+| [BCD settings and BitLocker](bcd-settings-and-bitlocker.md) | This topic describes the BCD settings that are used by BitLocker.| 
-| [BitLocker Recovery Guide](bitlocker-recovery-guide-plan.md)| This topic for IT professionals describes how to recover BitLocker keys from AD DS. |
+| [BitLocker Recovery Guide](bitlocker-recovery-guide-plan.md)| This topic describes how to recover BitLocker keys from AD DS. |
-| [Protect BitLocker from pre-boot attacks](./bitlocker-countermeasures.md)| This detailed guide will help you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 11, Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device’s configuration. |
+| [Protect BitLocker from pre-boot attacks](./bitlocker-countermeasures.md)| This detailed guide helps you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device’s configuration. |
 | [Troubleshoot BitLocker](troubleshoot-bitlocker.md) | This guide describes the resources that can help you troubleshoot BitLocker issues, and provides solutions for several common BitLocker issues. |
-| [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)| This topic for IT pros describes how to protect CSVs and SANs with BitLocker.| 
+| [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)| This topic describes how to protect CSVs and SANs with BitLocker.| 
-| [Enabling Secure Boot and BitLocker Device Encryption on Windows IoT Core](/windows/iot-core/secure-your-device/SecureBootAndBitLocker) | This topic covers how to use BitLocker with Windows IoT Core |
+| [Enabling Secure Boot and BitLocker Device Encryption on Windows IoT Core](/windows/iot-core/secure-your-device/SecureBootAndBitLocker) | This topic describes how to use BitLocker with Windows IoT Core |
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
@ -24,9 +24,9 @@ ms.custom: bitlocker
 - Windows 11
 - Windows Server 2016 and later
-This article for IT professionals describes how to recover BitLocker keys from Active Directory Domain Services (AD DS).
+This article describes how to recover BitLocker keys from AD DS.
-Organizations can use BitLocker recovery information saved in AD DS to access BitLocker-protected data. Creating a recovery model for BitLocker while you are planning your BitLocker deployment is recommended.
+Organizations can use BitLocker recovery information saved in Active Directory Domain Services (AD DS) to access BitLocker-protected data. It's recommended to create a recovery model for BitLocker while you are planning your BitLocker deployment.
 This article assumes that you understand how to set up AD DS to back up BitLocker recovery information automatically, and what types of recovery information are saved to AD DS.
@ -37,10 +37,9 @@ This article does not detail how to configure AD DS to store the BitLocker reco
 BitLocker recovery is the process by which you can restore access to a BitLocker-protected drive in the event that you cannot unlock the drive normally. In a recovery scenario, you have the following options to restore access to the drive:
- The user can supply the recovery password. If your organization allows users to print or store recovery passwords, the user can type in the 48-digit recovery password that they printed or stored on a USB drive or with your Microsoft Account online. (Saving a recovery password with your Microsoft Account online is only allowed when BitLocker is used on a PC that is not a member of a domain).
+-   **The user can supply the recovery password.** If your organization allows users to print or store recovery passwords, the users can type in the 48-digit recovery password that they printed or stored on a USB drive or with your Microsoft account online. (Saving a recovery password with your Microsoft account online is only allowed when BitLocker is used on a PC that is not a member of a domain).
- A data recovery agent can use their credentials to unlock the drive. If the drive is an operating system drive, the drive must be mounted as a data drive on another computer for the data recovery agent to unlock it.
+-   **Data recovery agents can use their credentials to unlock the drive.** If the drive is an operating system drive, the drive must be mounted as a data drive on another computer for the data recovery agent to unlock it.
- A domain administrator can obtain the recovery password from AD DS and use it to unlock the drive. Storing recovery passwords in AD DS is recommended to provide a way for IT professionals to be able to obtain recovery passwords for drives in their organization if needed. This method requires that you have enabled this recovery method in the BitLocker Group Policy setting **Choose how BitLocker-protected operating system drives can be recovered** located at **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives** in the Local Group Policy Editor. For more information, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
+-   **A domain administrator can obtain the recovery password from AD DS and use it to unlock the drive.** Storing recovery passwords in AD DS is recommended to provide a way for IT professionals to be able to obtain recovery passwords for drives in their organization if needed. This method makes it mandatory for you to enable this recovery method in the BitLocker group policy setting **Choose how BitLocker-protected operating system drives can be recovered** located at **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives** in the Local Group Policy Editor. For more information, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
 ### What causes BitLocker recovery?
@ -85,34 +84,36 @@ The following list provides examples of specific events that will cause BitLocke
 - Adding or removing add-in cards (such as video or network cards), or upgrading firmware on add-in cards.
 - Using a BIOS hot key during the boot process to change the boot order to something other than the hard drive.
 > [!NOTE]
 > Before you begin recovery, we recommend that you determine what caused recovery. This might help prevent the problem from occurring again in the future. For instance, if you determine that an attacker has modified your computer by obtaining physical access, you can create new security policies for tracking who has physical presence. After the recovery password has been used to recover access to the PC, BitLocker will reseal the encryption key to the current values of the measured components.
 > [!NOTE]
 > Before you begin recovery, we recommend that you determine what caused recovery. This might help prevent the problem from occurring again in the future. For instance, if you determine that an attacker has modified your computer by obtaining physical access, you can create new security policies for tracking who has physical presence. After the recovery password has been used to recover access to the PC, BitLocker reseals the encryption key to the current values of the measured components.
 For planned scenarios, such as a known hardware or firmware upgrades, you can avoid initiating recovery by temporarily suspending BitLocker protection. Because suspending BitLocker leaves the drive fully encrypted, the administrator can quickly resume BitLocker protection after the planned task has been completed. Using suspend and resume also reseals the encryption key without requiring the entry of the recovery key.
 > [!NOTE]
 > If suspended BitLocker will automatically resume protection when the PC is rebooted, unless a reboot count is specified using the manage-bde command line tool.
-If software maintenance requires the computer to be restarted and you are using two-factor authentication, you can enable BitLocker Network Unlock to provide the secondary authentication factor when the computers do not have an on-premises user to provide the additional authentication method.
+If software maintenance requires the computer to be restarted and you are using two-factor authentication, you can enable BitLocker network unlock feature to provide the secondary authentication factor when the computers do not have an on-premises user to provide the additional authentication method.
 Recovery has been described within the context of unplanned or undesired behavior, but you can also cause recovery as an intended production scenario, in order to manage access control. For example, when you redeploy desktop or laptop computers to other departments or employees in your enterprise, you can force BitLocker into recovery before the computer is given to a new user.
 ## <a href="" id="bkmk-testingrecovery"></a>Testing recovery
 Before you create a thorough BitLocker recovery process, we recommend that you test how the recovery process works for both end users (people who call your helpdesk for the recovery password) and administrators (people who help the end user get the recovery password). The -forcerecovery command of manage-bde is an easy way for you to step through the recovery process before your users encounter a recovery situation.
 **To force a recovery for the local computer:**
-1. Select the **Start** button, type *cmd* in the **Start Search** box, right-click **cmd.exe**, and then select **Run as administrator**.
+1.  Select the **Start** button, type **cmd** in the **Start Search** box, and select and hold **cmd.exe**, and then select **Run as administrator**.
-2. At the command prompt, type the following command and then press **Enter**:
+2.  At the command prompt, type the following command and then press **ENTER**:
    `manage-bde -forcerecovery <BitLockerVolume>`
    `manage-bde -forcerecovery <BitLockerVolume>`
 **To force recovery for a remote computer:**
-1. On the Start screen, type **cmd.exe**, and then select **Run as administrator**.
+1.  On the Start screen, type **cmd.exe**, and then select **Run as administrator**.
-2. At the command prompt, type the following command and then press ENTER:
+
 2.  At the command prompt, type the following command and then press **ENTER**:
    `manage-bde -ComputerName <RemoteComputerName> -forcerecovery <BitLockerVolume>`
    > [!NOTE]
@ -141,23 +142,21 @@ When you determine your recovery process, you should:
 ### <a href="" id="bkmk-selfrecovery"></a>Self-recovery
-In some cases, users might have the recovery password in a printout or a USB flash drive and can perform self-recovery. We recommend that your organization create a policy for self-recovery. If self-recovery includes using a password or recovery key stored on a USB flash drive, the users should be warned not to store the USB flash drive in the same place as the PC, especially during travel, for example if both the PC and the recovery items are in the same bag, then it's easy for an unauthorized user to access the PC. Another policy to consider is having users contact the Helpdesk before or after performing self-recovery so that the root cause can be identified.
+In some cases, users might have the recovery password in a printout or a USB flash drive and can perform self-recovery. We recommend that your organization creates a policy for self-recovery. If self-recovery includes using a password or recovery key stored on a USB flash drive, the users must be warned not to store the USB flash drive in the same place as the PC, especially during travel. For example, if both the PC and the recovery items are in the same bag it would be very easy for access to be gained to the PC by an unauthorized user. Another policy to consider is having users contact the Helpdesk before or after performing self-recovery so that the root cause can be identified.
 ### <a href="" id="bkmk-recoveryretrieval"></a>Recovery password retrieval
-If the user does not have a recovery password in a printout or on a USB flash drive, the user will need to be able to retrieve the recovery password from an online source. If the PC is a member of a domain, the recovery password can be backed up to AD DS. However, this does not happen by default. You must have configured the appropriate Group Policy settings before BitLocker was enabled on the PC. BitLocker Group Policy settings can be found in the Local Group Policy Editor or the Group Policy Management Console (GPMC) under **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption**. The following policy settings define the recovery methods that can be used to restore access to a BitLocker-protected drive if an authentication method fails or is unable to be used.
+If the user does not have a recovery password in a printout or on a USB flash drive, the user will need to be able to retrieve the recovery password from an online source. If the PC is a member of a domain, the recovery password can be backed up to AD DS. However, this does not happen by default; you must have configured the appropriate group policy settings before BitLocker was enabled on the PC. BitLocker group policy settings can be found in the Local Group Policy Editor or the Group Policy Management Console (GPMC) under **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption**. The following policy settings define the recovery methods that can be used to restore access to a BitLocker-protected drive if an authentication method fails or is unable to be used.
- **Choose how BitLocker-protected operating system drives can be recovered**
+-   **Choose how BitLocker-protected operating system drives can be recovered**
- **Choose how BitLocker-protected fixed drives can be recovered**
+-   **Choose how BitLocker-protected fixed drives can be recovered**
- **Choose how BitLocker-protected removable drives can be recovered**
+-   **Choose how BitLocker-protected removable drives can be recovered**
-
+In each of these policies, select **Save BitLocker recovery information to Active Directory Domain Services** and then choose which BitLocker recovery information to store in AD DS. Check the **Do not enable BitLocker until recovery information is stored in AD
 In each of these policies, select **Save BitLocker recovery information to Active Directory Domain Services** and then choose which BitLocker recovery information to store in Active Directory Domain Services (AD DS). Select the **Do not enable BitLocker until recovery information is stored in AD
 DS** check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information for the drive to AD DS succeeds.
 > [!NOTE]
-> If the PCs are part of a workgroup, users should be advised to save their BitLocker recovery password with their Microsoft Account online. Having an online copy of your BitLocker recovery password is recommended to help ensure that you do not lose access to your data in the event that recovery is required.
+> If the PCs are part of a workgroup, users are advised to save their BitLocker recovery password with their Microsoft account online. Having an online copy of your BitLocker recovery password is recommended to help ensure that you do not lose access to your data in the event of a recovery being required.
-
+ 
 The BitLocker Recovery Password Viewer for Active Directory Users and Computers tool allows domain administrators to view BitLocker recovery passwords for specific computer objects in Active Directory.
 You can use the following list as a template for creating your own recovery process for recovery password retrieval. This sample process uses the BitLocker Recovery Password Viewer for Active Directory Users and Computers tool.
@ -176,47 +175,43 @@ You can use the name of the user's computer to locate the recovery password in A
 ### <a href="" id="bkmk-verifyidentity"></a>Verify the user's identity
-Verify that the person that is asking for the recovery password is truly the authorized user of that computer. You might also want to verify that the computer with the name the user provided belongs to the user.
+You should verify whether the person who is asking for the recovery password is truly the authorized user of that computer. You may also wish to verify whether the computer for which the user provided the name belongs to the user.
 ### <a href="" id="bkmk-locatepassword"></a>Locate the recovery password in AD DS
-Locate the Computer object with the matching name in AD DS. Because Computer object names are listed in the AD DS global catalog, you should be able to locate the object even if you have a multi-domain forest.
+Locate the computer object with the matching name in AD DS. Because computer object names are listed in the AD DS global catalog, you should be able to locate the object even if you have a multi-domain forest.
 ### Multiple recovery passwords
-If multiple recovery passwords are stored under a computer object in AD DS, the name of the BitLocker recovery information object includes the date that the password was created.
+If multiple recovery passwords are stored under a computer object in AD DS, the name of the BitLocker recovery information object includes the date on which the password was created.
-If at any time you are unsure what password to provide, or if you think you might be providing the incorrect password, ask the user to read the eight character password ID that is displayed in the recovery console.
+If at any time you are unsure about the password to be provided, or if you think you might be providing the incorrect password, ask the user to read the 8-character password ID that is displayed in the recovery console.
-Since the password ID is a unique value that is associated with each recovery password stored in AD DS, running a query using this ID will find the correct password to unlock the encrypted volume.
+Since the password ID is a unique value that is associated with each recovery password stored in AD DS, running a query using this ID finds the correct password to unlock the encrypted volume.
 ### <a href="" id="bkmk-gatherinfo"></a>Gather information to determine why recovery occurred
-Before you give the user the recovery password, you should gather any information that will help determine why the recovery was needed, in order to analyze the root cause during the post-recovery analysis. For more info about post-recovery analysis, see [Post-recovery analysis](#bkmk-planningpostrecovery).
+Before you give the user the recovery password, you should gather any information that will help determine why the recovery was needed, in order to analyze the root cause during the post-recovery analysis. For more information about post-recovery analysis, see [Post-recovery analysis](#bkmk-planningpostrecovery).
 ### <a href="" id="bkmk-givepassword"></a>Give the user the recovery password
-Because the recovery password is 48 digits long, the user might need to record the password by writing it down or typing it on a different computer. If you are using MBAM, the recovery password will be regenerated after it is recovered from the MBAM database to avoid the security risks associated with an uncontrolled password.
+Because the recovery password is 48 digits long, the user may need to record the password by writing it down or typing it on a different computer. If you are using MBAM, the recovery password will be regenerated after it is recovered from the MBAM database to avoid the security risks associated with an uncontrolled password.
 > [!NOTE]
 > Because the 48-digit recovery password is long and contains a combination of digits, the user might mishear or mistype the password. The boot-time recovery console uses built-in checksum numbers to detect input errors in each 6-digit block of the 48-digit recovery password, and offers the user the opportunity to correct such errors.
 ### <a href="" id="bkmk-planningpostrecovery"></a>Post-recovery analysis
-When a volume is unlocked using a recovery password, an event is written to the event log and the platform validation measurements are reset in the TPM to match the current configuration. Unlocking the volume means that the encryption key has been released and is ready for on-the-fly encryption
+When a volume is unlocked using a recovery password, an event is written to the event log and the platform validation measurements are reset in the TPM to match the current configuration. Unlocking the volume means that the encryption key has been released and is ready for on-the-fly encryption when data is written to the volume, and on-the-fly decryption when data is read from the volume. After the volume is unlocked, BitLocker behaves the same way, regardless of how the access was granted.
 when data is written to the volume, and on-the-fly decryption when data is read from the volume. After the volume is unlocked, BitLocker behaves the same way, regardless of how the access was granted.
 If you notice that a computer is having repeated recovery password unlocks, you might want to have an administrator perform post-recovery analysis to determine the root cause of the recovery and refresh BitLocker platform validation so that the user no longer needs to enter a recovery password each time that the computer starts up. See:
 - [Determine the root cause of the recovery](#bkmk-determinecause)
 - [Refresh BitLocker protection](#bkmk-refreshprotection)
 ### <a href="" id="bkmk-determinecause"></a>Determine the root cause of the recovery
 If a user needed to recover the drive, it is important to determine the root cause that initiated the recovery as soon as possible. Properly analyzing the state of the computer and detecting tampering may reveal threats that have broader implications for enterprise security.
@ -225,21 +220,20 @@ While an administrator can remotely investigate the cause of recovery in some ca
 Review and answer the following questions for your organization:
-1. What BitLocker protection mode is in effect (TPM, TPM + PIN, TPM + startup key, startup key only)? Which PCR profile is in use on the PC?
+1.  Which BitLocker protection mode is in effect (TPM, TPM + PIN, TPM + startup key, startup key only)? Which PCR profile is in use on the PC?
-2. Did the user merely forget the PIN or lose the startup key? If a token was lost, where might the token be?
+2.  Did the user merely forget the PIN or lose the startup key? If a token was lost, where might the token be?
-3. If TPM mode was in effect, was recovery caused by a boot file change?
+3.  If TPM mode was in effect, was recovery caused by a boot file change?
-4. If recovery was caused by a boot file change, was the change an intended user action (for example, BIOS upgrade), or was it caused by malicious software?
+4.  If recovery was caused by a boot file change, is the boot file change due to an intended user action (for example, BIOS upgrade), or a malicious software?
-5. When was the user last able to start the computer successfully, and what might have happened to the computer since then?
+5.  When was the user last able to start the computer successfully, and what might have happened to the computer since then?
-6. Might the user have encountered malicious software or left the computer unattended since the last successful startup?
+6.  Might the user have encountered malicious software or left the computer unattended since the last successful startup?
 To help you answer these questions, use the BitLocker command-line tool to view the current configuration and protection mode (for example, **manage-bde -status**). Scan the event log to find events that help indicate why recovery was initiated (for example, if the boot file changed). Both of these capabilities can be performed remotely.
 To help you answer these questions, use the BitLocker command-line tool to view the current configuration and protection mode (for example, **manage-bde -status**). Scan the event log to find events that help indicate why recovery was initiated (for example, if a boot file change occurred). Both of these capabilities can be performed remotely.
 ### <a href="" id="bkmk-refreshprotection"></a>Resolve the root cause
 After you have identified what caused recovery, you can reset BitLocker protection and avoid recovery on every startup.
-The details of this reset can vary according to the root cause of the recovery. If you cannot determine the root cause, or if malicious software or a rootkit might have infected the computer, Helpdesk should apply best-practice virus policies to react appropriately.
+The details of this reset can vary according to the root cause of the recovery. If you cannot determine the root cause, or if a malicious software or a rootkit might have infected the computer, Helpdesk should apply best-practice virus policies to react appropriately.
 > [!NOTE]
 > You can perform a BitLocker validation profile reset by suspending and resuming BitLocker.
@ -255,33 +249,30 @@ If a user has forgotten the PIN, you must reset the PIN while you are logged on
 **To prevent continued recovery due to an unknown PIN**
-1. Unlock the computer using the recovery password.
+1.  Unlock the computer using the recovery password.
-2. Reset the PIN:
+2.  Reset the PIN:
-    1. Right-click the drive and then select **Change PIN**.
+    1.  Select and hold the drive and then select **Change PIN**
-    2. In the BitLocker Drive Encryption dialog, select **Reset a forgotten PIN**. If you are not logged in with an administrator account, provide administrative credentials at this time.
+    2.  In the BitLocker Drive Encryption dialog, select **Reset a forgotten PIN**. If you are not logged in with an administrator account, you must provide administrative credentials at this time.
-    3. In the PIN reset dialog, provide and confirm the new PIN to use and then select **Finish**.
+    3.  In the PIN reset dialog, provide and confirm the new PIN to be used and then select **Finish**.
 3. You will use the new PIN the next time you unlock the drive.
 ### <a href="" id="bkmk-loststartup"></a>Lost startup key
 If you have lost the USB flash drive that contains the startup key, then you must unlock the drive by using the recovery key and then create a new startup key.
 **To prevent continued recovery due to a lost startup key**
-1. Log on as an administrator to the computer that has the lost startup key.
+1.  Log on as an administrator to the computer that has its startup key lost.
-2. Open Manage BitLocker.
+2.  Open Manage BitLocker.
-3. Select **Duplicate start up key**, insert the clean USB drive on which you are going to write the key and then select **Save**.
+3.  Select **Duplicate start up key**, insert the clean USB drive on which you are going to write the key, and then select **Save**.
 ### <a href="" id="bkmk-changebootknown"></a>Changes to boot files
-This error might occur if you updated the firmware. As a best practice, you should suspend BitLocker before making changes to the firmware and then resume protection after the update has completed. This action prevents the computer from going into recovery mode. However if changes were made when BitLocker protection was on, then log on to the computer using the recovery password, and the platform validation profile will be updated so that recovery will not occur the next time.
+This error occurs if you updated the firmware. As a best practice, you should suspend BitLocker before making changes to the firmware and then resume protection after the update has completed. This prevents the computer from going into recovery mode. However, if changes were made when BitLocker protection was on, you can simply log on to the computer using the recovery password and the platform validation profile will be updated so that recovery will not occur the next time.
 ## Windows RE and BitLocker Device Encryption
-Windows Recovery Environment (Windows RE) can be used to recover access to a drive protected by [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md). If a PC is unable to boot after two failures, Startup Repair will automatically start. When Startup Repair is launched automatically due to boot failures, it will only execute operating system and driver file repairs, provided that the boot logs or any available crash dump point to a specific corrupted file. In Windows 8.1 and later, devices that include firmware to support specific TPM measurements for PCR\[7\] the TPM can validate that Windows RE is a trusted operating environment and will unlock any BitLocker-protected drives if Windows RE has not been modified. If the Windows RE environment has been modified, for example the TPM has been disabled, the drives will stay locked until the BitLocker recovery key is provided. If Startup Repair can't run automatically from the PC and instead Windows RE is manually started from a repair disk, then the BitLocker recovery key must be provided to unlock the BitLocker–protected drives.
+Windows Recovery Environment (RE) can be used to recover access to a drive protected by [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md). If a PC is unable to boot after two failures, Startup Repair automatically starts. When Startup Repair is launched automatically due to boot failures, it executes only operating system and driver file repairs, provided that the boot logs or any available crash dump points to a specific corrupted file. In Windows 8.1 and later versions, devices that include firmware to support specific TPM measurements for PCR\[7\] **the TPM** can validate that Windows RE is a trusted operating environment and unlock any BitLocker-protected drives if Windows RE has not been modified. If the Windows RE environment has been modified, for example, the TPM has been disabled, the drives stay locked until the BitLocker recovery key is provided. If Startup Repair is not able to be run automatically from the PC and instead, Windows RE is manually started from a repair disk, the BitLocker recovery key must be provided to unlock the BitLocker–protected drives.
 Windows RE will also ask for your BitLocker recovery key when you start a "Remove everything" reset from Windows RE on a device that uses the "TPM + PIN" or "Password for OS drive" protector. If you start BitLocker recovery on a keyboardless device with TPM-only protection, Windows RE, not the boot manager, will ask for the BitLocker recovery key. After you enter the key, you can access Windows RE troubleshooting tools or start Windows normally.
@ -294,7 +285,7 @@ To activate the on-screen keyboard, tap on a text input control.
 ## BitLocker recovery screen
-During BitLocker recovery, Windows can display a custom recovery message and hints that identify where a key can be retrieved from. These improvements can help a user during BitLocker recovery.
+During BitLocker recovery, Windows displays a custom recovery message and a few hints that identify where a key can be retrieved from. These improvements can help a user during BitLocker recovery.
 ### Custom recovery message
@ -320,19 +311,19 @@ BitLocker metadata has been enhanced in Windows 10, version 1903 or Windows 11
 ![Customized BitLocker recovery screen.](./images/bl-password-hint2.png)
 > [!IMPORTANT]
-> We don't recommend printing recovery keys or saving them to a file. Instead, use Active Directory backup or a cloud-based backup. Cloud-based backup includes Azure Active Directory (Azure AD) and Microsoft Account.
+> We don't recommend printing recovery keys or saving them to a file. Instead, use Active Directory backup or a cloud-based backup. Cloud-based backup includes Azure Active Directory (Azure AD) and Microsoft account.
-There are rules governing which hint is shown during the recovery (in order of processing):
+There are rules governing which hint is shown during the recovery (in the order of processing):
 1. Always display custom recovery message if it has been configured (using GPO or MDM).
-2. Always display generic hint: "For more information, go to <https://aka.ms/recoverykeyfaq>".
+2. Always display generic hint: "For more information, go to https://aka.ms/recoverykeyfaq."
-3. If multiple recovery keys exist on the volume, prioritize the last created (and successfully backed up) recovery key.
+3. If multiple recovery keys exist on the volume, prioritize the last-created (and successfully backed up) recovery key.
 4. Prioritize keys with successful backup over keys that have never been backed up.
-5. Prioritize backup hints in the following order for remote backup locations: **Microsoft Account > Azure AD > Active Directory**.
+5. Prioritize backup hints in the following order for remote backup locations: **Microsoft Account > Azure AD > Active Directory**. 
-6. If a key has been printed and saved to file, display a combined hint, "Look for a printout or a text file with the key," instead of two separate hints.
+6. If a key has been printed and saved to file, display a combined hint, “Look for a printout or a text file with the key,” instead of two separate hints.
-7. If multiple backups of the same type (remove vs. local) have been performed for the same recovery key, prioritize backup info with latest backed up date.
+7. If multiple backups of the same type (remove vs. local) have been performed for the same recovery key, prioritize backup info with latest backed-up date.
-8. There is no specific hint for keys saved to an on-premises Active Directory. In this case, a custom message (if configured) or a generic message, "Contact your organization's help desk," will be displayed.
+8. There is no specific hint for keys saved to an on-premises Active Directory. In this case, a custom message (if configured) or a generic message, “Contact your organization’s help desk,” is displayed. 
-9. If two recovery keys are present on the disk, but only one has been successfully backed up, the system will ask for a key that has been backed up, even if another key is newer.
+9. If two recovery keys are present on the disk, but only one has been successfully backed up, the system asks for a key that has been backed up, even if another key is newer. 
 #### Example 1 (single recovery key with single backup)
@ -345,7 +336,8 @@ There are rules governing which hint is shown during the recovery (in order of p
 |     Printed          |     No     |
 |     Saved to file    |     No     |
-**Result:** The hint for the Microsoft Account and the custom URL are displayed.
+
 **Result:** The hints for the Microsoft account and custom URL are displayed.
 ![Example 1 of Customized BitLocker recovery screen.](./images/rp-example1.png)
@ -452,12 +444,11 @@ If the recovery methods discussed earlier in this document do not unlock the vol
 > [!NOTE]
 > You must use the BitLocker Repair tool **repair-bde** to use the BitLocker key package.
-The BitLocker key package is not saved by default. To save the package along with the recovery password in AD DS, you must select the **Backup recovery password and key package** option in the Group Policy settings that control the recovery method. You can also export the key package from a working volume. For more details about how to export key packages, see [Retrieving the BitLocker Key Package](#bkmk-appendixc).
+The BitLocker key package is not saved by default. To save the package along with the recovery password in AD DS you must select the **Backup recovery password and key package** option in the group policy settings that control the recovery method. You can also export the key package from a working volume. For more details on how to export key packages, see [Retrieving the BitLocker Key Package](#bkmk-appendixc).
 ## <a href="" id="bkmk-appendixb"></a>Resetting recovery passwords
-Invalidate a recovery password after it has been provided and used. It should also be done when you intentionally want to invalidate an existing recovery password for any reason.
+You must invalidate a recovery password after it has been provided and used, and when you intentionally want to invalidate an existing recovery password for any reason.
 You can reset the recovery password in two ways:
@ -466,25 +457,22 @@ You can reset the recovery password in two ways:
 **To reset a recovery password using manage-bde:**
-1. Remove the previous recovery password
+1.  Remove the previous recovery password.
    ```powershell
    Manage-bde –protectors –delete C: –type RecoveryPassword
    ```
-
+2.  Add the new recovery password.
 2. Add the new recovery password
    ```powershell
    Manage-bde –protectors –add C: -RecoveryPassword
    ```
-
+3.  Get the ID of the new recovery password. From the screen, copy the ID of the recovery password.
 3. Get the ID of the new recovery password. From the screen, copy the ID of the recovery password.
    ```powershell
    Manage-bde –protectors –get C: -Type RecoveryPassword
    ```
-
+4.  Back up the new recovery password to AD DS.
 4. Back up the new recovery password to AD DS.
    ```powershell
    Manage-bde –protectors –adbackup C: -id {EXAMPLE6-5507-4924-AA9E-AFB2EB003692}
@ -495,8 +483,8 @@ You can reset the recovery password in two ways:
 **To run the sample recovery password script:**
-1. Save the following sample script in a VBScript file. For example: ResetPassword.vbs.
+1.  Save the following sample script in a VBScript file. For example: ResetPassword.vbs.
-2. At the command prompt, type a command similar to the following sample script:
+2.  At the command prompt, type a command similar to the following:
    **cscript ResetPassword.vbs**
@ -504,7 +492,7 @@ You can reset the recovery password in two ways:
    > This sample script is configured to work only for the C volume. You must customize the script to match the volume where you want to test password reset.
 > [!NOTE]
-> To manage a remote computer, you can specify the remote computer name rather than the local computer name.
+> To manage a remote computer, you must specify the remote computer name rather than the local computer name.
 You can use the following sample VBScript to reset the recovery passwords:
--- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
+++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
@ -1,6 +1,6 @@
 ---
 title: Prepare your organization for BitLocker Planning and policies (Windows 10)
-description: This topic for the IT professional explains how can you plan your BitLocker deployment.
+description: This article for the IT professional explains how can you plan your BitLocker deployment.
 ms.reviewer: 
 ms.prod: m365-security
 ms.localizationpriority: medium
@ -23,7 +23,7 @@ ms.custom: bitlocker
 - Windows 11
 - Windows Server 2016 and above
-This topic for the IT professional explains how can you plan your BitLocker deployment.
+This article for the IT professional explains how to plan BitLocker deployment.
 When you design your BitLocker deployment strategy, define the appropriate policies and configuration requirements based on the business requirements of your organization. The following sections will help you collect information. Use this information to help with your decision-making process about deploying and managing BitLocker systems.
@ -35,7 +35,7 @@ To help you document your organization's current disk encryption security polici
 1. Are there policies to determine which computers will use BitLocker and which computers won't use BitLocker?
 2. What policies exist to control recovery password and recovery key storage?
-3. What are the policies for validating the user identities that need to run BitLocker recovery?
+3. What are the policies for validating the identity of users who need to perform BitLocker recovery?
 4. What policies exist to control who in the organization has access to recovery data?
 5. What policies exist to control computer decommissioning or retirement?
@ -53,14 +53,13 @@ Also, BitLocker can lock the normal startup process until the user supplies a pe
 On computers that don't have a TPM version 1.2 or higher, you can still use BitLocker to encrypt the Windows operating system volume. However, this implementation requires the user to insert a USB startup key to start the computer or resume from hibernation. It doesn't provide the pre-startup system integrity verification offered by BitLocker working with a TPM.
 ### BitLocker key protectors
 | Key protector | Description |
 | - | - |
-| TPM | A hardware device used to help establish a secure root-of-trust. BitLocker only supports TPM version 1.2 or higher.|
+| TPM | A hardware device used to help establish a secure root-of-trust. BitLocker only supports TPM 1.2 or higher versions.|
 | PIN | A user-entered numeric key protector that can only be used in addition to the TPM.|
 | Enhanced PIN | A user-entered alphanumeric key protector that can only be used in addition to the TPM.|
-| Startup key | An encryption key that can be stored on most removable media. This key protector can be used alone on non-TPM computers, or with a TPM for added security.|
+| Startup key | An encryption key that can be stored on most removable media. This key protector can be used alone on non-TPM computers, or in conjunction with a TPM for added security.|
-| Recovery password | A 48-digit number used to unlock a volume when it is in recovery mode. Numbers can often be typed on a regular keyboard, if the numbers on the normal keyboard are not responding you can always use the function keys (F1-F10) to input the numbers.|
+| Recovery password | A 48-digit number used to unlock a volume when it is in recovery mode. Numbers can often be typed on a regular keyboard. If the numbers on the normal keyboard are not responding, you can always use the function keys (F1-F10) to input the numbers.|
 | Recovery key| An encryption key stored on removable media that can be used for recovering data encrypted on a BitLocker volume.|
 ### BitLocker authentication methods
@ -68,18 +67,18 @@ On computers that don't have a TPM version 1.2 or higher, you can still use Bit
 | Authentication method | Requires user interaction | Description |
 | - | - | - |
 | TPM only| No| TPM validates early boot components.|
-| TPM + PIN | Yes| TPM validates early boot components. The user must enter the correct PIN before the start-up process can continue, and before the drive can be unlocked. The TPM will enter lockout if the incorrect PIN is entered repeatedly to protect the PIN from brute force attacks. The number of repeated attempts that will trigger a lockout is variable.|
+| TPM + PIN | Yes| TPM validates early boot components. The user must enter the correct PIN before the start-up process can continue, and before the drive can be unlocked. The TPM enters lockout if the incorrect PIN is entered repeatedly, to protect the PIN from brute force attacks. The number of repeated attempts that will trigger a lockout is variable.|
 | TPM + Network key | No | The TPM successfully validates early boot components, and a valid encrypted network key has been provided from the WDS server. This authentication method provides automatic unlock of operating system volumes at system reboot while still maintaining multifactor authentication. |
 | TPM + startup key| Yes| The TPM successfully validates early boot components, and a USB flash drive containing the startup key has been inserted.|
 | Startup key only | Yes| The user is prompted for the USB flash drive that has the recovery key and/or startup key, and then reboot the computer.|
-**Will you support computers without TPM version 1.2 or higher?**
+**Will you support computers without TPM 1.2 or higher versions?**
-Determine if you're support computers that don't have a TPM version 1.2 or higher. If you support BitLocker on this type of computer, a user must use a USB startup key to boot the system. This startup key requires extra support processes similar to multifactor authentication.
+Determine whether you will support computers that don't have a TPM 1.2 or higher versions in your environment. If you choose to support BitLocker on this type of computer, a user must use a USB startup key to boot the system. This startup key requires extra support processes similar to multifactor authentication.
 **What areas of your organization need a baseline level of data protection?**
-The TPM-only authentication method will provide the most transparent user experience for organizations that need a baseline level of data protection to meet security policies. It has the lowest total cost of ownership. TPM-only might also be more appropriate for computers that are unattended or that must reboot unattended.
+The TPM-only authentication method provides the most transparent user experience for organizations that need a baseline level of data protection to meet security policies. It has the lowest total cost of ownership. TPM-only might also be more appropriate for computers that are unattended or that must reboot unattended.
 However, TPM-only authentication method offers the lowest level of data protection. This authentication method protects against attacks that modify early boot components. But, the level of protection can be affected by potential weaknesses in hardware or in the early boot components. BitLocker’s multifactor authentication methods significantly increase the overall level of data protection.
@ -93,7 +92,7 @@ The protection differences provided by multifactor authentication methods can't
 ## TPM hardware configurations
-In your deployment plan, identify what TPM-based hardware platforms will be supported. Document the hardware models from an OEM of your choice, so that their configurations can be tested and supported. TPM hardware requires special consideration during all aspects of planning and deployment.
+In your deployment plan, identify what TPM-based hardware platforms will be supported. Document the hardware models from an OEM of your choice so that their configurations can be tested and supported. TPM hardware requires special consideration during all aspects of planning and deployment.
 ### TPM 1.2 states and initialization
@ -126,7 +125,7 @@ To function correctly, BitLocker requires a specific disk configuration. BitLock
 - The operating system partition contains the operating system and its support files; it must be formatted with the NTFS file system
 - The system partition (or boot partition) includes the files needed to load Windows after the BIOS or UEFI firmware has prepared the system hardware. BitLocker isn't enabled on this partition. For BitLocker to work, the system partition must not be encrypted, and must be on a different partition than the operating system. On UEFI platforms, the system partition must be formatted with the FAT 32-file system. On BIOS platforms, the system partition must be formatted with the NTFS file system. It should be at least 350 MB in size.
-Windows setup will automatically configure the disk drives of your computer to support BitLocker encryption.
+Windows setup automatically configures the disk drives of your computer to support BitLocker encryption.
 Windows Recovery Environment (Windows RE) is an extensible recovery platform that is based on Windows Pre-installation Environment (Windows PE). When the computer fails to start, Windows automatically transitions into this environment, and the Startup Repair tool in Windows RE automates the diagnosis and repair of an unbootable Windows installation. Windows RE also contains the drivers and tools that are needed to unlock a volume protected by BitLocker by providing a recovery key or recovery password. To use Windows RE with BitLocker, the Windows RE boot image must be on a volume that isn't protected by BitLocker.
@ -144,19 +143,19 @@ Administrators can enable BitLocker before to operating system deployment from t
 ## Used Disk Space Only encryption
-The BitLocker Setup wizard provides administrators the ability to choose the Used Disk Space Only or Full encryption method when enabling BitLocker for a volume. Administrators can use the new BitLocker Group Policy setting to enforce either Used Disk Space Only or Full disk encryption.
+The BitLocker Setup wizard provides administrators the ability to choose the Used Disk Space Only or Full encryption method when enabling BitLocker for a volume. Administrators can use the new BitLocker group policy setting to enforce either Used Disk Space Only or Full disk encryption.
 Launching the BitLocker Setup wizard prompts for the authentication method to be used (password and smart card are available for data volumes). Once the method is chosen and the recovery key is saved, you're asked to choose the drive encryption type. Select Used Disk Space Only or Full drive encryption.
-With Used Disk Space Only, only the portion of the drive that contains data will be encrypted. Unused space will remain unencrypted. This behavior causes the encryption process to be much faster, especially for new PCs and data drives. When BitLocker is enabled with this method, as data is added to the drive, the portion of the drive used is encrypted. So, there's never unencrypted data stored on the drive.
+With Used Disk Space Only, just the portion of the drive that contains data will be encrypted. Unused space will remain unencrypted. This behavior causes the encryption process to be much faster, especially for new PCs and data drives. When BitLocker is enabled with this method, as data is added to the drive, the portion of the drive used is encrypted. So, there's never unencrypted data stored on the drive.
 With Full drive encryption, the entire drive is encrypted, whether data is stored on it or not. This option is useful for drives that have been repurposed, and may contain data remnants from their previous use.
 ## Active Directory Domain Services considerations
-BitLocker integrates with Active Directory Domain Services (AD DS) to provide centralized key management. By default, no recovery information is backed up to Active Directory. Administrators can configure the following Group Policy setting for each drive type to enable backup of BitLocker recovery information:
+BitLocker integrates with Active Directory Domain Services (AD DS) to provide centralized key management. By default, no recovery information is backed up to Active Directory. Administrators can configure the following group policy setting for each drive type to enable backup of BitLocker recovery information:
-Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\*drive type*\\Choose how BitLocker protected drives can be recovered.
+Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\*drive type*\\Choose how BitLocker-protected drives can be recovered.
 By default, only Domain Admins have access to BitLocker recovery information, but [access can be delegated to others](/archive/blogs/craigf/delegating-access-in-ad-to-bitlocker-recovery-information).
@ -168,26 +167,26 @@ The following recovery data is saved for each computer object:
 - **Key package data**
-    With this key package and the recovery password, you will be able decrypt portions of a BitLocker-protected volume if the disk is severely damaged. Each key package will only work with the volume it was created on, which can be identified by the corresponding volume ID.
+    With this key package and the recovery password, you will be able to decrypt portions of a BitLocker-protected volume if the disk is severely damaged. Each key package works only with the volume it was created on, which is identified by the corresponding volume ID.
 ## FIPS support for recovery password protector
-Functionality introduced in Windows Server 2012 R2 and Windows 8.1, allows BitLocker to be fully functional in FIPS mode.
+Functionality introduced in Windows Server 2012 R2 and Windows 8.1 allows BitLocker to be fully functional in FIPS mode.
 > [!NOTE]
-> The United States Federal Information Processing Standard (FIPS) defines security and interoperability requirements for computer systems that are used by the U.S. federal government. The FIPS 140 standard defines approved cryptographic algorithms. The FIPS 140 standard also sets forth requirements for key generation and for key management. The National Institute of Standards and Technology (NIST) uses the Cryptographic Module Validation Program (CMVP) to determine whether a particular implementation of a cryptographic algorithm is compliant with the FIPS 140 standard. An implementation of a cryptographic algorithm is considered FIPS 140-compliant only if it has been submitted for and has passed NIST validation. An algorithm that hasn't been submitted can't be considered FIPS-compliant, even if the implementation produces identical data as a validated implementation of the same algorithm.
+> The United States Federal Information Processing Standard (FIPS) defines security and interoperability requirements for computer systems that are used by the U.S. Federal Government. The FIPS-140 standard defines approved cryptographic algorithms. The FIPS-140 standard also sets forth requirements for key generation and for key management. The National Institute of Standards and Technology (NIST) uses the Cryptographic Module Validation Program (CMVP) to determine whether a particular implementation of a cryptographic algorithm is compliant with the FIPS-140 standard. An implementation of a cryptographic algorithm is considered FIPS-140-compliant only if it has been submitted for and has passed NIST validation. An algorithm that has not been submitted cannot be considered FIPS-compliant even if the implementation produces identical data as a validated implementation of the same algorithm.
 Before these supported versions of Windows, when Windows was in FIPS mode, BitLocker prevented the creation or use of recovery passwords and instead forced the user to use recovery keys. For more information about these issues, see the support article [kb947249](/troubleshoot/windows-client/windows-security/bitlocker-recovery-password-not-fips-compliant).
 But on computers running these supported systems with BitLocker enabled:
- FIPS-compliant recovery password protectors can be created when Windows is in FIPS mode. These protectors use the FIPS 140 NIST SP800-132 algorithm.
+- FIPS-compliant recovery password protectors can be created when Windows is in FIPS mode. These protectors use the FIPS-140 NIST SP800-132 algorithm.
 - Recovery passwords created in FIPS mode on Windows 8.1 can be distinguished from recovery passwords created on other systems.
- Recovery unlock using the FIPS-compliant algorithm based recovery password protector work in all cases that currently work for recovery passwords.
+- Recovery unlock using the FIPS-compliant, algorithm-based recovery password protector works in all cases that currently work for recovery passwords.
 - When FIPS-compliant recovery passwords unlock volumes, the volume is unlocked to allow read/write access even while in FIPS mode.
 - FIPS-compliant recovery password protectors can be exported and stored in AD a while in FIPS mode.
-The BitLocker Group Policy settings for recovery passwords work the same for all Windows versions that support BitLocker, whether in FIPs mode or not.
+The BitLocker Group Policy settings for recovery passwords work the same for all Windows versions that support BitLocker, whether in FIPS mode or not.
 On Windows Server 2012 R2 and Windows 8.1 and older, you can't use recovery passwords generated on a system in FIPS mode. Recovery passwords created on Windows Server 2012 R2 and Windows 8.1 are incompatible with BitLocker on operating systems older than Windows Server 2012 R2 and Windows 8.1. So, recovery keys should be used instead.
--- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
@ -18,65 +18,71 @@ ms.custom: bitlocker
 **Applies to**
 -   Windows Server 2016
-This article for IT pros describes how to protect CSVs and SANs with BitLocker.
+This article describes the procedure to protect cluster shared volumes (CSVs) and storage area networks (SANs) by using BitLocker.
-BitLocker can protect both physical disk resources and cluster shared volumes version 2.0 (CSV2.0). BitLocker on clustered volumes allows for an additional layer of protection for administrators wishing to protect sensitive, highly available data. By adding additional protectors to the clustered volume, administrators can also add an additional barrier of security to resources within an organization by allowing only certain user accounts access to unlock the BitLocker volume.
+BitLocker protects both physical disk resources and cluster shared volumes version 2.0 (CSV2.0). BitLocker on clustered volumes provides an extra layer of protection that can be used by administrators wishing to protect sensitive, highly available data. The administrators use this extra layer of protection to increase the security to resources. Only certain user accounts provided access to unlock the BitLocker volume.
 ## <a href="" id="configuring-bitlocker-on-cluster-shared-volumes-"></a>Configuring BitLocker on Cluster Shared Volumes
-### Using BitLocker with Clustered Volumes
+### Using BitLocker with clustered volumes
-BitLocker on volumes within a cluster are managed based on how the cluster service "views" the volume to be protected. The volume can be a physical disk resource such as a logical unit number (LUN) on a storage area network (SAN) or network attached storage (NAS).
+Volumes within a cluster are managed with the help of BitLocker based on how the cluster service "views" the volume to be protected. The volume can be a physical disk resource such as a logical unit number (LUN) on a SAN or network attached storage (NAS).
 > [!IMPORTANT]
 > SANs used with BitLocker must have obtained Windows Hardware Certification. For more info, see [Windows Hardware Lab Kit](/windows-hardware/drivers/).
-Alternatively, the volume can be a cluster-shared volume, a shared namespace, within the cluster. Windows Server 2012 expanded the CSV architecture, now known as CSV2.0, to enable support for BitLocker. When using BitLocker with volumes designated for a cluster, the volume will need to turn on 
+Instead, the volume can be a cluster-shared volume. Windows Server 2012 expanded the CSV architecture, now known as CSV2.0, to enable support for BitLocker. The volumes that are designated for a cluster must do the following tasks:
 BitLocker before its addition to the storage pool within cluster or put the resource into maintenance mode before BitLocker operations will complete.
-Windows PowerShell or the manage-bde command-line interface is the preferred method to manage BitLocker on CSV2.0 volumes. This method is recommended over the BitLocker Control Panel item because CSV2.0 volumes are mount points. Mount points are an NTFS object that is used to provide an entry point to other volumes. Mount points do not require the use of a drive letter. Volumes that lack drive letters do not appear in the BitLocker Control Panel item. Additionally, the new Active Directory-based protector option required for cluster disk resource or CSV2.0 resources is not available in the Control Panel item.
+- It must turn on BitLocker—only after this task is done, can the volumes be added to the storage pool.
 - It must put the resource into maintenance mode before BitLocker operations are completed.
 Windows PowerShell or the manage-bde command-line interface is the preferred method to manage BitLocker on CSV2.0 volumes. This method is recommended over the BitLocker Control Panel item because CSV2.0 volumes are mount points. Mount points are an NTFS object that is used to provide an entry point to other volumes. Mount points don't require the use of a drive letter. Volumes that lack drive letters don't appear in the BitLocker Control Panel item. Additionally, the new Active Directory-based protector option required for cluster disk resource or CSV2.0 resources isn't available in the Control Panel item.
 > [!NOTE]
-> Mount points can be used to support remote mount points on SMB based network shares. This type of share is not supported for BitLocker encryption.
+> Mount points can be used to support remote mount points on SMB-based network shares. This type of share is not supported for BitLocker encryption.
-For thinly provisioned storage, such as a Dynamic Virtual Hard Disk (VHD), BitLocker runs in Used Disk Space Only encryption mode. You cannot use the **manage-bde -WipeFreeSpace** command to transition the volume to full-volume encryption on these types of volumes. This action is blocked in order to avoid expanding thinly provisioned volumes to occupy the entire backing store while wiping the unoccupied (free) space.
+If there's a thinly provisioned storage, such as a dynamic virtual hard disk (VHD), BitLocker runs in **Used Disk Space Only** encryption mode. You can't use the **manage-bde -WipeFreeSpace** command to transition the volume to full-volume encryption on thinly provisioned storage volumes. The usage of **manage-bde -WipeFreeSpace** command is blocked to avoid expanding thinly provisioned volumes to occupy the entire backing store while wiping the unoccupied (free) space.
 ### Active Directory-based protector
-You can also use an Active Directory Domain Services (AD DS) protector for protecting clustered volumes held within your AD DS infrastructure. The **ADAccountOrGroup** protector is a domain security identifier (SID)-based protector that can be bound to a user account, machine account, or group. When an unlock request is made for a protected volume, the BitLocker service interrupts the request and uses the BitLocker protect/unprotect APIs to unlock or deny the request. BitLocker will unlock protected volumes without user intervention by attempting protectors in the following order:
+You can also use an Active Directory Domain Services (AD DS) protector for protecting clustered volumes held within your AD DS infrastructure. The **ADAccountOrGroup** protector is a domain security identifier (SID)-based protector that can be bound to a user account, machine account, or group. When an unlock request is made for a protected volume, the following events take place:
-1.  Clear key
+- BitLocker service interrupts the request and uses the BitLocker protect/unprotect APIs to unlock or deny the request. 
-2.  Driver-based auto-unlock key
+- BitLocker will unlock protected volumes without user intervention by attempting protectors in the following order:
 3.  ADAccountOrGroup protector
-    1.  Service context protector
+    1.  Clear key
-    2.  User protector
+    2.  Driver-based auto-unlock key
-
+    3.  **ADAccountOrGroup** protector
-4.  Registry-based auto-unlock key
+    
        a.  Service context protector
        b.  User protector
    4.  Registry-based auto-unlock key
 > [!NOTE]
 > A Windows Server 2012 or later domain controller is required for this feature to work properly.
 ### Turning on BitLocker before adding disks to a cluster using Windows PowerShell
-BitLocker encryption is available for disks before or after addition to a cluster storage pool. The advantage of encrypting volumes prior to adding them to a cluster is that the disk resource does not require suspending the resource to complete the operation. To turn on BitLocker for a disk before adding it to a cluster:
+BitLocker encryption is available for disks before these disks are added to a cluster storage pool.
-
+> [!NOTE]
-1.  Install the BitLocker Drive Encryption feature if it is not already installed.
+> The advantage of The Bitlocker encryption can even be made available for disks after they are added to a cluster storage pool. 
-
+The advantage of encrypting volumes prior to adding them to a cluster is that the disk resource need not be suspended to complete the operation. 
-2.  Ensure the disk is formatted NTFS and has a drive letter assigned to it.
+To turn on BitLocker for a disk before adding it to a cluster:
 1.  Install the BitLocker Drive Encryption feature if it isn't already installed.
 2.  Ensure the disk is an NTFS-formatted one and has a drive letter assigned to it.
 3.  Identify the name of the cluster with Windows PowerShell.
    ```powershell
    Get-Cluster
    ```
 4.  Enable BitLocker on the volume of your choice with an **ADAccountOrGroup** protector, using the cluster name. For example, use a command such as:
    ```powershell
    Enable-BitLocker E: -ADAccountOrGroupProtector -ADAccountOrGroup CLUSTER$
    ```
    > [!WARNING]
    > You must configure an **ADAccountOrGroup** protector using the cluster CNO for a BitLocker enabled volume to either be shared in a Cluster Shared Volume or to fail over properly in a traditional failover cluster.
@ -86,27 +92,24 @@ BitLocker encryption is available for disks before or after addition to a cluste
 ### Turning on BitLocker for a clustered disk using Windows PowerShell
-When the cluster service owns a disk resource already, it needs to be set into maintenance mode before BitLocker can be enabled. Use the following steps for turning on BitLocker for a clustered disk:
+When the cluster service owns a disk resource already, the disk resource needs to be set into maintenance mode before BitLocker can be enabled. To turn on the Bitlocker for a clustered disk using Windows PowerShell, perform the following steps:
-1.  Install the BitLocker Drive Encryption feature if it is not already installed.
+1.  Install the BitLocker drive encryption feature if it isn't already installed.
 2.  Check the status of the cluster disk using Windows PowerShell.
    ```powershell
    Get-ClusterResource "Cluster Disk 1"
    ```
 3.  Put the physical disk resource into maintenance mode using Windows PowerShell.
    ```powershell
    Get-ClusterResource "Cluster Disk 1" | Suspend-ClusterResource
    ```
 4.  Identify the name of the cluster with Windows PowerShell.
    ```powershell
    Get-Cluster
    ```
 5.  Enable BitLocker on the volume of your choice with an **ADAccountOrGroup** protector, using the cluster name. For example, use a command such as:
    ```powershell
@ -114,55 +117,63 @@ When the cluster service owns a disk resource already, it needs to be set into m
    ```
    > [!WARNING]
-    > You must configure an **ADAccountOrGroup** protector using the cluster CNO for a BitLocker enabled volume to either be shared in a Cluster Shared Volume or to fail over properly in a traditional failover cluster.
+    > You must configure an **ADAccountOrGroup** protector using the cluster CNO for a BitLocker-enabled volume to either be shared in a cluster-shared Volume or to fail over properly in a traditional failover cluster.
-6.  Use **Resume-ClusterResource** to take the physical disk resource back out of maintenance mode:
+6.  Use **Resume-ClusterResource** to take back the physical disk resource out of maintenance mode:
    ```powershell
    Get-ClusterResource "Cluster Disk 1" | Resume-ClusterResource
    ```
 7.  Repeat the preceding steps for each disk in the cluster.
-### Adding BitLocker encrypted volumes to a cluster using manage-bde
+### Adding BitLocker-encrypted volumes to a cluster using manage-bde
-You can also use manage-bde to enable BitLocker on clustered volumes. Follow these steps to add a physical disk resource or CSV2.0 volume to an existing cluster:
+You can also use **manage-bde** to enable BitLocker on clustered volumes. The steps needed to add a physical disk resource or CSV2.0 volume to an existing cluster are:
-1.  Verify the BitLocker Drive Encryption feature is installed on the computer.
+1.  Verify that the BitLocker drive encryption feature is installed on the computer.
 2.  Ensure new storage is formatted as NTFS.
-3.  Encrypt the volume, add a recovery key, and add the cluster administrator as a protector key by using the manage-bde command-line interface (see example):
+3.  Encrypt the volume, add a recovery key and add the cluster administrator as a protector key using the**manage-bde** command line interface (see example):
    -   `Manage-bde -on -used <drive letter> -RP -sid domain\CNO$ -sync`
-        1.  BitLocker will check to see if the disk is already part of a cluster. If it is, administrators will encounter a hard block. Otherwise, the encryption will continue.
+       1.  BitLocker will check to see if the disk is already part of a cluster. If it is, administrators will encounter a hard block. Otherwise, the encryption continues.
-        2.  Using the -sync parameter is optional. Using it ensures the command waits until the encryption for the volume is completed before releasing the volume for use in the cluster storage pool.
+       2.  Using the -sync parameter is optional. However, using -sync parameter has the following advantage:
        - The -sync parameter ensures the command waits until the encryption for the volume is completed. The volume is then released for use in the cluster storage pool.
-4.  Open the Failover Cluster Manager snap-in or cluster PowerShell cmdlets to enable the disk to be clustered
+4.  Open the Failover Cluster Manager snap-in or cluster PowerShell cmdlets to enable the disk to be clustered.
    -   Once the disk is clustered, it can also be enabled for CSV.
-5.  During the resource online operation, cluster will check to see if the disk is BitLocker encrypted.
+    -   Once the disk is clustered, it's enabled for CSV.
-    1.  If the volume is not BitLocker enabled, traditional cluster online operations occur.
+
 5.  During the resource online operation, cluster checks whether the disk is BitLocker encrypted.
    1.  If the volume isn't BitLocker enabled, traditional cluster online operations occur.
    2.  If the volume is BitLocker enabled, the following check occurs:
        -   If volume is **locked**, BitLocker will impersonate the CNO and unlock the volume using the CNO protector. If this operation fails, an event will be logged that the volume could not be unlocked and the online operation will fail.
-6.  Once the disk is online in the storage pool, it can be added to a CSV by right-clicking the disk resource and choosing **Add to cluster shared volumes**.
+       -   If volume is **locked**, BitLocker impersonates the CNO and unlocks the volume using the CNO protector. If these actions by BitLocker fail, an event is logged. The logged event will state that the volume couldn't be unlocked and the online operation has failed.
 6.  Once the disk is online in the storage pool, it can be added to a CSV by right-clicking the disk resource and choosing "**Add to cluster shared volumes**".
 CSVs include both encrypted and unencrypted volumes. To check the status of a particular volume for BitLocker encryption: administrators must do the following task:
 - Utilize the **manage-bde -status** command with a path to the volume.
 The path must be one that is inside the CSV namespace as seen in the example command line below.
 CSVs can include both encrypted and unencrypted volumes. To check the status of a particular volume for BitLocker encryption, administrators can utilize the manage-bde -status command with a path to the volume inside the CSV namespace as seen in the example command line below.
 ```powershell
 manage-bde -status "C:\ClusterStorage\volume1"
 ```
-### Physical Disk Resources
+### Physical disk resources
-Unlike CSV2.0 volumes, physical disk resources can only be accessed by one cluster node at a time. So operations such as encrypting, decrypting, locking, or unlocking volumes require context to perform. For example, you cannot unlock or decrypt a physical disk resource if you are not administering the cluster node that owns the disk resource because the disk resource is not available.
+
 Unlike CSV2.0 volumes, physical disk resources can only be accessed by one cluster node at a time. This condition means that operations such as encrypting, decrypting, locking or unlocking volumes require a context to perform. For example, you can't unlock or decrypt a physical disk resource if you aren't administering the cluster node that owns the disk resource because the disk resource isn't available.
 ### Restrictions on BitLocker actions with cluster volumes
-The following table contains information about both Physical Disk Resources (that is, traditional failover cluster volumes) and Cluster Shared Volumes (CSV) and the actions that are allowed by BitLocker in each situation.
+The following table contains information about both physical disk resources (that is, traditional failover cluster volumes) and cluster shared volumes (CSV) and the actions that are allowed by BitLocker in each situation.
 | Action | On owner node of failover volume | On Metadata Server (MDS) of CSV | On (Data Server) DS of CSV | Maintenance Mode |
 |--- |--- |--- |--- |--- |
@ -180,17 +191,17 @@ The following table contains information about both Physical Disk Resources (tha
 |**Extend**|Allowed|Allowed|Blocked|Allowed|
 > [!NOTE]
-> Although the manage-bde -pause command is Blocked in clusters, the cluster service will automatically resume a paused encryption or decryption from the MDS node
+> Although the **manage-bde -pause** command is blocked in clusters, the cluster service automatically resumes a paused encryption or decryption from the MDS node.
-In the case where a physical disk resource experiences a failover event during conversion, the new owning node will detect the conversion is not complete and will complete the conversion process.
+In the case where a physical disk resource experiences a failover event during conversion, the new owning node detects that the conversion isn't complete and completes the conversion process.
 ### Other considerations when using BitLocker on CSV2.0
-Also take these considerations into account for BitLocker on clustered storage:
+Some other considerations to take into account for BitLocker on clustered storage include:
-   BitLocker volumes have to be initialized and beginning encryption before they are available to add to a CSV2.0 volume.
+-   BitLocker volumes have to be initialized and begin encryption before they're available to add to a CSV2.0 volume.
-   If an administrator needs to decrypt a CSV volume, remove the volume from the cluster or put into disk maintenance mode. You can add the CSV back to the cluster while waiting for decryption to complete.
+-   If an administrator needs to decrypt a CSV volume, remove the volume from the cluster or put it into disk maintenance mode. You can add the CSV back to the cluster while waiting for decryption to complete.
-   If an administrator needs to start encrypting a CSV volume, remove the volume from the cluster or put it in maintenance mode.
+-   If an administrator needs to start encrypting a CSV volume, remove the volume from the cluster or put it into maintenance mode.
-   If conversion is paused with encryption in progress and the CSV volume is offline from the cluster, the cluster thread (health check) will automatically resume conversion when the volume is online to the cluster.
+-   If conversion is paused with encryption in progress and the CSV volume is offline from the cluster, the cluster thread (health check) automatically resumes conversion when the volume is online to the cluster.
-   If conversion is paused with encryption in progress and a physical disk resource volume is offline from the cluster, the BitLocker driver will automatically resume conversion when the volume is online to the cluster.
+-   If conversion is paused with encryption in progress and a physical disk resource volume is offline from the cluster, the BitLocker driver automatically resumes conversion when the volume is online to the cluster.
-   If conversion is paused with encryption in progress, while the CSV volume is in maintenance mode, the cluster thread (health check) will automatically resume conversion when moving the volume back from maintenance.
+-   If conversion is paused with encryption in progress, while the CSV volume is in maintenance mode, the cluster thread (health check) automatically resumes conversion when moving the volume back from maintenance.
-   If conversion is paused with encryption in progress, while the disk resource volume is in maintenance mode, the BitLocker driver will automatically resume conversion when the volume is moved back from maintenance mode.
+-   If conversion is paused with encryption in progress, while the disk resource volume is in maintenance mode, the BitLocker driver automatically resumes conversion when the volume is moved back from maintenance mode.
--- a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md
@ -39,8 +39,8 @@ The following table lists and explains the allowed encryption types.
 | DES_CBC_CRC | Data Encryption Standard with Cipher Block Chaining using the Cyclic Redundancy Check function<br/>Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The Windows 7, Windows 10, Windows Server 2008 R2, and later operating systems don't support DES by default. |
 | DES_CBC_MD5| Data Encryption Standard with Cipher Block Chaining using the Message-Digest algorithm 5 checksum function<br/>Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The Windows 7, Windows 10, Windows Server 2008 R2, and later operating systems don't support DES by default. |
 | RC4_HMAC_MD5| Rivest Cipher 4 with Hashed Message Authentication Code using the Message-Digest algorithm 5 checksum function<br/>Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 10, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2.|
-| AES128_HMAC_SHA1| Advanced Encryption Standard in 128-bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).<br/>Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003. Supported in Windows Vista, Windows Server 2008, Windows 7, Windows 10, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. |
+| AES128_HMAC_SHA1| Advanced Encryption Standard in 128-bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).<br/>Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003.<br>Supported in Windows Vista, Windows Server 2008, Windows 7, Windows 10, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. |
-| AES256_HMAC_SHA1| Advanced Encryption Standard in 256-bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).<br/>Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003. Supported in Windows Vista, Windows Server 2008, Windows 7, Windows 10, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. |
+| AES256_HMAC_SHA1| Advanced Encryption Standard in 256-bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).<br/>Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003.<br>Supported in Windows Vista, Windows Server 2008, Windows 7, Windows 10, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. |
 | Future encryption types| Reserved by Microsoft for other encryption types that might be implemented.|
 ### Possible values
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
@ -94,7 +94,7 @@ There are no security audit event policies that can be configured to view event
 This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
-NTLM and NTLMv2 authentication is vulnerable to various malicious attacks, including SMB replay, man-in-the-middle attacks, and brute force attacks. Reducing and eliminating NTLM authentication from your environment forces the Windows operating system to use more secure protocols, such as the Kerberos version 5 protocol, or different authentication mechanisms, such as smart cards.
+NTLM and NTLMv2 authentication is vulnerable to various malicious attacks, including SMB relay, man-in-the-middle attacks, and brute force attacks. Reducing and eliminating NTLM authentication from your environment forces the Windows operating system to use more secure protocols, such as the Kerberos version 5 protocol, or different authentication mechanisms, such as smart cards.
 ### Vulnerability
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
@ -82,7 +82,7 @@ You should now have one or more WDAC policies converted into binary form. If not
 ## Deploying signed policies
-In addition to the steps outlined above, the binary policy file must also be copied to the device's EFI partition. Deploying your policy via [Microsoft Endpoint Manager](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically. 
+If you are using [signed WDAC policies](/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering), the policies must be deployed into your device's EFI partition in addition to the steps outlined above. Unsigned WDAC policies do not need to be present in the EFI partition. Deploying your policy via [Microsoft Endpoint Manager](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically. 
 1. Mount the EFI volume and make the directory, if it doesn't exist, in an elevated PowerShell prompt: 
@ -90,8 +90,9 @@ In addition to the steps outlined above, the binary policy file must also be cop
   $MountPoint = 'C:\EFIMount'
   $EFIDestinationFolder = "$MountPoint\EFI\Microsoft\Boot\CiPolicies\Active"
   $EFIPartition = (Get-Partition | Where-Object IsSystem).AccessPaths[0]
   if (-Not (Test-Path $MountPoint)) { New-Item -Path $MountPoint -Type Directory -Force }
   mountvol $MountPoint $EFIPartition
-   mkdir $EFIDestinationFolder
+   if (-Not (Test-Path $EFIDestinationFolder)) { New-Item -Path $EFIDestinationFolder -Type Directory -Force }
    ```
 2. Copy the signed policy to the created folder:
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@ -769,7 +769,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
    <FileAttrib ID="ID_FILEATTRIB_KEVP64_1" FriendlyName="kevp64.sys FileAttribute" FileName="kEvP64.sys" MinimumFileVersion="65535.65535.65535.65535" />
    <FileAttrib ID="ID_FILEATTRIB_LHA" FriendlyName="LHA.sys FileAttribute" FileName="LHA.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
    <FileAttrib ID="ID_FILEATTRIB_LHA_1" FriendlyName="LHA.sys FileAttribute" FileName="LHA.sys" MinimumFileVersion="65535.65535.65535.65535" />
-    <FileAttrib ID="ID_FILEATTRIB_LIBNICM_DRIVER" FriendlyName="" FileName="libnicm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
+    <FileAttrib ID="ID_FILEATTRIB_LIBNICM_DRIVER" FriendlyName="" FileName="libnicm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.11.0" />
    <FileAttrib ID="ID_FILEATTRIB_LV_DIAG" FriendlyName="LenovoDiagnosticsDriver FileAttribute" FileName="LenovoDiagnosticsDriver.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.0.0.0" />
    <FileAttrib ID="ID_FILEATTRIB_LV561V64" FriendlyName="LV561V64 LogiTech FileAttribute" FileName="Lv561av.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
    <FileAttrib ID="ID_FILEATTRIB_MONITOR" FriendlyName="IOBit Monitor.sys FileAttribute" FileName="Monitor.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="15.0.0.2" />