Merge branch 'main' of https://github.com/MicrosoftDocs/windows-docs-pr into pm-20250402-taskbar

2025-05-12 13:27:23 +00:00 · 2025-04-09 17:52:12 -04:00 · 2025-04-09 17:52:12 -04:00 · 7153efc204
commit 7153efc204
parent 2c689bae58 f7bc770b19
55 changed files with 1268 additions and 676 deletions
--- a/education/windows/edu-take-a-test-kiosk-mode.md
+++ b/education/windows/edu-take-a-test-kiosk-mode.md
@ -1,7 +1,7 @@
 ---
-title: Configure Take a Test in kiosk mode
+title: Configure Take a Test in Kiosk Mode
-description: Learn how to configure Windows to execute the Take a Test app in kiosk mode, using Intune and provisioning packages.
+description: Learn how to configure Windows to execute the Take a Test app in kiosk mode using different methods.
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ms.topic: how-to
 ---
@ -11,10 +11,11 @@ Executing Take a Test in kiosk mode is the recommended option for high stakes as
 The configuration of Take a Test in kiosk mode can be done using:
- Microsoft Intune/MDM
+- Microsoft Intune
- a provisioning package (PPKG)
+- Configuration service provider (CSP)
 - A provisioning package (PPKG)
 - PowerShell
- the Settings app
+- The Settings app
 When using the Settings app, you can configure Take a Test in kiosk mode using a local account only. This option is recommended for devices that aren't managed.
 The other options allow you to configure Take a Test in kiosk mode using a local account, an account defined in the directory, or a guest account.
@ -26,19 +27,7 @@ The other options allow you to configure Take a Test in kiosk mode using a local
 Follow the instructions below to configure your devices, selecting the option that best suits your needs.
-# [:::image type="icon" source="images/icons/intune.svg"::: **Intune/CSP**](#tab/intune)
+# [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
 You can use Intune for Education or a custom profile in Microsoft Intune:
 - Intune for Education provides a simpler experience
 - A custom profile provides more flexibility and controls over the configuration
 > [!IMPORTANT]
 > Currently, the policy created in Intune for Education is applicable to Windows 10 and Windows 11 only. **It will not apply to Windows 11 SE devices.**
 >
 > If you want to configure Take a Test for Windows 11 SE devices, you must use a custom policy.
 ### Configure Take a Test from Intune for Education
 To configure devices using Intune for Education, follow these steps:
@ -51,23 +40,19 @@ To configure devices using Intune for Education, follow these steps:
 :::image type="content" source="./images/takeatest/intune-education-take-a-test-profile.png" alt-text="Intune for Education - creation of a Take a Test profile." lightbox="./images/takeatest/intune-education-take-a-test-profile.png" border="true":::
-### Configure Take a Test with a custom policy
+# [:::image type="icon" source="images/icons/csp.svg"::: **CSP**](#tab/csp)
-[!INCLUDE [intune-custom-settings-1](../../includes/configure/intune-custom-settings-1.md)]
+To configure devices using configuration service providers, use the following settings:
 | Setting |
 |--------|
-| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn`** </li><li> Data type: **Integer** </li><li>Value: **1**</li>|
+| - **OMA-URI:** `./Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/`[InteractiveLogon_DoNotDisplayLastSignedIn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#interactivelogon_donotdisplaylastsignedin) <br>- **Data type:** Integer <br>- **Value:** `1`|
-| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/WindowsLogon/HideFastUserSwitching`** </li><li> Data type: **Integer**</li><li>Value: **1**</li>|
+| - **OMA-URI:** `./Vendor/MSFT/Policy/Config/WindowsLogon/`[HideFastUserSwitching](/windows/client-management/mdm/policy-csp-windowslogon#hidefastuserswitching) <br>- **Data type:** Integer<br>- **Value:** `1`|
-| <li> OMA-URI: **`./Vendor/MSFT/SharedPC/AccountModel`**</li><li>Data type: **Integer** </li><li> Value: **1**</li>|
+| - **OMA-URI:** `./Vendor/MSFT/SharedPC/`[AccountModel](/windows/client-management/mdm/sharedpc-csp#accountmodel)<br>- **Data type:** Integer <br>- **Value:** `1`|
-| <li> OMA-URI: **`./Vendor/MSFT/SharedPC/EnableAccountManager`**</li><li>Data type: **Boolean** </li><li> Value: **True**</li>|
+| - **OMA-URI:** `./Vendor/MSFT/SharedPC/`[EnableAccountManager](/windows/client-management/mdm/sharedpc-csp#enableaccountmanager)<br>- **Data type:** Boolean <br>- **Value:** `True`|
-| <li> OMA-URI: **`./Vendor/MSFT/SharedPC/KioskModeAUMID`**</li><li>Data type: **String** </li><li> Value: **Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App**</li>|
+| - **OMA-URI:** `./Vendor/MSFT/SharedPC/`[KioskModeAUMID](/windows/client-management/mdm/sharedpc-csp#kioskmodeaumid)<br>- **Data type:** String <br>- **Value:** `Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App`|
-| <li> OMA-URI: **`./Vendor/MSFT/SharedPC/KioskModeUserTileDisplayText`** </li><li>Data type: **String** </li><li> Value: **Take a Test** (or a string of your choice to display in the sing-in screen)</li>|
+| - **OMA-URI:** `./Vendor/MSFT/SharedPC/`[KioskModeUserTileDisplayText](/windows/client-management/mdm/sharedpc-csp#KioskModeUserTileDisplayText) <br>- **Data type:** String <br>- **Value:** **Take a Test** (or a string of your choice to display in the sing-in screen)|
-| <li> OMA-URI: **`./Vendor/MSFT/SecureAssessment/LaunchURI`** </li><li>Data type: **String** </li><li> Value: **\<provide testing URL>**</li>|
+| - **OMA-URI:** `./Vendor/MSFT/SecureAssessment/`[LaunchURI](/windows/client-management/mdm/sharedpc-csp#LaunchURI) <br>- **Data type:** String <br>- **Value:** \<testing URL>|
 :::image type="content" source="./images/takeatest/intune-take-a-test-custom-profile.png" alt-text="Intune portal - creation of a custom policy to configure Take a Test." lightbox="./images/takeatest/intune-take-a-test-custom-profile.png" border="true":::
 [!INCLUDE [intune-custom-settings-2](../../includes/configure/intune-custom-settings-2.md)]
 # [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
@ -88,13 +73,13 @@ Create a provisioning package using the Set up School PCs app, configuring the s
 | Setting |
 |--------|
-| <li> Path: **`Policies/LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn`** </li><li>Value: **Enabled**</li>|
+| - Path: `Policies/LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn` <br>- **Value:** `Enabled`|
-| <li> Path: **`Policies/WindowsLogon/HideFastUserSwitching`** </li><li>Value: **True**</li>|
+| - Path: `Policies/WindowsLogon/HideFastUserSwitching` <br>- **Value:** True|
-| <li> Path: **`SharedPC/AccountManagement/AccountModel`** </li><li>Value: **Domain-joined only**</li>|
+| - Path: `SharedPC/AccountManagement/AccountModel` <br>- **Value:** Domain-joined only|
-| <li> Path: **`SharedPC/AccountManagement/EnableAccountManager`** </li><li>Value: **True**</li>|
+| - Path: `SharedPC/AccountManagement/EnableAccountManager` <br>- **Value:** True|
-| <li> Path: **`SharedPC/AccountManagement/KioskModeAUMID`** </li><li>Value: **Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App**</li>|
+| - Path: `SharedPC/AccountManagement/KioskModeAUMID` <br>- **Value:** **Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App**|
-| <li> Path: **`SharedPC/AccountManagement/KioskModeUserTileDisplayText`** </li><li>Value: **Take a Test** (or a string of your choice to display in the sing-in screen)</li>|
+| - Path: `SharedPC/AccountManagement/KioskModeUserTileDisplayText` <br>- **Value:** Take a Test (or a string of your choice to display in the sing-in screen)|
-| <li> Path: **`TakeATest/LaunchURI/`** </li><li>Value: **\<provide testing URL>**</li>|
+| - Path: `TakeATest/LaunchURI/` <br>- **Value:** \<testing URL>|
 :::image type="content" source="./images/takeatest/wcd-take-a-test.png" alt-text="Windows Configuration Designer - configuration of policies to enable Take a Test to run in kiosk mode" lightbox="./images/takeatest/wcd-take-a-test.png" border="true":::
--- a/education/windows/images/icons/csp.svg
+++ b/education/windows/images/icons/csp.svg
@ -0,0 +1,10 @@
 <svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
 <g clip-path="url(#clip0_461_479)">
 <path d="M9.01098 0.225006C9.67158 0.23262 10.3296 0.30894 10.9743 0.452742C11.2558 0.515517 11.4663 0.750165 11.4982 1.03677L11.6514 2.41094C11.7208 3.04188 12.2535 3.51976 12.8885 3.52043C13.0593 3.5207 13.2281 3.48515 13.3859 3.41535L14.6464 2.86161C14.9086 2.74644 15.215 2.80923 15.4106 3.01826C16.3216 3.99118 17 5.15804 17.3949 6.43103C17.4801 6.70553 17.3821 7.00383 17.1508 7.17436L16.0334 7.99795C15.7146 8.23213 15.5264 8.60401 15.5264 8.99956C15.5264 9.39502 15.7146 9.7669 16.0341 10.0016L17.1524 10.8255C17.3838 10.9959 17.4819 11.2943 17.3967 11.5689C17.002 12.8417 16.3239 14.0084 15.4135 14.9815C15.218 15.1905 14.9119 15.2535 14.6498 15.1385L13.3841 14.5841C13.0219 14.4256 12.6061 14.4488 12.2639 14.6466C11.9217 14.8443 11.694 15.1931 11.6505 15.5859L11.4983 16.96C11.4669 17.2433 11.261 17.4764 10.9836 17.5424C9.68004 17.8525 8.32185 17.8525 7.01823 17.5424C6.74092 17.4764 6.53495 17.2433 6.50356 16.96L6.35162 15.588C6.30699 15.1959 6.07891 14.8482 5.73698 14.6511C5.39506 14.454 4.97988 14.4309 4.61898 14.5885L3.35301 15.143C3.0908 15.258 2.78463 15.195 2.5891 14.9858C1.67816 14.0117 1.00007 12.8435 0.605881 11.5693C0.520975 11.2949 0.619075 10.9967 0.850366 10.8264L1.96936 10.002C2.28809 9.7678 2.47632 9.39592 2.47632 9.00046C2.47632 8.60491 2.28809 8.23303 1.96894 7.99858L0.850645 7.17557C0.619021 7.00511 0.520831 6.70661 0.606034 6.43193C1.00091 5.15894 1.67935 3.99208 2.59032 3.01916C2.78603 2.81013 3.09235 2.74734 3.35452 2.86251L4.61486 3.41615C4.97751 3.57531 5.39442 3.55127 5.73819 3.35043C6.08048 3.15189 6.30836 2.8028 6.35235 2.40988L6.50542 1.03677C6.53739 0.750021 6.74807 0.515292 7.02972 0.452652C7.67529 0.309084 8.334 0.232791 9.01098 0.225006ZM8.99973 6.29996C7.50852 6.29996 6.29973 7.5088 6.29973 9.00001C6.29973 10.4911 7.50852 11.7 8.99973 11.7C10.4909 11.7 11.6997 10.4911 11.6997 9.00001C11.6997 7.5088 10.4909 6.29996 8.99973 6.29996Z" fill="#0883D9"/>
 </g>
 <defs>
 <clipPath id="clip0_461_479">
 <rect width="18" height="18" fill="white"/>
 </clipPath>
 </defs>
 </svg>
--- a/education/windows/images/takeatest/intune-take-a-test-custom-profile.png
+++ b/education/windows/images/takeatest/intune-take-a-test-custom-profile.png
--- a/education/windows/take-a-test-app-technical.md
+++ b/education/windows/take-a-test-app-technical.md
@ -1,7 +1,7 @@
 ---
-title: Take a Test app technical reference
+title: Take a Test App Technical Reference
 description: List of policies and settings applied by the Take a Test app.
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ms.topic: reference
 ---
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@ -1,7 +1,7 @@
 ---
 title: BitLocker CSP
 description: Learn more about the BitLocker CSP.
-ms.date: 03/12/2025
+ms.date: 04/04/2025
 ms.topic: generated-reference
 ---
@ -175,7 +175,7 @@ The expected values for this policy are:
 1 = This is the default, when the policy isn't set. Warning prompt and encryption notification is allowed.
-0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update, the value 0 only takes effect on Microsoft Entra joined devices.
+0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update, the value 0 only takes effect on Entra ID joined devices.
 Windows will attempt to silently enable BitLocker for value 0.
 <!-- Device-AllowWarningForOtherDiskEncryption-Description-End -->
@ -209,7 +209,7 @@ Windows will attempt to silently enable BitLocker for value 0.
 | Value | Description |
 |:--|:--|
-| 0 | Disables the warning prompt. Starting in Windows 10, version 1803, the value 0 can only be set for Microsoft Entra joined devices. Windows will attempt to silently enable BitLocker for value 0. |
+| 0 | Disables the warning prompt. Starting in Windows 10, version 1803, the value 0 can only be set for Entra ID joined devices. Windows will attempt to silently enable BitLocker for value 0. |
 | 1 (Default) | Warning prompt allowed. |
 <!-- Device-AllowWarningForOtherDiskEncryption-AllowedValues-End -->
@ -251,9 +251,9 @@ Windows will attempt to silently enable BitLocker for value 0.
 <!-- Device-ConfigureRecoveryPasswordRotation-Description-Begin -->
 <!-- Description-Source-DDF -->
-Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on Microsoft Entra ID and hybrid domain joined devices.
+Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on Entra ID and hybrid domain joined devices.
-When not configured, Rotation is turned on by default for Microsoft Entra ID only and off on hybrid. The Policy will be effective only when Active Directory back up for recovery password is configured to required.
+When not configured, Rotation is turned on by default for Entra ID only and off on hybrid. The Policy will be effective only when Active Directory back up for recovery password is configured to required.
 For OS drive: Turn on "Do not enable BitLocker until recovery information is stored to AD DS for operating system drives".
@ -261,8 +261,8 @@ For Fixed drives: Turn on "Do not enable BitLocker until recovery information is
 Supported Values: 0 - Numeric Recovery Passwords rotation OFF.
-1 - Numeric Recovery Passwords Rotation upon use ON for Microsoft Entra joined devices. Default value
+1 - Numeric Recovery Passwords Rotation upon use ON for Entra ID joined devices. Default value
-2 - Numeric Recovery Passwords Rotation upon use ON for both Microsoft Entra ID and hybrid devices.
+2 - Numeric Recovery Passwords Rotation upon use ON for both Entra ID and hybrid devices.
 <!-- Device-ConfigureRecoveryPasswordRotation-Description-End -->
 <!-- Device-ConfigureRecoveryPasswordRotation-Editable-Begin -->
@ -285,8 +285,8 @@ Supported Values: 0 - Numeric Recovery Passwords rotation OFF.
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Refresh off (default). |
-| 1 | Refresh on for Microsoft Entra joined devices. |
+| 1 | Refresh on for Entra ID-joined devices. |
-| 2 | Refresh on for both Microsoft Entra joined and hybrid-joined devices. |
+| 2 | Refresh on for both Entra ID-joined and hybrid-joined devices. |
 <!-- Device-ConfigureRecoveryPasswordRotation-AllowedValues-End -->
 <!-- Device-ConfigureRecoveryPasswordRotation-Examples-Begin -->
@ -1212,7 +1212,7 @@ Disabling the policy won't turn off the encryption on the storage card. But will
 <!-- Device-RotateRecoveryPasswords-Description-Begin -->
 <!-- Description-Source-DDF -->
-Allows admin to push one-time rotation of all numeric recovery passwords for OS and Fixed Data drives on a Microsoft Entra ID or hybrid-joined device.
+Allows admin to push one-time rotation of all numeric recovery passwords for OS and Fixed Data drives on an Entra ID or hybrid-joined device.
 This policy is Execute type and rotates all numeric passwords when issued from MDM tools.
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: BitLocker DDF file
 description: View the XML file containing the device description framework (DDF) for the BitLocker configuration service provider.
-ms.date: 02/13/2025
+ms.date: 04/04/2025
 ms.topic: generated-reference
 ---
@ -580,7 +580,7 @@ The following XML file contains the device description framework (DDF) for the B
                         1 = This is the default, when the policy is not set. Warning prompt and encryption notification is allowed.
                         0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update, 
-                             the value 0 only takes affect on Azure Active Directory joined devices. 
+                             the value 0 only takes affect on Entra ID joined devices. 
                             Windows will attempt to silently enable BitLocker for value 0.
                         If you want to disable this policy use the following SyncML:
@ -600,7 +600,7 @@ The following XML file contains the device description framework (DDF) for the B
        <MSFT:AllowedValues ValueType="ENUM">
          <MSFT:Enum>
            <MSFT:Value>0</MSFT:Value>
-            <MSFT:ValueDescription>Disables the warning prompt. Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. Windows will attempt to silently enable BitLocker for value 0.</MSFT:ValueDescription>
+            <MSFT:ValueDescription>Disables the warning prompt. Starting in Windows 10, version 1803, the value 0 can only be set for Entra ID joined devices. Windows will attempt to silently enable BitLocker for value 0.</MSFT:ValueDescription>
          </MSFT:Enum>
          <MSFT:Enum>
            <MSFT:Value>1</MSFT:Value>
@ -680,15 +680,15 @@ The following XML file contains the device description framework (DDF) for the B
          <Replace />
        </AccessType>
        <DefaultValue>0</DefaultValue>
-        <Description> Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on AAD and Hybrid domain joined devices.
+        <Description> Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on Entra ID and Hybrid domain joined devices.
-                          When not configured, Rotation is turned on by default for AAD only and off on Hybrid. The Policy will be effective only when 
+                          When not configured, Rotation is turned on by default for Entra ID only and off on Hybrid. The Policy will be effective only when 
                          Active Directory back up for recovery password is configured to required.
                          For OS drive: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for operating system drives"
                          For Fixed drives: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for fixed data drives"
                          Supported Values: 0 - Numeric Recovery Passwords rotation OFF.
-                                            1 - Numeric Recovery Passwords Rotation upon use ON for AAD joined devices. Default value
+                                            1 - Numeric Recovery Passwords Rotation upon use ON for Entra ID joined devices. Default value
-                                            2 - Numeric Recovery Passwords Rotation upon use ON for both AAD and Hybrid devices
+                                            2 - Numeric Recovery Passwords Rotation upon use ON for both Entra ID and Hybrid devices
                         If you want to disable this policy use the following SyncML:
@ -716,11 +716,11 @@ The following XML file contains the device description framework (DDF) for the B
          </MSFT:Enum>
          <MSFT:Enum>
            <MSFT:Value>1</MSFT:Value>
-            <MSFT:ValueDescription>Refresh on for Azure AD-joined devices</MSFT:ValueDescription>
+            <MSFT:ValueDescription>Refresh on for Entra ID-joined devices</MSFT:ValueDescription>
          </MSFT:Enum>
          <MSFT:Enum>
            <MSFT:Value>2</MSFT:Value>
-            <MSFT:ValueDescription>Refresh on for both Azure AD-joined and hybrid-joined devices</MSFT:ValueDescription>
+            <MSFT:ValueDescription>Refresh on for both Entra ID-joined and hybrid-joined devices</MSFT:ValueDescription>
          </MSFT:Enum>
        </MSFT:AllowedValues>
      </DFProperties>
@ -731,7 +731,7 @@ The following XML file contains the device description framework (DDF) for the B
        <AccessType>
          <Exec />
        </AccessType>
-        <Description> Allows admin to push one-time rotation of all numeric recovery passwords for OS and Fixed Data drives on an Azure Active Directory or hybrid-joined device.
+        <Description> Allows admin to push one-time rotation of all numeric recovery passwords for OS and Fixed Data drives on an Entra ID or hybrid-joined device.
                          This policy is Execute type and rotates all numeric passwords when issued from MDM tools.
 The policy only comes into effect when Active Directory backup for a recovery password is configured to "required."
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@ -1,7 +1,7 @@
 ---
 title: Firewall CSP
 description: Learn more about the Firewall CSP.
-ms.date: 03/12/2025
+ms.date: 04/04/2025
 ms.topic: generated-reference
 ---
@ -1896,9 +1896,7 @@ New rules have the EdgeTraversal property disabled by default.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Enabled-Description-Begin -->
 <!-- Description-Source-DDF -->
-Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true.
+Indicates whether the rule is enabled or disabled. If not specified - a new rule is enabled by default.
 If not specified - a new rule is disabled by default.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Enabled-Description-End -->
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Enabled-Editable-Begin -->
@ -3254,9 +3252,7 @@ If not specified the default is OUT.
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Enabled-Description-Begin -->
 <!-- Description-Source-DDF -->
-Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true.
+Indicates whether the rule is enabled or disabled. If not specified - a new rule is enabled by default.
 If not specified - a new rule is disabled by default.
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Enabled-Description-End -->
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Enabled-Editable-Begin -->
--- a/windows/client-management/mdm/firewall-ddf-file.md
+++ b/windows/client-management/mdm/firewall-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: Firewall DDF file
 description: View the XML file containing the device description framework (DDF) for the Firewall configuration service provider.
-ms.date: 02/13/2025
+ms.date: 04/04/2025
 ms.topic: generated-reference
 ---
@ -4060,8 +4060,7 @@ An IPv6 address range in the format of "start address - end address" with no spa
                <Get />
                <Replace />
              </AccessType>
-              <Description>Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true.
+              <Description>Indicates whether the rule is enabled or disabled. If not specified - a new rule is enabled by default.</Description>
 If not specified - a new rule is disabled by default.</Description>
              <DFFormat>
                <bool />
              </DFFormat>
@ -4760,8 +4759,7 @@ An IPv6 address range in the format of "start address - end address" with no spa
                <Get />
                <Replace />
              </AccessType>
-              <Description>Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true.
+              <Description>Indicates whether the rule is enabled or disabled. If not specified - a new rule is enabled by default.</Description>
 If not specified - a new rule is disabled by default.</Description>
              <DFFormat>
                <bool />
              </DFFormat>
--- a/windows/client-management/mdm/policies-in-preview.md
+++ b/windows/client-management/mdm/policies-in-preview.md
@ -1,7 +1,7 @@
 ---
 title: Configuration service provider preview policies
 description: Learn more about configuration service provider (CSP) policies that are available for Windows Insider Preview.
-ms.date: 03/26/2025
+ms.date: 04/04/2025
 ms.topic: generated-reference
 ---
@ -23,6 +23,7 @@ This article lists the policies that are applicable for Windows Insider Preview
 ## ApplicationManagement
 - [AllowedNonAdminPackageFamilyNameRules](policy-csp-applicationmanagement.md#allowednonadminpackagefamilynamerules)
 - [ConfigureMSIXAuthenticationAuthorizedDomains](policy-csp-applicationmanagement.md#configuremsixauthenticationauthorizeddomains)
 ## ClientCertificateInstall CSP
@ -92,9 +93,8 @@ This article lists the policies that are applicable for Windows Insider Preview
 ## HumanPresence
- [ForcePrivacyScreen](policy-csp-humanpresence.md#forceprivacyscreen)
+- [ForceOnlookerDetection](policy-csp-humanpresence.md#forceonlookerdetection)
- [ForcePrivacyScreenDim](policy-csp-humanpresence.md#forceprivacyscreendim)
+- [ForceOnlookerDetectionAction](policy-csp-humanpresence.md#forceonlookerdetectionaction)
 - [ForcePrivacyScreenNotification](policy-csp-humanpresence.md#forceprivacyscreennotification)
 ## InternetExplorer
@ -111,6 +111,16 @@ This article lists the policies that are applicable for Windows Insider Preview
 - [StartInstallation](language-pack-management-csp.md#installlanguage-idstartinstallation)
 - [SystemPreferredUILanguages](language-pack-management-csp.md#languagesettingssystempreferreduilanguages)
 ## LanmanWorkstation
 - [AuditInsecureGuestLogon](policy-csp-lanmanworkstation.md#auditinsecureguestlogon)
 - [AuditServerDoesNotSupportEncryption](policy-csp-lanmanworkstation.md#auditserverdoesnotsupportencryption)
 - [AuditServerDoesNotSupportSigning](policy-csp-lanmanworkstation.md#auditserverdoesnotsupportsigning)
 - [EnableMailslots](policy-csp-lanmanworkstation.md#enablemailslots)
 - [MaxSmb2Dialect](policy-csp-lanmanworkstation.md#maxsmb2dialect)
 - [MinSmb2Dialect](policy-csp-lanmanworkstation.md#minsmb2dialect)
 - [RequireEncryption](policy-csp-lanmanworkstation.md#requireencryption)
 ## LocalPoliciesSecurityOptions
 - [InteractiveLogon_NumberOfPreviousLogonsToCache](policy-csp-localpoliciessecurityoptions.md#interactivelogon_numberofpreviouslogonstocache)
@ -133,6 +143,10 @@ This article lists the policies that are applicable for Windows Insider Preview
 - [DisablePostLogonProvisioning](passportforwork-csp.md#devicetenantidpoliciesdisablepostlogonprovisioning)
 ## Power
 - [EnableEnergySaver](policy-csp-power.md#enableenergysaver)
 ## Printers
 - [ConfigureIppTlsCertificatePolicy](policy-csp-printers.md#configureipptlscertificatepolicy)
@ -165,6 +179,10 @@ This article lists the policies that are applicable for Windows Insider Preview
 - [ExchangeModernAuthEnabled](surfacehub-csp.md#deviceaccountexchangemodernauthenabled)
 ## System
 - [DisableCHPE](policy-csp-system.md#disablechpe)
 ## TextInput
 - [TouchKeyboardControllerModeAvailability](policy-csp-textinput.md#touchkeyboardcontrollermodeavailability)
@ -180,10 +198,12 @@ This article lists the policies that are applicable for Windows Insider Preview
 ## WindowsAI
 - [DisableAIDataAnalysis](policy-csp-windowsai.md#disableaidataanalysis)
 - [SetDenyAppListForRecall](policy-csp-windowsai.md#setdenyapplistforrecall)
 - [SetDenyUriListForRecall](policy-csp-windowsai.md#setdenyurilistforrecall)
 - [SetMaximumStorageSpaceForRecallSnapshots](policy-csp-windowsai.md#setmaximumstoragespaceforrecallsnapshots)
 - [SetMaximumStorageDurationForRecallSnapshots](policy-csp-windowsai.md#setmaximumstoragedurationforrecallsnapshots)
 - [DisableClickToDo](policy-csp-windowsai.md#disableclicktodo)
 - [DisableImageCreator](policy-csp-windowsai.md#disableimagecreator)
 - [DisableCocreator](policy-csp-windowsai.md#disablecocreator)
 - [DisableGenerativeFill](policy-csp-windowsai.md#disablegenerativefill)
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@ -1,7 +1,7 @@
 ---
 title: ApplicationManagement Policy CSP
 description: Learn more about the ApplicationManagement Area in Policy CSP.
-ms.date: 03/12/2025
+ms.date: 04/04/2025
 ms.topic: generated-reference
 ---
@ -635,6 +635,54 @@ Manages non-Administrator users' ability to install Windows app packages.
 <!-- BlockNonAdminUserInstall-End -->
 <!-- ConfigureMSIXAuthenticationAuthorizedDomains-Begin -->
 ## ConfigureMSIXAuthenticationAuthorizedDomains
 <!-- ConfigureMSIXAuthenticationAuthorizedDomains-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- ConfigureMSIXAuthenticationAuthorizedDomains-Applicability-End -->
 <!-- ConfigureMSIXAuthenticationAuthorizedDomains-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ApplicationManagement/ConfigureMSIXAuthenticationAuthorizedDomains
 ```
 <!-- ConfigureMSIXAuthenticationAuthorizedDomains-OmaUri-End -->
 <!-- ConfigureMSIXAuthenticationAuthorizedDomains-Description-Begin -->
 <!-- Description-Source-DDF -->
 Defines a regular expression in ECMA Script. When performing a streaming MSIX install, if this regular expression matches the domain name (uppercased) then the user's EntraID OAuth token will be attached to the request.
 <!-- ConfigureMSIXAuthenticationAuthorizedDomains-Description-End -->
 <!-- ConfigureMSIXAuthenticationAuthorizedDomains-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- ConfigureMSIXAuthenticationAuthorizedDomains-Editable-End -->
 <!-- ConfigureMSIXAuthenticationAuthorizedDomains-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `chr` (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- ConfigureMSIXAuthenticationAuthorizedDomains-DFProperties-End -->
 <!-- ConfigureMSIXAuthenticationAuthorizedDomains-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | ConfigureMSIXAuthenticationAuthorizedDomains |
 | Path | AppxPackageManager > AT > WindowsComponents > AppxDeployment |
 <!-- ConfigureMSIXAuthenticationAuthorizedDomains-GpMapping-End -->
 <!-- ConfigureMSIXAuthenticationAuthorizedDomains-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- ConfigureMSIXAuthenticationAuthorizedDomains-Examples-End -->
 <!-- ConfigureMSIXAuthenticationAuthorizedDomains-End -->
 <!-- DisableStoreOriginatedApps-Begin -->
 ## DisableStoreOriginatedApps
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@ -1,7 +1,7 @@
 ---
 title: Defender Policy CSP
 description: Learn more about the Defender Area in Policy CSP.
-ms.date: 03/12/2025
+ms.date: 04/04/2025
 ms.topic: generated-reference
 ---
@ -728,7 +728,7 @@ This policy setting allows you to configure scheduled scans and on-demand (manua
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
-| Default Value  | 0 |
+| Default Value  | 1 |
 <!-- AllowScanningNetworkFiles-DFProperties-End -->
 <!-- AllowScanningNetworkFiles-AllowedValues-Begin -->
@ -736,8 +736,8 @@ This policy setting allows you to configure scheduled scans and on-demand (manua
 | Value | Description |
 |:--|:--|
-| 0 (Default) | Not allowed. Turns off scanning of network files. |
+| 0 | Not allowed. Turns off scanning of network files. |
-| 1 | Allowed. Scans network files. |
+| 1 (Default) | Allowed. Scans network files. |
 <!-- AllowScanningNetworkFiles-AllowedValues-End -->
 <!-- AllowScanningNetworkFiles-GpMapping-Begin -->
--- a/windows/client-management/mdm/policy-csp-humanpresence.md
+++ b/windows/client-management/mdm/policy-csp-humanpresence.md
@ -1,7 +1,7 @@
 ---
 title: HumanPresence Policy CSP
 description: Learn more about the HumanPresence Area in Policy CSP.
-ms.date: 03/12/2025
+ms.date: 04/04/2025
 ms.topic: generated-reference
 ---
@ -529,31 +529,31 @@ Determines the timeout for Lock on Leave forced by the MDM policy. The user will
 <!-- ForceLockTimeout-End -->
-<!-- ForcePrivacyScreen-Begin -->
+<!-- ForceOnlookerDetection-Begin -->
-## ForcePrivacyScreen
+## ForceOnlookerDetection
-<!-- ForcePrivacyScreen-Applicability-Begin -->
+<!-- ForceOnlookerDetection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-<!-- ForcePrivacyScreen-Applicability-End -->
+<!-- ForceOnlookerDetection-Applicability-End -->
-<!-- ForcePrivacyScreen-OmaUri-Begin -->
+<!-- ForceOnlookerDetection-OmaUri-Begin -->
 ```Device
-./Device/Vendor/MSFT/Policy/Config/HumanPresence/ForcePrivacyScreen
+./Device/Vendor/MSFT/Policy/Config/HumanPresence/ForceOnlookerDetection
 ```
-<!-- ForcePrivacyScreen-OmaUri-End -->
+<!-- ForceOnlookerDetection-OmaUri-End -->
-<!-- ForcePrivacyScreen-Description-Begin -->
+<!-- ForceOnlookerDetection-Description-Begin -->
 <!-- Description-Source-DDF -->
 Determines whether detect when other people are looking at my screen is forced on/off by the MDM policy. The user won't be able to change this setting and the UI will be greyed out.
-<!-- ForcePrivacyScreen-Description-End -->
+<!-- ForceOnlookerDetection-Description-End -->
-<!-- ForcePrivacyScreen-Editable-Begin -->
+<!-- ForceOnlookerDetection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- ForcePrivacyScreen-Editable-End -->
+<!-- ForceOnlookerDetection-Editable-End -->
-<!-- ForcePrivacyScreen-DFProperties-Begin -->
+<!-- ForceOnlookerDetection-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
@ -561,9 +561,9 @@ Determines whether detect when other people are looking at my screen is forced o
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
-<!-- ForcePrivacyScreen-DFProperties-End -->
+<!-- ForceOnlookerDetection-DFProperties-End -->
-<!-- ForcePrivacyScreen-AllowedValues-Begin -->
+<!-- ForceOnlookerDetection-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
@ -571,48 +571,48 @@ Determines whether detect when other people are looking at my screen is forced o
 | 2 | ForcedOff. |
 | 1 | ForcedOn. |
 | 0 (Default) | DefaultToUserChoice. |
-<!-- ForcePrivacyScreen-AllowedValues-End -->
+<!-- ForceOnlookerDetection-AllowedValues-End -->
-<!-- ForcePrivacyScreen-GpMapping-Begin -->
+<!-- ForceOnlookerDetection-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
-| Name | ForcePrivacyScreen |
+| Name | ForceOnlookerDetection |
 | Path | Sensors > AT > WindowsComponents > HumanPresence |
-<!-- ForcePrivacyScreen-GpMapping-End -->
+<!-- ForceOnlookerDetection-GpMapping-End -->
-<!-- ForcePrivacyScreen-Examples-Begin -->
+<!-- ForceOnlookerDetection-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- ForcePrivacyScreen-Examples-End -->
+<!-- ForceOnlookerDetection-Examples-End -->
-<!-- ForcePrivacyScreen-End -->
+<!-- ForceOnlookerDetection-End -->
-<!-- ForcePrivacyScreenDim-Begin -->
+<!-- ForceOnlookerDetectionAction-Begin -->
-## ForcePrivacyScreenDim
+## ForceOnlookerDetectionAction
-<!-- ForcePrivacyScreenDim-Applicability-Begin -->
+<!-- ForceOnlookerDetectionAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-<!-- ForcePrivacyScreenDim-Applicability-End -->
+<!-- ForceOnlookerDetectionAction-Applicability-End -->
-<!-- ForcePrivacyScreenDim-OmaUri-Begin -->
+<!-- ForceOnlookerDetectionAction-OmaUri-Begin -->
 ```Device
-./Device/Vendor/MSFT/Policy/Config/HumanPresence/ForcePrivacyScreenDim
+./Device/Vendor/MSFT/Policy/Config/HumanPresence/ForceOnlookerDetectionAction
 ```
-<!-- ForcePrivacyScreenDim-OmaUri-End -->
+<!-- ForceOnlookerDetectionAction-OmaUri-End -->
-<!-- ForcePrivacyScreenDim-Description-Begin -->
+<!-- ForceOnlookerDetectionAction-Description-Begin -->
 <!-- Description-Source-DDF -->
-Determines whether dim the screen when other people are looking at my screen checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
+Determines whether the Onlooker Detection action is forced by the MDM policy. The user won't be able to change this setting and the toggle in the UI will be greyed out.
-<!-- ForcePrivacyScreenDim-Description-End -->
+<!-- ForceOnlookerDetectionAction-Description-End -->
-<!-- ForcePrivacyScreenDim-Editable-Begin -->
+<!-- ForceOnlookerDetectionAction-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- ForcePrivacyScreenDim-Editable-End -->
+<!-- ForceOnlookerDetectionAction-Editable-End -->
-<!-- ForcePrivacyScreenDim-DFProperties-Begin -->
+<!-- ForceOnlookerDetectionAction-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
@ -620,91 +620,33 @@ Determines whether dim the screen when other people are looking at my screen che
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
-<!-- ForcePrivacyScreenDim-DFProperties-End -->
+<!-- ForceOnlookerDetectionAction-DFProperties-End -->
-<!-- ForcePrivacyScreenDim-AllowedValues-Begin -->
+<!-- ForceOnlookerDetectionAction-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
-| 2 | ForcedUnchecked. |
+| 3 | ForcedDimAndNotify. |
-| 1 | ForcedChecked. |
+| 2 | ForcedNotify. |
 | 1 | ForcedDim. |
 | 0 (Default) | DefaultToUserChoice. |
-<!-- ForcePrivacyScreenDim-AllowedValues-End -->
+<!-- ForceOnlookerDetectionAction-AllowedValues-End -->
-<!-- ForcePrivacyScreenDim-GpMapping-Begin -->
+<!-- ForceOnlookerDetectionAction-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
-| Name | ForcePrivacyScreenDim |
+| Name | ForceOnlookerDetectionAction |
 | Path | Sensors > AT > WindowsComponents > HumanPresence |
-<!-- ForcePrivacyScreenDim-GpMapping-End -->
+<!-- ForceOnlookerDetectionAction-GpMapping-End -->
-<!-- ForcePrivacyScreenDim-Examples-Begin -->
+<!-- ForceOnlookerDetectionAction-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- ForcePrivacyScreenDim-Examples-End -->
+<!-- ForceOnlookerDetectionAction-Examples-End -->
-<!-- ForcePrivacyScreenDim-End -->
+<!-- ForceOnlookerDetectionAction-End -->
 <!-- ForcePrivacyScreenNotification-Begin -->
 ## ForcePrivacyScreenNotification
 <!-- ForcePrivacyScreenNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- ForcePrivacyScreenNotification-Applicability-End -->
 <!-- ForcePrivacyScreenNotification-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/HumanPresence/ForcePrivacyScreenNotification
 ```
 <!-- ForcePrivacyScreenNotification-OmaUri-End -->
 <!-- ForcePrivacyScreenNotification-Description-Begin -->
 <!-- Description-Source-DDF -->
 Determines whether providing alert when people are looking at my screen checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
 <!-- ForcePrivacyScreenNotification-Description-End -->
 <!-- ForcePrivacyScreenNotification-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- ForcePrivacyScreenNotification-Editable-End -->
 <!-- ForcePrivacyScreenNotification-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- ForcePrivacyScreenNotification-DFProperties-End -->
 <!-- ForcePrivacyScreenNotification-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 2 | ForcedUnchecked. |
 | 1 | ForcedChecked. |
 | 0 (Default) | DefaultToUserChoice. |
 <!-- ForcePrivacyScreenNotification-AllowedValues-End -->
 <!-- ForcePrivacyScreenNotification-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | ForcePrivacyScreenNotification |
 | Path | Sensors > AT > WindowsComponents > HumanPresence |
 <!-- ForcePrivacyScreenNotification-GpMapping-End -->
 <!-- ForcePrivacyScreenNotification-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- ForcePrivacyScreenNotification-Examples-End -->
 <!-- ForcePrivacyScreenNotification-End -->
 <!-- HumanPresence-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
--- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
@ -1,7 +1,7 @@
 ---
 title: LanmanWorkstation Policy CSP
 description: Learn more about the LanmanWorkstation Area in Policy CSP.
-ms.date: 03/12/2025
+ms.date: 04/04/2025
 ms.topic: generated-reference
 ---
@ -10,10 +10,213 @@ ms.topic: generated-reference
 <!-- LanmanWorkstation-Begin -->
 # Policy CSP - LanmanWorkstation
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- LanmanWorkstation-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- LanmanWorkstation-Editable-End -->
 <!-- AuditInsecureGuestLogon-Begin -->
 ## AuditInsecureGuestLogon
 <!-- AuditInsecureGuestLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100.3613] and later <br> ✅ Windows Insider Preview |
 <!-- AuditInsecureGuestLogon-Applicability-End -->
 <!-- AuditInsecureGuestLogon-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/LanmanWorkstation/AuditInsecureGuestLogon
 ```
 <!-- AuditInsecureGuestLogon-OmaUri-End -->
 <!-- AuditInsecureGuestLogon-Description-Begin -->
 <!-- Description-Source-ADMX -->
 This policy controls whether the SMB client will enable the audit event when the client is logged-on as guest account.
 - If you enable this policy setting, the SMB client will log the event when the client is logged-on as guest account.
 - If you disable or don't configure this policy setting, the SMB client won't log the event.
 <!-- AuditInsecureGuestLogon-Description-End -->
 <!-- AuditInsecureGuestLogon-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- AuditInsecureGuestLogon-Editable-End -->
 <!-- AuditInsecureGuestLogon-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- AuditInsecureGuestLogon-DFProperties-End -->
 <!-- AuditInsecureGuestLogon-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Disabled. |
 | 1 | Enabled. |
 <!-- AuditInsecureGuestLogon-AllowedValues-End -->
 <!-- AuditInsecureGuestLogon-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | Pol_AuditInsecureGuestLogon |
 | Friendly Name | Audit insecure guest logon |
 | Location | Computer Configuration |
 | Path | Network > Lanman Workstation |
 | Registry Key Name | Software\Policies\Microsoft\Windows\LanmanWorkstation |
 | Registry Value Name | AuditInsecureGuestLogon |
 | ADMX File Name | LanmanWorkstation.admx |
 <!-- AuditInsecureGuestLogon-GpMapping-End -->
 <!-- AuditInsecureGuestLogon-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- AuditInsecureGuestLogon-Examples-End -->
 <!-- AuditInsecureGuestLogon-End -->
 <!-- AuditServerDoesNotSupportEncryption-Begin -->
 ## AuditServerDoesNotSupportEncryption
 <!-- AuditServerDoesNotSupportEncryption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100.3613] and later <br> ✅ Windows Insider Preview |
 <!-- AuditServerDoesNotSupportEncryption-Applicability-End -->
 <!-- AuditServerDoesNotSupportEncryption-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/LanmanWorkstation/AuditServerDoesNotSupportEncryption
 ```
 <!-- AuditServerDoesNotSupportEncryption-OmaUri-End -->
 <!-- AuditServerDoesNotSupportEncryption-Description-Begin -->
 <!-- Description-Source-ADMX -->
 This policy controls whether the SMB client will enable the audit event when the SMB server doesn't support encryption.
 - If you enable this policy setting, the SMB client will log the event when the SMB server doesn't support encryption.
 - If you disable or don't configure this policy setting, the SMB client won't log the event.
 <!-- AuditServerDoesNotSupportEncryption-Description-End -->
 <!-- AuditServerDoesNotSupportEncryption-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- AuditServerDoesNotSupportEncryption-Editable-End -->
 <!-- AuditServerDoesNotSupportEncryption-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- AuditServerDoesNotSupportEncryption-DFProperties-End -->
 <!-- AuditServerDoesNotSupportEncryption-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Disabled. |
 | 1 | Enabled. |
 <!-- AuditServerDoesNotSupportEncryption-AllowedValues-End -->
 <!-- AuditServerDoesNotSupportEncryption-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | Pol_AuditServerDoesNotSupportEncryption |
 | Friendly Name | Audit server does not support encryption |
 | Location | Computer Configuration |
 | Path | Network > Lanman Workstation |
 | Registry Key Name | Software\Policies\Microsoft\Windows\LanmanWorkstation |
 | Registry Value Name | AuditServerDoesNotSupportEncryption |
 | ADMX File Name | LanmanWorkstation.admx |
 <!-- AuditServerDoesNotSupportEncryption-GpMapping-End -->
 <!-- AuditServerDoesNotSupportEncryption-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- AuditServerDoesNotSupportEncryption-Examples-End -->
 <!-- AuditServerDoesNotSupportEncryption-End -->
 <!-- AuditServerDoesNotSupportSigning-Begin -->
 ## AuditServerDoesNotSupportSigning
 <!-- AuditServerDoesNotSupportSigning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100.3613] and later <br> ✅ Windows Insider Preview |
 <!-- AuditServerDoesNotSupportSigning-Applicability-End -->
 <!-- AuditServerDoesNotSupportSigning-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/LanmanWorkstation/AuditServerDoesNotSupportSigning
 ```
 <!-- AuditServerDoesNotSupportSigning-OmaUri-End -->
 <!-- AuditServerDoesNotSupportSigning-Description-Begin -->
 <!-- Description-Source-ADMX -->
 This policy controls whether the SMB client will enable the audit event when the SMB server doesn't support signing.
 - If you enable this policy setting, the SMB client will log the event when the SMB server doesn't support signing.
 - If you disable or don't configure this policy setting, the SMB client won't log the event.
 <!-- AuditServerDoesNotSupportSigning-Description-End -->
 <!-- AuditServerDoesNotSupportSigning-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- AuditServerDoesNotSupportSigning-Editable-End -->
 <!-- AuditServerDoesNotSupportSigning-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- AuditServerDoesNotSupportSigning-DFProperties-End -->
 <!-- AuditServerDoesNotSupportSigning-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Disabled. |
 | 1 | Enabled. |
 <!-- AuditServerDoesNotSupportSigning-AllowedValues-End -->
 <!-- AuditServerDoesNotSupportSigning-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | Pol_AuditServerDoesNotSupportSigning |
 | Friendly Name | Audit server does not support signing |
 | Location | Computer Configuration |
 | Path | Network > Lanman Workstation |
 | Registry Key Name | Software\Policies\Microsoft\Windows\LanmanWorkstation |
 | Registry Value Name | AuditServerDoesNotSupportSigning |
 | ADMX File Name | LanmanWorkstation.admx |
 <!-- AuditServerDoesNotSupportSigning-GpMapping-End -->
 <!-- AuditServerDoesNotSupportSigning-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- AuditServerDoesNotSupportSigning-Examples-End -->
 <!-- AuditServerDoesNotSupportSigning-End -->
 <!-- EnableInsecureGuestLogons-Begin -->
 ## EnableInsecureGuestLogons
@ -85,6 +288,282 @@ Insecure guest logons are used by file servers to allow unauthenticated access t
 <!-- EnableInsecureGuestLogons-End -->
 <!-- EnableMailslots-Begin -->
 ## EnableMailslots
 <!-- EnableMailslots-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100.3613] and later <br> ✅ Windows Insider Preview |
 <!-- EnableMailslots-Applicability-End -->
 <!-- EnableMailslots-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/LanmanWorkstation/EnableMailslots
 ```
 <!-- EnableMailslots-OmaUri-End -->
 <!-- EnableMailslots-Description-Begin -->
 <!-- Description-Source-ADMX -->
 This policy controls whether the SMB client will enable or disable remote mailslots over MUP.
 - If you disable this policy setting, remote mailslots won't function over MUP, hence they won't go through the SMB client redirector.
 - If you don't configure this policy setting, remote mailslots may be allowed through MUP.
 <!-- EnableMailslots-Description-End -->
 <!-- EnableMailslots-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- EnableMailslots-Editable-End -->
 <!-- EnableMailslots-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- EnableMailslots-DFProperties-End -->
 <!-- EnableMailslots-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Disabled. |
 | 1 | Enabled. |
 <!-- EnableMailslots-AllowedValues-End -->
 <!-- EnableMailslots-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | Pol_EnableMailslots |
 | Friendly Name | Enable remote mailslots |
 | Location | Computer Configuration |
 | Path | Network > Lanman Workstation |
 | Registry Key Name | Software\Policies\Microsoft\Windows\NetworkProvider |
 | Registry Value Name | EnableMailslots |
 | ADMX File Name | LanmanWorkstation.admx |
 <!-- EnableMailslots-GpMapping-End -->
 <!-- EnableMailslots-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- EnableMailslots-Examples-End -->
 <!-- EnableMailslots-End -->
 <!-- MaxSmb2Dialect-Begin -->
 ## MaxSmb2Dialect
 <!-- MaxSmb2Dialect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100.3613] and later <br> ✅ Windows Insider Preview |
 <!-- MaxSmb2Dialect-Applicability-End -->
 <!-- MaxSmb2Dialect-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/LanmanWorkstation/MaxSmb2Dialect
 ```
 <!-- MaxSmb2Dialect-OmaUri-End -->
 <!-- MaxSmb2Dialect-Description-Begin -->
 <!-- Description-Source-ADMX -->
 This policy controls the maximum version of SMB protocol.
 > [!NOTE]
 > This group policy doesn't prevent use of SMB 1 if that component is still installed and enabled.
 <!-- MaxSmb2Dialect-Description-End -->
 <!-- MaxSmb2Dialect-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- MaxSmb2Dialect-Editable-End -->
 <!-- MaxSmb2Dialect-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 785 |
 <!-- MaxSmb2Dialect-DFProperties-End -->
 <!-- MaxSmb2Dialect-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 514 | SMB 2.0.2. |
 | 528 | SMB 2.1.0. |
 | 768 | SMB 3.0.0. |
 | 770 | SMB 3.0.2. |
 | 785 (Default) | SMB 3.1.1. |
 <!-- MaxSmb2Dialect-AllowedValues-End -->
 <!-- MaxSmb2Dialect-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | Pol_MaxSmb2Dialect |
 | Friendly Name | Mandate the maximum version of SMB |
 | Location | Computer Configuration |
 | Path | Network > Lanman Workstation |
 | Registry Key Name | Software\Policies\Microsoft\Windows\LanmanWorkstation |
 | ADMX File Name | LanmanWorkstation.admx |
 <!-- MaxSmb2Dialect-GpMapping-End -->
 <!-- MaxSmb2Dialect-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- MaxSmb2Dialect-Examples-End -->
 <!-- MaxSmb2Dialect-End -->
 <!-- MinSmb2Dialect-Begin -->
 ## MinSmb2Dialect
 <!-- MinSmb2Dialect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100.3613] and later <br> ✅ Windows Insider Preview |
 <!-- MinSmb2Dialect-Applicability-End -->
 <!-- MinSmb2Dialect-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/LanmanWorkstation/MinSmb2Dialect
 ```
 <!-- MinSmb2Dialect-OmaUri-End -->
 <!-- MinSmb2Dialect-Description-Begin -->
 <!-- Description-Source-ADMX -->
 This policy controls the minimum version of SMB protocol.
 > [!NOTE]
 > This group policy doesn't prevent use of SMB 1 if that component is still installed and enabled.
 <!-- MinSmb2Dialect-Description-End -->
 <!-- MinSmb2Dialect-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- MinSmb2Dialect-Editable-End -->
 <!-- MinSmb2Dialect-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 514 |
 <!-- MinSmb2Dialect-DFProperties-End -->
 <!-- MinSmb2Dialect-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 514 (Default) | SMB 2.0.2. |
 | 528 | SMB 2.1.0. |
 | 768 | SMB 3.0.0. |
 | 770 | SMB 3.0.2. |
 | 785 | SMB 3.1.1. |
 <!-- MinSmb2Dialect-AllowedValues-End -->
 <!-- MinSmb2Dialect-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | Pol_MinSmb2Dialect |
 | Friendly Name | Mandate the minimum version of SMB |
 | Location | Computer Configuration |
 | Path | Network > Lanman Workstation |
 | Registry Key Name | Software\Policies\Microsoft\Windows\LanmanWorkstation |
 | ADMX File Name | LanmanWorkstation.admx |
 <!-- MinSmb2Dialect-GpMapping-End -->
 <!-- MinSmb2Dialect-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- MinSmb2Dialect-Examples-End -->
 <!-- MinSmb2Dialect-End -->
 <!-- RequireEncryption-Begin -->
 ## RequireEncryption
 <!-- RequireEncryption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100.3613] and later <br> ✅ Windows Insider Preview |
 <!-- RequireEncryption-Applicability-End -->
 <!-- RequireEncryption-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/LanmanWorkstation/RequireEncryption
 ```
 <!-- RequireEncryption-OmaUri-End -->
 <!-- RequireEncryption-Description-Begin -->
 <!-- Description-Source-ADMX -->
 This policy controls whether the SMB client will require encryption.
 - If you enable this policy setting, the SMB client will require the SMB server to support encryption and encrypt the data.
 - If you disable or don't configure this policy setting, the SMB client won't require encryption. However, SMB encryption may still be required; see notes below.
 > [!NOTE]
 > This policy is combined with per-share, per-server, and per mapped drive connection properties, through which SMB encryption may be required. The SMB server must support and enable SMB encryption. For example, should this policy be disabled (or not configured), the SMB client may still perform encryption if an SMB server share has required encryption.
 > [!IMPORTANT]
 > SMB encryption requires SMB 3.0 or later.
 <!-- RequireEncryption-Description-End -->
 <!-- RequireEncryption-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- RequireEncryption-Editable-End -->
 <!-- RequireEncryption-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- RequireEncryption-DFProperties-End -->
 <!-- RequireEncryption-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Disabled. |
 | 1 | Enabled. |
 <!-- RequireEncryption-AllowedValues-End -->
 <!-- RequireEncryption-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | Pol_RequireEncryption |
 | Friendly Name | Require Encryption |
 | Location | Computer Configuration |
 | Path | Network > Lanman Workstation |
 | Registry Key Name | Software\Policies\Microsoft\Windows\LanmanWorkstation |
 | Registry Value Name | RequireEncryption |
 | ADMX File Name | LanmanWorkstation.admx |
 <!-- RequireEncryption-GpMapping-End -->
 <!-- RequireEncryption-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- RequireEncryption-Examples-End -->
 <!-- RequireEncryption-End -->
 <!-- LanmanWorkstation-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 <!-- LanmanWorkstation-CspMoreInfo-End -->
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@ -1,7 +1,7 @@
 ---
 title: Power Policy CSP
 description: Learn more about the Power Area in Policy CSP.
-ms.date: 03/12/2025
+ms.date: 04/04/2025
 ms.topic: generated-reference
 ---
@ -12,6 +12,8 @@ ms.topic: generated-reference
 [!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- Power-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Power-Editable-End -->
@ -307,6 +309,64 @@ If the user has configured a slide show to run on the lock screen when the machi
 <!-- DisplayOffTimeoutPluggedIn-End -->
 <!-- EnableEnergySaver-Begin -->
 ## EnableEnergySaver
 <!-- EnableEnergySaver-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- EnableEnergySaver-Applicability-End -->
 <!-- EnableEnergySaver-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/Power/EnableEnergySaver
 ```
 <!-- EnableEnergySaver-OmaUri-End -->
 <!-- EnableEnergySaver-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy will extend battery life and reduce energy consumption by enabling Energy Saver to always be on. Energy Saver will always be on for desktops as well as laptops regardless of battery level for both AC and DC. If you disable or don't configure this policy setting, then Energy Saver will turn on based on the EnergySaverBatteryThreshold group policy.
 <!-- EnableEnergySaver-Description-End -->
 <!-- EnableEnergySaver-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- EnableEnergySaver-Editable-End -->
 <!-- EnableEnergySaver-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 1 |
 <!-- EnableEnergySaver-DFProperties-End -->
 <!-- EnableEnergySaver-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 | Disable energy saver policy. |
 | 1 (Default) | Enable energy saver always-on mode. |
 <!-- EnableEnergySaver-AllowedValues-End -->
 <!-- EnableEnergySaver-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | EnableEnergySaver |
 | Path | Power > AT > System > PowerManagementCat > EnergySaverSettingsCat |
 <!-- EnableEnergySaver-GpMapping-End -->
 <!-- EnableEnergySaver-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- EnableEnergySaver-Examples-End -->
 <!-- EnableEnergySaver-End -->
 <!-- EnergySaverBatteryThresholdOnBattery-Begin -->
 ## EnergySaverBatteryThresholdOnBattery
@ -344,6 +404,7 @@ This policy setting allows you to specify battery charge level at which Energy S
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | Range: `[0-100]` |
 | Default Value  | 0 |
 | Dependency [Power_EnergySaverBatteryThresholdOnBattery_DependencyGroup] | Dependency Type: `DependsOn` <br> Dependency URI: `./Device/Vendor/MSFT/Policy/Config/Power/EnableEnergySaver` <br> Dependency Allowed Value: `[1]` <br> Dependency Allowed Value Type: `Range` <br>  |
 <!-- EnergySaverBatteryThresholdOnBattery-DFProperties-End -->
 <!-- EnergySaverBatteryThresholdOnBattery-GpMapping-Begin -->
@ -403,6 +464,7 @@ This policy setting allows you to specify battery charge level at which Energy S
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | Range: `[0-100]` |
 | Default Value  | 0 |
 | Dependency [Power_EnergySaverBatteryThresholdPluggedIn_DependencyGroup] | Dependency Type: `DependsOn` <br> Dependency URI: `./Device/Vendor/MSFT/Policy/Config/Power/EnableEnergySaver` <br> Dependency Allowed Value: `[1]` <br> Dependency Allowed Value Type: `Range` <br>  |
 <!-- EnergySaverBatteryThresholdPluggedIn-DFProperties-End -->
 <!-- EnergySaverBatteryThresholdPluggedIn-GpMapping-Begin -->
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@ -1,7 +1,7 @@
 ---
 title: System Policy CSP
 description: Learn more about the System Area in Policy CSP.
-ms.date: 03/12/2025
+ms.date: 04/04/2025
 ms.topic: generated-reference
 ---
@ -12,6 +12,8 @@ ms.topic: generated-reference
 [!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- System-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- System-Editable-End -->
@ -1195,6 +1197,59 @@ If you don't configure this policy setting, or you set it to "Enable diagnostic
 <!-- ConfigureTelemetryOptInSettingsUx-End -->
 <!-- DisableCHPE-Begin -->
 ## DisableCHPE
 <!-- DisableCHPE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- DisableCHPE-Applicability-End -->
 <!-- DisableCHPE-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/System/DisableCHPE
 ```
 <!-- DisableCHPE-OmaUri-End -->
 <!-- DisableCHPE-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting controls whether loading CHPE binaries is disabled on the ARM64 device. This policy has no effect on x64 devices.
 - If you enable this policy setting, ARM64 devices won't load CHPE binaries. This setting is required for hotpatching on ARM64 devices.
 - If you disable or don't configure this policy setting, ARM64 devices will load CHPE binaries.
 <!-- DisableCHPE-Description-End -->
 <!-- DisableCHPE-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- DisableCHPE-Editable-End -->
 <!-- DisableCHPE-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- DisableCHPE-DFProperties-End -->
 <!-- DisableCHPE-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | CHPE Binaries Enabled (Default). |
 | 1 | CHPE Binaries Disabled. |
 <!-- DisableCHPE-AllowedValues-End -->
 <!-- DisableCHPE-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- DisableCHPE-Examples-End -->
 <!-- DisableCHPE-End -->
 <!-- DisableDeviceDelete-Begin -->
 ## DisableDeviceDelete
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@ -1,7 +1,7 @@
 ---
 title: Update Policy CSP
 description: Learn more about the Update Area in Policy CSP.
-ms.date: 03/12/2025
+ms.date: 04/04/2025
 ms.topic: generated-reference
 ---
@ -2054,7 +2054,7 @@ Enables the IT admin to manage automatic update behavior to scan, download, and
 | Value | Description |
 |:--|:--|
 | 0 | Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel. |
-| 1 | Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that don't shutdown properly on restart. |
+| 1 | Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. After the update is installed, if the user hasn't scheduled a restart, the device will attempt to restart automatically. The user will be notified about the scheduled restart and can reschedule it if the proposed time is inconvenient. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that don't shutdown properly on restart. |
 | 2 (Default) | Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that doesn't shutdown properly on restart. |
 | 3 | Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart. |
 | 4 | Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device isn't in use and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. This setting option also sets the end-user control panel to read-only. |
--- a/windows/client-management/mdm/reboot-ddf-file.md
+++ b/windows/client-management/mdm/reboot-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: Reboot DDF file
 description: View the XML file containing the device description framework (DDF) for the Reboot configuration service provider.
-ms.date: 02/13/2025
+ms.date: 04/04/2025
 ms.topic: generated-reference
 ---
@ -96,7 +96,7 @@ The following XML file contains the device description framework (DDF) for the R
            <Get />
            <Replace />
          </AccessType>
-          <Description>Value in ISO8601 date and time format (such as 2025-10-07T10:35:00)  is required.  Both the date and time are required. A reboot will be scheduled to occur at the specified date and time. Setting a null (empty) date will delete the existing schedule.</Description>
+          <Description>Value in ISO8601 date and time format (such as 2025-10-07T10:35:00) is required.  Both the date and time are required. A reboot will be scheduled to occur at the specified date and time. Setting a null (empty) date will delete the existing schedule.</Description>
          <DFFormat>
            <chr />
          </DFFormat>
@ -123,7 +123,7 @@ The following XML file contains the device description framework (DDF) for the R
            <Get />
            <Replace />
          </AccessType>
-          <Description>Value in ISO8601 date and time format (such as 2025-10-07T10:35:00)  is required.  While it is supported to set either DailyRecurrent or WeeklyRecurrent schedules, it is not supported to enable both settings simultaneously.  A reboot will be scheduled to occur every day at the configured time starting at the specified date and time. Setting a null (empty) date will delete the existing schedule.</Description>
+          <Description>Value in ISO8601 date and time format (such as 2025-10-07T10:35:00) is required.  While it is supported to set either DailyRecurrent or WeeklyRecurrent schedules, it is not supported to enable both settings simultaneously.  A reboot will be scheduled to occur every day at the configured time starting at the specified date and time. Setting a null (empty) date will delete the existing schedule.</Description>
          <DFFormat>
            <chr />
          </DFFormat>
@ -150,7 +150,7 @@ The following XML file contains the device description framework (DDF) for the R
            <Get />
            <Replace />
          </AccessType>
-          <Description>Value in ISO8601 date and time format (such as 2025-10-07T10:35:00)  is required.  While it is supported to set either DailyRecurrent or WeeklyRecurrent schedules, it is not supported to enable both settings simultaneously.  A reboot will be scheduled to occur every week at the configured day and time starting at the specified date and time. Setting a null (empty) date will delete the existing schedule.</Description>
+          <Description>Value in ISO8601 date and time format (such as 2025-10-07T10:35:00) is required.  While it is supported to set either DailyRecurrent or WeeklyRecurrent schedules, it is not supported to enable both settings simultaneously.  A reboot will be scheduled to occur every week at the configured day and time starting at the specified date and time. Setting a null (empty) date will delete the existing schedule.</Description>
          <DFFormat>
            <chr />
          </DFFormat>
--- a/windows/configuration/start/layout.md
+++ b/windows/configuration/start/layout.md
@ -470,7 +470,7 @@ You can configure devices using the [Start CSP][WIN-1]. Use one of the following
 [!INCLUDE [provisioning-package-1](../../../includes/configure/provisioning-package-1.md)]
- **Path:** `Policies/Start/StartLayout`
+- **Path:** Policies > Start > StartLayout
 - **Value:** content of the XML file
 > [!NOTE]
--- a/windows/deployment/do/mcc-ent-deploy-to-linux.md
+++ b/windows/deployment/do/mcc-ent-deploy-to-linux.md
@ -28,7 +28,7 @@ Before deploying Connected Cache to a Linux host machine, ensure that the host m
 1. Open a command line window *as administrator* on the host machine, then change directory to the extracted provisioning package.
    >[!Note]
-    >* If you are deploying your cache node to a Linux host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `proxyTlsCertificatePath="/path/to/pem/file"` to the provisioning command.
+    >* If you're deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and then add `proxytlscertificatepath="/path/to/pem/file"` to the provisioning command.
 1. Set access permissions to allow the `provisionmcc.sh` script within the provisioning package directory to execute.
 1. Run the provisioning command on the host machine.
@ -47,8 +47,8 @@ To deploy a cache node programmatically, you'll need to use Azure CLI to get the
 1. Download and extract the [Connected Cache provisioning package for Linux](https://aka.ms/MCC-Ent-InstallScript-Linux) to your host machine.
 1. Open a command line window *as administrator* on the host machine, then change directory to the extracted provisioning package.
-    >[!Note]
+    > [!Note]
-    >* If you are deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and add `proxyTlsCertificatePath="/path/to/pem/file"` to the provisioning command.
+    >* If you're deploying your cache node to a host machine that uses a TLS-inspecting proxy (e.g. ZScaler), ensure that you've [configured the proxy settings](mcc-ent-create-resource-and-cache.md#proxy-settings) for your cache node, then place the proxy certificate file (.pem) in the extracted provisioning package directory and then add `proxytlscertificatepath="/path/to/pem/file"` to the provisioning command.
 1. Set access permissions to allow the `provisionmcc.sh` script within the provisioning package directory to execute.
 1. Replace the values in the following provisioning command before running it on the host machine.
--- a/windows/deployment/do/waas-delivery-optimization-reference.md
+++ b/windows/deployment/do/waas-delivery-optimization-reference.md
@ -14,7 +14,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>
-ms.date: 10/15/2024
+ms.date: 04/03/2025
 ---
 # Delivery Optimization reference
@ -335,6 +335,8 @@ Configure this policy to designate Delivery Optimization in Network Cache server
 > [!NOTE]
 > If you format the DHCP Option ID incorrectly, the client will fall back to the Cache Server Hostname policy value if that value has been configured.
 > 
 > If the [LocalPolicyMerge](/windows/security/operating-system-security/network-security/windows-firewall/rules#local-policy-merge-and-application-rules) setting is configured, such as part of security baselines, it can impact DHCP client and prevent it from retrieving this DHCP option, especially in Autopilot scenarios.
 ### Maximum foreground download bandwidth (in KB/s)
--- a/windows/deployment/do/waas-delivery-optimization.md
+++ b/windows/deployment/do/waas-delivery-optimization.md
@ -15,7 +15,7 @@ ms.localizationpriority: medium
 appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 05/23/2024
+ms.date: 04/03/2025
 ---
 # What is Delivery Optimization?
@ -47,9 +47,6 @@ The following table lists the minimum Windows 10 version that supports Delivery
 #### Windows Client
 > [!NOTE]
 > Starting March 4, 2025, Edge Browser updates will temporarily not utilize Delivery Optimization for downloads. We are actively working to resolve this issue.
 | Windows Client | Minimum Windows version | HTTP Downloader | Peer to Peer | Microsoft Connected Cache |
 |------------------|---------------|----------------|----------|----------------|
 | Windows Update ([feature updates quality updates, language packs, drivers](../update/get-started-updates-channels-tools.md#types-of-updates)) | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
@ -58,7 +55,7 @@ The following table lists the minimum Windows 10 version that supports Delivery
 | Windows Defender definition updates | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 | Intune Win32 apps| Windows 10 1709, Windows 11 | :heavy_check_mark: | :heavy_check_mark:  | :heavy_check_mark: |
 | Microsoft 365 Apps and updates | Windows 10 1709, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Edge Browser Updates | Windows 10 1809, Windows 11 |  |  |  |
+| Edge Browser Updates | Windows 10 1809, Windows 11 | :heavy_check_mark:  | :heavy_check_mark: | :heavy_check_mark: |
 | Configuration Manager Express updates| Windows 10 1709 + Configuration Manager version 1711, Windows 11 | :heavy_check_mark: | :heavy_check_mark:  | :heavy_check_mark: |
 | Dynamic updates| Windows 10 1903, Windows 11 | :heavy_check_mark: | :heavy_check_mark:  | :heavy_check_mark: |
 | MDM Agent | Windows 11 | :heavy_check_mark: | | |
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@ -4,7 +4,7 @@ description: Use MBR2GPT.EXE to convert a disk from the Master Boot Record (MBR)
 ms.service: windows-client
 author: frankroj
 ms.author: frankroj
-ms.date: 11/26/2024
+ms.date: 04/08/2024
 manager: aaroncz
 ms.localizationpriority: high
 ms.topic: how-to
@ -19,9 +19,11 @@ appliesto:
 # MBR2GPT.EXE
-**MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool runs from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows operating system (OS) by using the **`/allowFullOS`** option.
+> [!IMPORTANT]
 >
 > **MBR2GPT.EXE** is located in the **`Windows\System32`** directory on any device running a [currently supported version of Windows](/windows/release-health/supported-versions-windows-client).
-**MBR2GPT.EXE** is located in the **`Windows\System32`** directory on a computer running Windows.
+**MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool runs from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows operating system (OS) by using the **`/allowFullOS`** option.
 The tool is available in both the full OS environment and Windows PE.
@ -451,22 +453,22 @@ The partition type can be determined with the DiskPart tool. The DiskPart tool i
 1. The partition type is displayed in the **Gpt** column. If the partition is GPT, an asterisk (**\***) is displayed in the column. If the partition is MBR, the column is blank.
-The following shows an example output of the DiskPart tool showing the partition type for two disks:
+  The following shows an example output of the DiskPart tool showing the partition type for two disks:
-```cmd
+  ```cmd
-X:\>DiskPart.exe
+  X:\>DiskPart.exe
-Microsoft DiskPart version 10.0.15048.0
+  Microsoft DiskPart version 10.0.15048.0
-Copyright (C) Microsoft Corporation.
+  Copyright (C) Microsoft Corporation.
-On computer: MININT-K71F13N
+  On computer: MININT-K71F13N
-DISKPART> list disk
+  DISKPART> list disk
-  Disk ###  Status         Size     Free     Dyn  Gpt
+    Disk ###  Status         Size     Free     Dyn  Gpt
-  --------  -------------  -------  -------  ---  ---
+    --------  -------------  -------  -------  ---  ---
-  Disk 0    Online          238 GB      0 B
+    Disk 0    Online          238 GB      0 B
-  Disk 1    Online          931 GB      0 B        *
+    Disk 1    Online          931 GB      0 B        *
-```
+  ```
 In this example, Disk 0 is formatted with the MBR partition style, and Disk 1 is formatted using GPT.
--- a/windows/deployment/upgrade/log-files.md
+++ b/windows/deployment/upgrade/log-files.md
@ -11,7 +11,7 @@ ms.collection:
  - highpri
  - tier2
 ms.subservice: itpro-deploy
-ms.date: 01/29/2025
+ms.date: 04/08/2025
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@ -25,7 +25,7 @@ appliesto:
 >
 > See [Resolve Windows upgrade errors](resolve-windows-upgrade-errors.md) for a full list of articles in this section.
-Several log files are created during each phase of the upgrade process. These log files are essential for troubleshooting upgrade problems. By default, the folders that contain these log files are hidden on the upgrade target computer. To view the log files, configure Windows Explorer to view hidden items, or use a tool to automatically gather these logs. The most useful log is **setupact.log**. The log files are located in a different folder depending on the Windows Setup phase. Recall that the phase can be determined from the extend code.
+Several log files are created during each phase of the upgrade process. These log files are essential for troubleshooting upgrade problems. By default, the folders that contain these log files are hidden on the upgrade target computer. To view the log files, configure Windows Explorer to view hidden items, or use a tool to automatically gather these logs. The most useful log is **setupact.log**. The log files are located in a different folder depending on the Windows Setup phase. Recall that the phase can be determined from the [extend code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes).
 > [!NOTE]
 >
@ -35,14 +35,14 @@ The following table describes some log files and how to use them for troubleshoo
 |Log file |Phase: Location |Description |When to use|
 |---|---|---|---|
-|**setupact.log**|Down-Level:<br>$Windows.~BT\Sources\Panther|Contains information about setup actions during the downlevel phase. |All down-level failures and starting point for rollback investigations.<br> Setup.act is the most important log for diagnosing setup issues.|
+|**setupact.log**|Down-Level:<br>$Windows.~BT\Sources\Panther|Contains information about setup actions during the downlevel phase. |All downlevel failures and starting point for rollback investigations.<br> Setup.act is the most important log for diagnosing setup issues.|
-|**setupact.log**|OOBE:<br>$Windows.~BT\Sources\Panther\UnattendGC|Contains information about actions during the OOBE phase.|Investigating rollbacks that failed during OOBE phase and operations - 0x4001C, 0x4001D, 0x4001E, 0x4001F.|
+|**setupact.log**|Out of box experience (OOBE):<br>$Windows.~BT\Sources\Panther\UnattendGC|Contains information about actions during the OOBE phase.|Investigating rollbacks that failed during OOBE phase and operations - 0x4001C, 0x4001D, 0x4001E, 0x4001F.|
 |**setupact.log**|Rollback:<br>$Windows.~BT\Sources\Rollback|Contains information about actions during rollback.|Investigating generic rollbacks - 0xC1900101.|
-|**setupact.log**|Pre-initialization (prior to downlevel):<br>Windows|Contains information about initializing setup.|If setup fails to launch.|
+|**setupact.log**|Pre-initialization (before downlevel):<br>Windows|Contains information about initializing setup.|If setup fails to launch.|
 |**setupact.log**|Post-upgrade (after OOBE):<br>Windows\Panther|Contains information about setup actions during the installation.|Investigate post-upgrade related issues.|
 |**setuperr.log**|Same as setupact.log|Contains information about setup errors during the installation.|Review all errors encountered during the installation phase.|
 |**miglog.xml**|Post-upgrade (after OOBE):<br>Windows\Panther|Contains information about what was migrated during the installation.|Identify post upgrade data migration issues.|
-|**BlueBox.log**|Down-Level:<br>Windows\Logs\Mosetup|Contains information communication between `setup.exe` and Windows Update.|Use during WSUS and Windows Update down-level failures or for 0xC1900107.|
+|**BlueBox.log**|Down-Level:<br>Windows\Logs\Mosetup|Contains information communication between `setup.exe` and Windows Update.|Use during WSUS and Windows Update downlevel failures or for 0xC1900107.|
 |Supplemental rollback logs:<br>**Setupmem.dmp**<br>**setupapi.dev.log**<br>Event logs (*.evtx)|$Windows.~BT\Sources\Rollback|Additional logs collected during rollback.|Setupmem.dmp: If OS bug checks during upgrade, setup attempts to extract a mini-dump.<br>Setupapi: Device install issues - 0x30018<br>Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.|
 ## Log entry structure
@ -51,13 +51,13 @@ A `setupact.log` or `setuperr.log` entry includes the following elements:
 1. **The date and time** - 2023-09-08 09:20:05
-2. **The log level** - Info, Warning, Error, Fatal Error
+1. **The log level** - Info, Warning, Error, Fatal Error
-3. **The logging component** - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS
+1. **The logging component** - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS
  The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are useful for troubleshooting Windows Setup errors.
-4. **The message** - Operation completed successfully.
+1. **The message** - Operation completed successfully.
 See the following example:
@ -67,7 +67,7 @@ See the following example:
 ## Analyze log files
-The following instructions are meant for IT professionals. Also see the [Upgrade error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json) section in this guide to become familiar with [result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) and [extend codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes).
+The following instructions are meant for IT professionals. To become more familiar with [result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) and [extend codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes), see the article [Upgrade error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json).
 To analyze Windows Setup log files:
@ -75,7 +75,7 @@ To analyze Windows Setup log files:
 1. Based on the [extend code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes) portion of the error code, determine the type and location of a log file to investigate.
-1. Open the log file in a text editor, such as notepad.
+1. Open the log file in a text editor, such as Notepad.
 1. Using the [result code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below.
@ -88,7 +88,7 @@ To analyze Windows Setup log files:
    1. Under **Direction** select **Up**.
    1. Select **Find Next**.
-1. When the last occurrence of the result code is located, scroll up a few lines from this location in the file and review the processes that failed prior to generating the result code.
+1. When the last occurrence of the result code is located, scroll up a few lines from this location in the file and review the processes that failed before generating the result code.
 1. Search for the following important text strings:
@ -131,7 +131,7 @@ The first line indicates there was an error **0x00000570** with the file **C:\Pr
 The error **0x00000570** is a [Win32 error code](/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d) corresponding to: **ERROR_FILE_CORRUPT: The file or directory is corrupted and unreadable**.
-Therefore, Windows Setup failed because it wasn't able to migrate the corrupt file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN]**.  This file is a local system certificate and can be safely deleted. After the `setupact.log` file is searched for more details, the phrase **Shell application requested abort** is found in a location with the same timestamp as the lines in `setuperr.log`. This analysis confirms the suspicion that this file is the cause of the upgrade failure:
+Therefore, Windows Setup failed because it wasn't able to migrate the corrupt file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN]**. This file is a local system certificate and can be safely deleted. After the `setupact.log` file is searched for more details, the phrase **Shell application requested abort** is found in a location with the same timestamp as the lines in `setuperr.log`. This analysis confirms the suspicion that this file is the cause of the upgrade failure:
 **setupact.log** content:
--- a/windows/deployment/upgrade/resolve-windows-upgrade-errors.md
+++ b/windows/deployment/upgrade/resolve-windows-upgrade-errors.md
@ -8,7 +8,7 @@ ms.localizationpriority: medium
 ms.topic: troubleshooting-general
 ms.service: windows-client
 ms.subservice: itpro-deploy
-ms.date: 01/29/2025
+ms.date: 04/08/2025
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@ -35,22 +35,22 @@ The following four levels are assigned:
 See the following articles in this section:
- [Quick fixes](/troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 100\ Steps to take to eliminate many Windows upgrade errors.
+- [Quick fixes](/troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): (Level 100) Steps to take to eliminate many Windows upgrade errors.
- [SetupDiag](setupdiag.md): \Level 300\ SetupDiag is a new tool to help isolate the root cause of an upgrade failure.
+- [SetupDiag](setupdiag.md): (Level 300) SetupDiag is a new tool to help isolate the root cause of an upgrade failure.
- [Troubleshooting upgrade errors](/troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 300\ General advice and techniques for troubleshooting Windows upgrade errors, and an explanation of phases used during the upgrade process.
+- [Troubleshooting upgrade errors](/troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): (Level 300) General advice and techniques for troubleshooting Windows upgrade errors, and an explanation of phases used during the upgrade process.
- [Windows Error Reporting](windows-error-reporting.md): \Level 300\ How to use Event Viewer to review details about a Windows upgrade.
+- [Windows Error Reporting](windows-error-reporting.md): (Level 300) How to use Event Viewer to review details about a Windows upgrade.
- [Upgrade error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 400\ The components of an error code are explained.
+- [Upgrade error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): (Level 400) The components of an error code are explained.
  - [Result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes): Information about result codes.
  - [Extend codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes): Information about extend codes.
- [Log files](log-files.md): \Level 400\ A list and description of log files useful for troubleshooting.
+- [Log files](log-files.md): (Level 400) A list and description of log files useful for troubleshooting.
  - [Log entry structure](log-files.md#log-entry-structure): The format of a log entry is described.
  - [Analyze log files](log-files.md#analyze-log-files): General procedures for log file analysis, and an example.
- [Resolution procedures](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 200\ Causes and mitigation procedures associated with specific error codes.
+- [Resolution procedures](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): (Level 200) Causes and mitigation procedures associated with specific error codes.
  - [0xC1900101](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#0xc1900101): Information about the 0xC1900101 result code.
  - [0x800xxxxx](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#0x800xxxxx): Information about result codes that start with 0x800.
  - [Other result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#other-result-codes): Additional causes and mitigation procedures are provided for some result codes.
  - [Other error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#other-error-codes): Additional causes and mitigation procedures are provided for some error codes.
- [Submit Windows upgrade errors](submit-errors.md): \Level 100\ Submit upgrade errors to Microsoft for analysis.
+- [Submit Windows upgrade errors](submit-errors.md): (Level 100) Submit upgrade errors to Microsoft for analysis.
 ## Related articles
--- a/windows/deployment/upgrade/setupdiag.md
+++ b/windows/deployment/upgrade/setupdiag.md
@ -12,7 +12,7 @@ ms.topic: troubleshooting
 ms.collection:
  - highpri
  - tier2
-ms.date: 03/27/2025
+ms.date: 04/08/2025
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@ -24,14 +24,15 @@ appliesto:
 >
 > This article is a 300 level article (moderate advanced). See [Resolve Windows upgrade errors](resolve-windows-upgrade-errors.md) for a full list of articles in this section.
 > [!div class="nextstepaction"]
 > [Download the latest version of SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142)
 ## About SetupDiag
 > [!IMPORTANT]
 >
-> When SetupDiag is run manually, Microsoft recommends running the latest version of SetupDiag. The latest version is available via the following [download link](https://go.microsoft.com/fwlink/?linkid=870142). Running the latest version ensures the latest functionality and fixes known issues.
+> When SetupDiag is run manually, Microsoft recommends running the latest version of SetupDiag. The latest version is available via the following link:
 >
 > [Download the latest version of SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142)
 >
 > Running the latest version ensures the latest functionality and fixes known issues.
 SetupDiag is a diagnostic tool that can be used to obtain details about why a Windows upgrade was unsuccessful.
@ -39,14 +40,14 @@ SetupDiag works by examining Windows Setup log files. It attempts to parse these
 SetupDiag is included with [Windows Setup](/windows-hardware/manufacture/desktop/deployment-troubleshooting-and-log-files#windows-setup-scenario) in all currently supported versions of Windows.
-During the upgrade process, Windows Setup extracts all its sources files, including **SetupDiag.exe**, to the **%SystemDrive%\$Windows.~bt\Sources** directory. If there's an issue with the upgrade, SetupDiag automatically runs to determine the cause of the failure.
+During the upgrade process, Windows Setup extracts all its source files, including `SetupDiag.exe`, to the `%SystemDrive%\$Windows.~bt\Sources` directory. If there's an issue with the upgrade, SetupDiag automatically runs to determine the cause of the failure.
 When run by Windows Setup, the following [parameters](#parameters) are used:
- /ZipLogs:False
+- `/ZipLogs:False`
- /Format:xml
+- `/Format:xml`
- /Output:%windir%\logs\SetupDiag\SetupDiagResults.xml
+- `/Output:%windir%\logs\SetupDiag\SetupDiagResults.xml`
- /RegPath:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupDiag\Results
+- `/RegPath:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupDiag\Results`
 The resulting SetupDiag analysis can be found at `%WinDir%\Logs\SetupDiag\SetupDiagResults.xml` and in the registry under `HKLM\SYSTEM\Setup\SetupDiag\Results`.
@ -58,7 +59,11 @@ The resulting SetupDiag analysis can be found at `%WinDir%\Logs\SetupDiag\SetupD
 >
 > When SetupDiag indicates that there were multiple failures, the last failure in the log file is typically the fatal error, not the first one.
-If the upgrade process proceeds normally, the **Sources** directory including **SetupDiag.exe** is moved under **%SystemDrive%\Windows.Old** for cleanup. If the **Windows.old** directory is deleted later, **SetupDiag.exe** is also removed.
+If the upgrade process proceeds normally, the `Sources` directory including `SetupDiag.exe` is moved under `%SystemDrive%\Windows.Old` for cleanup. If the `Windows.old` directory is deleted later, `SetupDiag.exe` is also removed.
 > [!TIP]
 >
 > If `SetupDiag.exe` is needed after the `Windows.old` directory is deleted, it can be downloaded from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?linkid=870142).
 ## Requirements
@ -81,50 +86,52 @@ If the upgrade process proceeds normally, the **Sources** directory including **
 ## Using SetupDiag
-To quickly use SetupDiag on the current computer:
+To use SetupDiag:
 1. Verify that the system meets the [requirements](#requirements).
-1. [Download SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142).
+1. [Download](https://go.microsoft.com/fwlink/?linkid=870142) the latest version of SetupDiag.
-1. If the web browser asks what to do with the file, choose **Save**. By default, the file is saved to the **Downloads** folder. If desired, the file can also be saved to a different location by using **Save As**.
+1. If the web browser asks what to do with the file, choose **Save**. By default, the file is saved to the **Downloads** folder, which is displayed in File Explorer under **Quick access** in the left navigation pane. If desired, the file can also be saved to a different location by using **Save As**.
-1. When SetupDiag finishes downloading, open the folder where the file was downloaded. By default, this folder is the **Downloads** folder, which is displayed in File Explorer under **Quick access** in the left navigation pane.
+1. Once SetupDiag finishes downloading, open an elevated command prompt and navigate to the directory where `setupdiag.exe` was downloaded and saved to.
-1. Double-click the **SetupDiag** file to run it. Select **Yes** if asked to approve running the program.
+1. In the elevated command prompt, run `setupdiage.exe` in online mode using the desired parameters as documented in the [Parameters](#parameters) and [Examples](#examples) sections.
- Double-clicking the file to run it automatically closes the command window when SetupDiag completes its analysis. To instead keep the window open to review the messages SetupDiag generates, run the program by typing **SetupDiag** at the command prompt instead of double-clicking it. When running from a command prompt, make sure to change directories to where SetupDiag is located.
+1. Wait for SetupDiag to finish.
-1. A command window opens while SetupDiag diagnoses the computer. Wait for this process to finish.
+1. When SetupDiag finishes, two files are created in the same folder where SetupDiag was run from:
-
+    - A configuration file.
-1. When SetupDiag finishes, two files are created in the same folder where SetupDiag was run from. One is a configuration file, the other is a log file.
+    - A log file.
 1. Use Notepad to open the log file **SetupDiagResults.log**.
 1. Review the information that is displayed. If a rule was matched, this information can say why the computer failed to upgrade, and potentially how to fix the problem. See the section [Text log sample](#text-log-sample).
-For instructions on how to run the tool in offline mode and with more advanced options, see the sections [Parameters](#parameters) and [Examples](#examples).
+> [!TIP]
 >
 > For instructions on how to run the tool in offline mode in Windows PE, see the sections [Parameters](#parameters) and [Examples](#examples).
 ## Parameters
 | Parameter | Description |
 | --- | --- |
-| **/?** | Displays interactive help |
+| **/?** | Displays help information |
-| **/Output:\[Full path and file name for output log file\]** | This optional parameter specifies the name and location for the results log file. The output file contains the analysis from SetupDiag.  Only text format output is supported.  UNC paths work provided the context under which SetupDiag runs has access to the UNC path.  If the path has a space in it, the entire path must be enclosed in double quotes (**"**). See the [Examples](#examples) sections for an example. <br><br> Default: If not specified, SetupDiag creates the file **SetupDiagResults.log** in the same  directory where **SetupDiag.exe** is run. |
+| **/Output:\[Full path and file name for output log file\]** | This optional parameter specifies the name and location for the results log file. The output file contains the analysis from SetupDiag. Only text format output is supported. UNC paths work provided the context under which SetupDiag runs has access to the UNC path. If the path has a space in it, the entire path must be enclosed in double quotes (**"**). See the [Examples](#examples) sections for an example. <br><br> Default: If not specified, SetupDiag creates the file **SetupDiagResults.log** in the same  directory where **SetupDiag.exe** is run. |
-| **/LogsPath:\[Full path to logs\]** | This optional parameter specifies the location of logs to parse and where to find the log files for an offline analysis. These log files can be in a flat folder format, or containing multiple subdirectories.  SetupDiag recursively searches all child directories. Defaults to checking the current system for logs. |
+| **/LogsPath:\[Full path to logs\]** | This optional parameter specifies the location of logs to parse and where to find the log files for an offline analysis. These log files can be in a flat folder format, or containing multiple subdirectories. SetupDiag recursively searches all child directories. Defaults to checking the current system for logs. |
 | **/ZipLogs:\[True \| False\]** | This optional parameter Tells **SetupDiag.exe** to create a zip file containing the results and all the log files that were parsed. The zip file is created in the same directory where **SetupDiag.exe** is run. <br><br> Default: If not specified, a value of 'true' is used. |
-| **/Format:\[xml \| json\]** | This optional parameter specifies the output format for log files to be XML or JSON.  If this parameter isn't specified, text format is used by default. |
+| **/Format:\[xml \| json\]** | This optional parameter specifies the output format for log files to be XML or JSON. If this parameter isn't specified, text format is used by default. |
 | **/Scenario:\[Recovery \| Debug\]** | This optional parameter can do one of the following two items based on the argument used: <br><br> <ul><li>Recovery instructs **SetupDiag.exe** to look for and process reset and recovery logs and ignore setup/upgrade logs.</li><li>Debug instructs **SetupDiag.exe** to debug memory dumps if the requisite debug binaries are installed.</li></ul> |
-| **/Verbose** | This optional parameter creates a diagnostic log in the current directory, with debugging information, additional data, and details about SetupDiag. By default, SetupDiag only produces a log file entry for major errors.  Using **/Verbose** causes SetupDiag to always produce another log file with debugging details. These details can be useful when reporting a problem with SetupDiag. |
+| **/Verbose** | This optional parameter creates a diagnostic log in the current directory, with debugging information, additional data, and details about SetupDiag. By default, SetupDiag only produces a log file entry for major errors. Using **/Verbose** causes SetupDiag to always produce another log file with debugging details. These details can be useful when reporting a problem with SetupDiag. |
 | **/NoTel** | This optional parameter tells **SetupDiag.exe** not to send diagnostic telemetry to Microsoft. |
-| **/RegPath** | This optional parameter Instructs **SetupDiag.exe** to add failure information to the registry under the given path. Registry paths should start with **HKEY_LOCAL_MACHINE** or **HKEY_CURRENT_USER** and be accessible at the elevation level SetupDiag is executed under. If this parameter isn't specified, the default path is **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**. |
+| **/RegPath** | This optional parameter Instructs **SetupDiag.exe** to add failure information to the registry under the given path. Registry paths should start with **HKEY_LOCAL_MACHINE** or **HKEY_CURRENT_USER** and be accessible at the elevation level SetupDiag is executed under. If this parameter isn't specified, the default path is `HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag`. |
-| **/AddReg** | This optional parameter Instructs **SetupDiag.exe** to add failure information to the registry on the executing system in offline mode. SetupDiag by default adds failure information to the registry in Online mode only. Registry data goes to **HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup\Volatile\SetupDiag** unless otherwise specified. |
+| **/AddReg** | This optional parameter Instructs **SetupDiag.exe** to add failure information to the registry on the executing system in offline mode. SetupDiag by default adds failure information to the registry in Online mode only. Registry data goes to `HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup\Volatile\SetupDiag` unless otherwise specified. |
 > [!NOTE]
 >
 > The **/Mode** parameter is deprecated in SetupDiag.
 >
-> In previous versions, this command was used with the LogsPath parameter to specify that SetupDiag should run in an offline manner to analyze a set of log files that were captured from a different computer. In current versions of SetupDiag, when /LogsPath is specified then SetupDiag automatically runs in offline mode, therefore the /Mode parameter isn't needed.
+> In previous versions, the **/Mode** parameter was used with the **/LogsPath** parameter in offline mode and would analyze a set of log files that were captured on a different computer. In current versions of SetupDiag, when **/LogsPath** is specified, then SetupDiag automatically runs in offline mode, therefore the **/Mode** parameter isn't needed.
 ### Examples
@ -132,13 +139,13 @@ For instructions on how to run the tool in offline mode and with more advanced o
 >
 > **SetupDiage.exe** should be run from an elevated command prompt for it to work properly.
- In the following example, SetupDiag is run without parameters and it displays interactive help.
+- In the following example, SetupDiag is run without parameters and it displays help information.
  ```cmd
  SetupDiag.exe
  ```
- In the following example, SetupDiag is run in online mode (this mode is the default).  It knows where to look for logs on the current (failing) system, so there's no need to gather logs ahead of time. A custom location for results is specified.
+- In the following example, SetupDiag is run in online mode (this mode is the default). It knows where to look for logs on the current (failing) system, so there's no need to gather logs ahead of time. A custom location for results is specified.
  ```cmd
  SetupDiag.exe /Output:C:\SetupDiag\Results.log
@ -156,13 +163,12 @@ For instructions on how to run the tool in offline mode and with more advanced o
  SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:D:\Temp\Logs\LogSet1
  ```
- The following example sets recovery scenario in offline mode. In the example, SetupDiag searches for reset/recovery logs in the specified LogsPath location and output the results to the directory specified by the **/Output** parameter.
+- The following is an example of Reset/Recovery Offline Mode. SetupDiag is instructed to look for reset/recovery logs in the specified LogsPath location. It then outputs the results to the directory specified by the **/Output** parameter.
  ```cmd
  SetupDiag.exe /Output:C:\SetupDiag\RecoveryResults.log /LogsPath:D:\Temp\Cabs\PBR_Log /Scenario:Recovery
  ```
- The following example sets recovery scenario in online mode. In the example, SetupDiag searches for reset/recovery logs on the current system and output results in XML format.
+- The following example is an example of Reset/Recovery Online Mode. SetupDiag is instructed to look for reset/recovery logs on the current system and output its results in XML format.
  ```cmd
  SetupDiag.exe /Scenario:Recovery /Format:xml
@ -180,24 +186,6 @@ For instructions on how to run the tool in offline mode and with more advanced o
  SetupDiag.exe /Output:C:\SetupDiag\Results.xml /Format:xml
  ```
 - The following example is an example of Online Mode where no parameters are needed or used. SetupDiag is instructed to look for setup/upgrade logs on the current system and output the results to the same directory where SetupDiag is located.
  ```cmd
  SetupDiag.exe
  ```
 - The following example is an example of Reset/Recovery Offline Mode. SetupDiag is instructed to look for reset/recovery logs in the specified LogsPath location. It then outputs the results to the directory specified by the **/Output** parameter.
  ```cmd
  SetupDiag.exe /Output:C:\SetupDiag\RecoveryResults.log /LogsPath:D:\Temp\Cabs\PBR_Log /Scenario:Recovery
  ```
 - The following example is an example of Reset/Recovery Online Mode. SetupDiag is instructed to look for reset/recovery logs on the current system and output its results in XML format.
  ```cmd
  SetupDiag.exe /Scenario:Recovery /Format:xml
  ```
 ## Log files
 [Windows Setup Log Files and Event Logs](/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs) has information about where logs are created during Windows Setup. For offline processing, SetupDiag should be run against the contents of the entire folder. For example, depending on when the upgrade failed, copy one of the following folders to the offline location:
@ -225,7 +213,7 @@ To debug a setup-related bug check:
 - Install the [Windows Debugging Tools](/windows-hardware/drivers/debugger/debugger-download-tools) on the computer that runs SetupDiag.
-In the following example, the `setupmem.dmp` file is copied to the `D:\Dump` directory and the Windows Debugging Tools are installed prior to running SetupDiag:
+In the following example, the `setupmem.dmp` file is copied to the `D:\Dump` directory and the Windows Debugging Tools are installed before running SetupDiag:
 ```cmd
 SetupDiag.exe /Output:C:\SetupDiag\Dumpdebug.log /LogsPath:D:\Dump
@ -276,75 +264,75 @@ Logs ZipFile created at: c:\setupdiag\Logs_14.zip
 When SetupDiag searches log files, it uses a set of rules to match known issues. These rules are contained in an xml file. The xml file might be updated with new and updated rules as new versions of SetupDiag are made available.
-Each rule name and its associated unique rule identifier are listed with a description of the known upgrade-blocking issue. In the rule descriptions, the term **down-level** refers to the first phase of the upgrade process, which runs under the original OS.
+Each rule name and its associated unique rule identifier are listed with a description of the known upgrade-blocking issue. In the rule descriptions, the term **downlevel** refers to the first phase of the upgrade process, which runs under the original OS.
 | Rule Name | GUID | Description |
 | --- | --- |
 | **CompatScanOnly** | FFDAFD37-DB75-498A-A893-472D49A1311D | This rule indicates that `setup.exe` was called with a specific command line parameter that indicated setup was to do a compatibility scan only, not an upgrade. |
 | **PlugInComplianceBlock** | D912150B-1302-4860-91B5-527907D08960 | Detects all compatibility blocks from Server compliance plug-ins. This rule is for server upgrades only. It outputs the compliance block and remediation required. |
 | **BitLockerHardblock** | C30152E2-938E-44B8-915B-D1181BA635AE | This block is an upgrade block when the target OS doesn't support BitLocker, yet the host OS has BitLocker enabled. |
-| **VHDHardblock** | D9ED1B82-4ED8-4DFD-8EC0-BE69048978CC | This block happens when the host OS is booted to a VHD image.  Upgrade isn't supported when the host OS is booted from a VHD image. |
+| **VHDHardblock** | D9ED1B82-4ED8-4DFD-8EC0-BE69048978CC | This block happens when the host OS is booted to a VHD image. Upgrade isn't supported when the host OS is booted from a VHD image. |
-| **PortableWorkspaceHardblock** | 5B0D3AB4-212A-4CE4-BDB9-37CA404BB280 | This block indicates that the host OS is booted from a Windows To-Go device (USB key).  Upgrade isn't supported in the Windows To-Go environment. |
+| **PortableWorkspaceHardblock** | 5B0D3AB4-212A-4CE4-BDB9-37CA404BB280 | This block indicates that the host OS is booted from a Windows To-Go device (USB key. Upgrade isn't supported in the Windows To-Go environment. |
-| **AuditModeHardblock** | A03BD71B-487B-4ACA-83A0-735B0F3F1A90 | This block indicates that the host OS is currently booted into Audit Mode, a special mode for modifying the Windows state.  Upgrade isn't supported from this state. |
+| **AuditModeHardblock** | A03BD71B-487B-4ACA-83A0-735B0F3F1A90 | This block indicates that the host OS is currently booted into Audit Mode, a special mode for modifying the Windows state. Upgrade isn't supported from this state. |
 | **SafeModeHardblock** | 404D9523-B7A8-4203-90AF-5FBB05B6579B | This block indicates that the host OS is booted to Safe Mode, where upgrade isn't supported. |
 | **InsufficientSystemPartitionDiskSpaceHardblock** | 3789FBF8-E177-437D-B1E3-D38B4C4269D1 | This block is encountered when setup determines the system partition doesn't have enough space to be serviced with the newer boot files required during the upgrade process. The system partition is where the boot loader files are stored |
 | **CompatBlockedApplicationAutoUninstall** | BEBA5BC6-6150-413E-8ACE-5E1EC8D34DD5 | This rule indicates there's an application that needs to be uninstalled before setup can continue. |
-| **CompatBlockedApplicationDismissable** | EA52620B-E6A0-4BBC-882E-0686605736D9 | When setup is run in **/quiet** mode, there are dismissible application messages that turn into blocks unless the command line also specifies **/compat ignorewarning**.  This rule indicates setup was executed in **/quiet** mode but there's an application dismissible block message that prevented setup from continuing. |
+| **CompatBlockedApplicationDismissable** | EA52620B-E6A0-4BBC-882E-0686605736D9 | When setup is run in **/quiet** mode, there are dismissible application messages that turn into blocks unless the command line also specifies **/compat ignorewarning**. This rule indicates setup was executed in **/quiet** mode but there's an application dismissible block message that prevented setup from continuing. |
-| **CompatBlockedFODDismissable** | 7B693C42-793E-4E9E-A10B-ED0F33D45E2A | When setup is run in **/quiet** mode, there are dismissible Feature On Demand messages that turn into blocks unless the command line also specifies **/compat ignorewarning**.  This rule indicates setup was executed in **/quiet** mode but there's a Feature On Demand dismissible block message that prevented setup from continuing, usually that the target OS image is missing a Feature On Demand that is installed in the current OS. Removal of the Feature On Demand in the current OS should also resolve the issue.
+| **CompatBlockedFODDismissable** | 7B693C42-793E-4E9E-A10B-ED0F33D45E2A | When setup is run in **/quiet** mode, there are dismissible Feature On Demand messages that turn into blocks unless the command line also specifies **/compat ignorewarning**. This rule indicates setup was executed in **/quiet** mode but there's a Feature On Demand dismissible block message that prevented setup from continuing, usually that the target OS image is missing a Feature On Demand that is installed in the current OS. Removal of the Feature On Demand in the current OS should also resolve the issue.
-| **CompatBlockedApplicationManualUninstall** | 9E912E5F-25A5-4FC0-BEC1-CA0EA5432FF4 | This rule indicates that an application without an Add/Remove Programs entry, is present on the system and blocking setup from continuing.  This block typically requires manual removal of the files associated with this application to continue. |
+| **CompatBlockedApplicationManualUninstall** | 9E912E5F-25A5-4FC0-BEC1-CA0EA5432FF4 | This rule indicates that an application without an Add/Remove Programs entry, is present on the system and blocking setup from continuing. This block typically requires manual removal of the files associated with this application to continue. |
 | **GenericCompatBlock** | 511B9D95-C945-4F9B-BD63-98F1465E1CF6 | The rule indicates that system doesn't meet a hardware requirement for running Windows. For example, the device is missing a requirement for TPM 2.0. This issue can occur even when an attempt is made to bypass the hardware requirements. |
 | **GatedCompatBlock** | 34A9F145-3842-4A68-987F-4622EE0FC162 | This rule indicates that the upgrade failed due to a temporary block. A temporary block is put in place when an issue is found with a specific piece of software or hardware driver and the issue has a fix pending. The block is lifted once the fix is widely available. |
-| **HardblockDeviceOrDriver** | ED3AEFA1-F3E2-4F33-8A21-184ADF215B1B | This error indicates a device driver that is loaded on the host OS isn't compatible with the newer OS version. The device driver needs to be removed prior to the upgrade. |
+| **HardblockDeviceOrDriver** | ED3AEFA1-F3E2-4F33-8A21-184ADF215B1B | This error indicates a device driver that is loaded on the host OS isn't compatible with the newer OS version. The device driver needs to be removed before the upgrade. |
 | **HardblockMismatchedLanguage** | 60BA8449-CF23-4D92-A108-D6FCEFB95B45 | This rule indicates the host OS and the target OS language editions don't match. |
-| **HardblockFlightSigning** | 598F2802-3E7F-4697-BD18-7A6371C8B2F8 | This rule indicates the target OS is a pre-release, Windows Insider build, and the target machine has Secure Boot enabled.  This rule blocks the pre-release signed build from booting if installed on the machine. |
+| **HardblockFlightSigning** | 598F2802-3E7F-4697-BD18-7A6371C8B2F8 | This rule indicates the target OS is a pre-release, Windows Insider build, and the target machine has Secure Boot enabled. This rule blocks the pre-release signed build from booting if installed on the machine. |
-| **DiskSpaceBlockInDownLevel** | 6080AFAC-892E-4903-94EA-7A17E69E549E | This failure indicates the system ran out of disk space during the down-level operations of upgrade. |
+| **DiskSpaceBlockInDownLevel** | 6080AFAC-892E-4903-94EA-7A17E69E549E | This failure indicates the system ran out of disk space during the downlevel operations of upgrade. |
 | **DiskSpaceFailure** | 981DCBA5-B8D0-4BA7-A8AB-4030F7A10191 | This failure indicates the system drive ran out of available disk space at some point after the first reboot into the upgrade. |
 | **PreReleaseWimMountDriverFound** | 31EC76CC-27EC-4ADC-9869-66AABEDB56F0 | Captures failures due to having an unrecognized `wimmount.sys` driver registered on the system. |
-| **DebugSetupMemoryDump** | C7C63D8A-C5F6-4255-8031-74597773C3C6 | This offline only rule indicates a bug check occurred during setup.  If the debugger tools are available on the system, SetupDiag debugs the memory dump and provide details. |
+| **DebugSetupMemoryDump** | C7C63D8A-C5F6-4255-8031-74597773C3C6 | This offline only rule indicates a bug check occurred during setup. If the debugger tools are available on the system, SetupDiag debugs the memory dump and provide details. |
-| **DebugSetupCrash** | CEEBA202-6F04-4BC3-84B8-7B99AED924B1 | This offline only rule indicates that setup itself encountered a failure that resulted in a process memory dump.  If the debugger tools are installed on the system, SetupDiag debugs the memory dump and give further details. |
+| **DebugSetupCrash** | CEEBA202-6F04-4BC3-84B8-7B99AED924B1 | This offline only rule indicates that setup itself encountered a failure that resulted in a process memory dump. If the debugger tools are installed on the system, SetupDiag debugs the memory dump and give further details. |
-| **DebugMemoryDump** | 505ED489-329A-43F5-B467-FCAAF6A1264C | This offline only rule is for any memory.dmp file that resulted during the setup/upgrade operation.  If the debugger tools are installed on the system, SetupDiag debugs the memory dump and give further details. |
+| **DebugMemoryDump** | 505ED489-329A-43F5-B467-FCAAF6A1264C | This offline only rule is for any memory.dmp file that resulted during the setup/upgrade operation. If the debugger tools are installed on the system, SetupDiag debugs the memory dump and give further details. |
 | **DeviceInstallHang** | 37BB1C3A-4D79-40E8-A556-FDA126D40BC6 | This failure rule indicates the system hung or bug checked during the device installation phase of upgrade. |
 | **DriverPackageMissingFileFailure** | 37BB1C3A-4D79-40E8-A556-FDA126D40BC6 | This rule indicates that a driver package had a missing file during device install. Updating the driver package might help resolve the issue. |
 | **UnsignedDriverBootFailure** | CD270AA4-C044-4A22-886A-F34EF2E79469 | This rule indicates that an unsigned driver caused a boot failure. |
-| **BootFailureDetected** | 4FB446C2-D4EC-40B4-97E2-67EB19D1CFB7 | This rule indicates a boot failure occurred during a specific phase of the update.  The rule indicates the failure code and phase for diagnostic purposes. |
+| **BootFailureDetected** | 4FB446C2-D4EC-40B4-97E2-67EB19D1CFB7 | This rule indicates a boot failure occurred during a specific phase of the update. The rule indicates the failure code and phase for diagnostic purposes. |
 | **WinSetupBootFilterFailure** | C073BFC8-5810-4E19-B53B-4280B79E096C | Detects failures in the kernel mode file operations. |
 | **FindDebugInfoFromRollbackLog** | 9600EB68-1120-4A87-9FE9-3A4A70ACFC37 | This rule determines and gives details when a bug check occurs during the setup/upgrade process that resulted in a memory dump. However, a debugger package isn't required on the executing machine. |
-| **AdvancedInstallerFailed** | 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC | Finds fatal advanced installer operations that cause setup failures. Indicates critical failure in the AdvancedInstaller while running an installer package, includes the .exe being called, the phase, mode, component and error codes. |
+| **AdvancedInstallerFailed** | 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC | Finds fatal advanced installer operations that cause setup failures. Indicates critical failure in the AdvancedInstaller while running an installer package, includes the .exe being called, the phase, mode, component, and error codes. |
 | **AdvancedInstallerPluginInstallFailed** | 2F784A0E-CEB1-47C5-8072-F1294C7CB4AE | This rule indicates some component that was being installed via an advanced installer (FeatureOnDemand, Language Packs, .NET packages, etc.) failed to install. The rule calls out what was being installed. If the failed component is a FeatureOnDemand, remove the Windows Feature, reboot, and try the upgrade again. If the failed component is a Language Pack, remove the additional language pack, reboot, and try the upgrade again. |
-| **AdvancedInstallerGenericFailure** | 4019550D-4CAA-45B0-A222-349C48E86F71 | A rule to match AdvancedInstaller read/write failures in a generic sense.  Triggers on advanced installer failures in a generic sense. It outputs the application called, phase, mode, component and error code. |
+| **AdvancedInstallerGenericFailure** | 4019550D-4CAA-45B0-A222-349C48E86F71 | A rule to match AdvancedInstaller read/write failures in a generic sense. Triggers on advanced installer failures in a generic sense. It outputs the application called, phase, mode, component, and error code. |
-| **FindMigApplyUnitFailure** | A4232E11-4043-4A37-9BF4-5901C46FD781 | Detects a migration unit failure that caused the update to fail.  This rule outputs the name of the migration plug-in and the error code it produced for diagnostic purposes. |
+| **FindMigApplyUnitFailure** | A4232E11-4043-4A37-9BF4-5901C46FD781 | Detects a migration unit failure that caused the update to fail. This rule outputs the name of the migration plug-in and the error code it produced for diagnostic purposes. |
-| **FindMigGatherUnitFailure** | D04C064B-CD77-4E64-96D6-D26F30B4EE29 | Detects a migration gather unit failure that caused the update to fail.  This rule outputs the name of the gather unit/plug-in and the error code it produced for diagnostic purposes. |
+| **FindMigGatherUnitFailure** | D04C064B-CD77-4E64-96D6-D26F30B4EE29 | Detects a migration gather unit failure that caused the update to fail. This rule outputs the name of the gather unit/plug-in and the error code it produced for diagnostic purposes. |
-| **FindMigGatherApplyFailure** | A9964E6C-A2A8-45FF-B6B5-25E0BD71428E | Shows errors when the migration Engine fails out on a gather or apply operation.  Indicates the Migration Object (file or registry path), the Migration |
+| **FindMigGatherApplyFailure** | A9964E6C-A2A8-45FF-B6B5-25E0BD71428E | Shows errors when the migration Engine fails out on a gather or apply operation. Indicates the Migration Object (file or registry path), the Migration |
-| **OptionalComponentFailedToGetOCsFromPackage** | D012E2A2-99D8-4A8C-BBB2-088B92083D78 | This rule matches a specific Optional Component failure when attempting to enumerate components in a package.  Indicates the optional component (OC) migration operation failed to enumerate optional components from an OC Package. It outputs the package name and error code. This rule replaces the OptionalComponentInstallFailure rule present. |
+| **OptionalComponentFailedToGetOCsFromPackage** | D012E2A2-99D8-4A8C-BBB2-088B92083D78 | This rule matches a specific Optional Component failure when attempting to enumerate components in a package. Indicates the optional component (OC) migration operation failed to enumerate optional components from an OC Package. It outputs the package name and error code. This rule replaces the OptionalComponentInstallFailure rule present. |
-| **OptionalComponentOpenPackageFailed** | 22952520-EC89-4FBD-94E0-B67DF88347F6 | Matches a specific Optional Component failure when attempting to open an OC package.  It outputs the package name and error code. Indicates the optional component migration operation failed to open an optional component Package.  Outputs the package name and error code. |
+| **OptionalComponentOpenPackageFailed** | 22952520-EC89-4FBD-94E0-B67DF88347F6 | Matches a specific Optional Component failure when attempting to open an OC package. It outputs the package name and error code. Indicates the optional component migration operation failed to open an optional component Package. Outputs the package name and error code. |
-| **OptionalComponentInitCBSSessionFailed** | 63340812-9252-45F3-A0F2-B2A4CA5E9317 |  Matches a specific failure where the advanced installer service or components aren't operating or started on the system.  Indicates corruption in the servicing stack on the down-level system.  Outputs the error code encountered while trying to initialize the servicing component on the existing OS. |
+| **OptionalComponentInitCBSSessionFailed** | 63340812-9252-45F3-A0F2-B2A4CA5E9317 |  Matches a specific failure where the advanced installer service or components aren't operating or started on the system. Indicates corruption in the servicing stack on the downlevel system. Outputs the error code encountered while trying to initialize the servicing component on the existing OS. |
-| **CriticalSafeOSDUFailure** | 73566DF2-CA26-4073-B34C-C9BC70DBF043 | This rule indicates a failure occurred while updating the SafeOS image with a critical dynamic update.  It indicates the phase and error code that occurred while attempting to update the SafeOS image for diagnostic purposes. |
+| **CriticalSafeOSDUFailure** | 73566DF2-CA26-4073-B34C-C9BC70DBF043 | This rule indicates a failure occurred while updating the SafeOS image with a critical dynamic update. It indicates the phase and error code that occurred while attempting to update the SafeOS image for diagnostic purposes. |
-| **UserProfileCreationFailureDuringOnlineApply** | 678117CE-F6A9-40C5-BC9F-A22575C78B14 | Indicates there was a critical failure while creating or modifying a User Profile during the online apply phase of the update.  It indicates the operation and error code associated with the failure for diagnostic purposes. |
+| **UserProfileCreationFailureDuringOnlineApply** | 678117CE-F6A9-40C5-BC9F-A22575C78B14 | Indicates there was a critical failure while creating or modifying a User Profile during the online apply phase of the update. It indicates the operation and error code associated with the failure for diagnostic purposes. |
-| **UserProfileCreationFailureDuringFinalize** | C6677BA6-2E53-4A88-B528-336D15ED1A64 | Matches a specific User Profile creation error during the finalize phase of setup.  It outputs the failure code. |
+| **UserProfileCreationFailureDuringFinalize** | C6677BA6-2E53-4A88-B528-336D15ED1A64 | Matches a specific User Profile creation error during the finalize phase of setup. It outputs the failure code. |
 | **UserProfileSuffixMismatch** | B4BBCCCE-F99D-43EB-9090-078213397FD8 | Detects when a file or other object causes the migration or creation of a user profile to fail during the update. |
 | **DuplicateUserProfileFailure** | BD7B3109-80F1-4421-8F0A-B34CD25F4B51 | This rule indicates a fatal error while migrating user profiles, usually with multiple SIDs associated with a single user profile. This error usually occurs when software creates local user accounts that aren't ever used or signed in with. The rule indicates the SID and UserName of the account that is causing the failure. To attempt to resolve the issue, first back up all the user's files for the affected user account. After the user's files are backed up, delete the account in a supported manner. Make sure that the account isn't one that is needed or is currently used to sign into the device. After deleting the account, reboot, and try the upgrade again. |
-| **WimMountFailure** | BE6DF2F1-19A6-48C6-AEF8-D3B0CE3D4549 | This rule indicates the update failed to mount a WIM file.  It shows the name of the WIM file and the error message and error code associated with the failure for diagnostic purposes. |
+| **WimMountFailure** | BE6DF2F1-19A6-48C6-AEF8-D3B0CE3D4549 | This rule indicates the update failed to mount a WIM file. It shows the name of the WIM file and the error message and error code associated with the failure for diagnostic purposes. |
 | **WimMountDriverIssue** | 565B60DD-5403-4797-AE3E-BC5CB972FBAE | Detects failures in `WimMount.sys` registration on the system. |
-| **WimApplyExtractFailure** | 746879E9-C9C5-488C-8D4B-0C811FF3A9A8 | Matches a WIM apply failure during WIM extraction phases of setup.  It outputs the extension, path and error code. |
+| **WimApplyExtractFailure** | 746879E9-C9C5-488C-8D4B-0C811FF3A9A8 | Matches a WIM apply failure during WIM extraction phases of setup. It outputs the extension, path, and error code. |
-| **UpdateAgentExpanderFailure** | 66E496B3-7D19-47FA-B19B-4040B9FD17E2 | Matches DPX expander failures in the down-level phase of update from Windows Update.  It outputs the package name, function, expression and error code. |
+| **UpdateAgentExpanderFailure** | 66E496B3-7D19-47FA-B19B-4040B9FD17E2 | Matches DPX expander failures in the downlevel phase of update from Windows Update. It outputs the package name, function, expression, and error code. |
-| **FindFatalPluginFailure** | E48E3F1C-26F6-4AFB-859B-BF637DA49636 | Matches any plug-in failure that setupplatform decides is fatal to setup.  It outputs the plugin name, operation and error code. |
+| **FindFatalPluginFailure** | E48E3F1C-26F6-4AFB-859B-BF637DA49636 | Matches any plug-in failure that setupplatform decides is fatal to setup. It outputs the plugin name, operation, and error code. |
-| **MigrationAbortedDueToPluginFailure** | D07A24F6-5B25-474E-B516-A730085940C9 | Indicates a critical failure in a migration plugin that causes setup to abort the migration.  Provides the setup operation, plug-in name, plug-in action and error code. |
+| **MigrationAbortedDueToPluginFailure** | D07A24F6-5B25-474E-B516-A730085940C9 | Indicates a critical failure in a migration plugin that causes setup to abort the migration. Provides the setup operation, plug-in name, plug-in action and error code. |
-| **DISMAddPackageFailed** | 6196FF5B-E69E-4117-9EC6-9C1EAB20A3B9 | Indicates a critical failure during a DISM add package operation.  Specifies the Package Name, DISM error and add package error code. |
+| **DISMAddPackageFailed** | 6196FF5B-E69E-4117-9EC6-9C1EAB20A3B9 | Indicates a critical failure during a DISM add package operation. Specifies the Package Name, DISM error and add package error code. |
 | **DISMImageSessionFailure** | 61B7886B-10CD-4C98-A299-B987CB24A11C | Captures failure information when DISM fails to start an image session successfully. |
-| **DISMproviderFailure** | D76EF86F-B3F8-433F-9EBF-B4411F8141F4 | Triggers when a DISM provider (plug-in) fails in a critical operation.  Outputs the file (plug-in name), function called + error code, and error message from the provider. |
+| **DISMproviderFailure** | D76EF86F-B3F8-433F-9EBF-B4411F8141F4 | Triggers when a DISM provider (plug-in) fails in a critical operation. Outputs the file (plug-in name), function called + error code, and error message from the provider. |
-| **SysPrepLaunchModuleFailure** | 7905655C-F295-45F7-8873-81D6F9149BFD | Indicates a sysPrep plug-in failed in a critical operation.  Indicates the plug-in name, operation name and error code. |
+| **SysPrepLaunchModuleFailure** | 7905655C-F295-45F7-8873-81D6F9149BFD | Indicates a sysPrep plug-in failed in a critical operation. Indicates the plug-in name, operation name, and error code. |
-| **UserProvidedDriverInjectionFailure** | 2247C48A-7EE3-4037-AFAB-95B92DE1D980 | A driver provided to setup (via command line input) failed in some way.  Outputs the driver install function and error code. |
+| **UserProvidedDriverInjectionFailure** | 2247C48A-7EE3-4037-AFAB-95B92DE1D980 | A driver provided to setup (via command line input) failed in some way. Outputs the driver install function and error code. |
 | **DriverMigrationFailure** | 9378D9E2-256E-448C-B02F-137F611F5CE3 | This rule indicates a fatal failure when migrating drivers. |
-| **UnknownDriverMigrationFailure** | D7541B80-5071-42CE-AD14-FBE8C0C4F7FD | This rule indicates a bad driver package resides on the system. The driver package causes the upgrade to fail when the driver package is attempted to migrate to the new OS. The rule usually indicates the driver package name that caused the issue. The remediation is to remove the bad driver package, reboot, and try the upgrade again.  If an update to this driver is available from the OEM, updating the driver package is recommended. |
+| **UnknownDriverMigrationFailure** | D7541B80-5071-42CE-AD14-FBE8C0C4F7FD | This rule indicates a bad driver package resides on the system. The driver package causes the upgrade to fail when the driver package is attempted to migrate to the new OS. The rule usually indicates the driver package name that caused the issue. The remediation is to remove the bad driver package, reboot, and try the upgrade again. If an update to this driver is available from the OEM, updating the driver package is recommended. |
 | | |
 | **FindSuccessfulUpgrade** | 8A0824C8-A56D-4C55-95A0-22751AB62F3E | Determines if the given setup was a success or not based off the logs. |
 | **FindSetupHostReportedFailure** | 6253C04F-2E4E-4F7A-B88E-95A69702F7EC | Gives information about failures surfaced early in the upgrade process by `setuphost.exe` |
-| **FindDownlevelFailure** | 716334B7-F46A-4BAA-94F2-3E31BC9EFA55 | Gives failure information surfaced by SetupPlatform, later in the down-level phase. |
+| **FindDownlevelFailure** | 716334B7-F46A-4BAA-94F2-3E31BC9EFA55 | Gives failure information surfaced by SetupPlatform, later in the downlevel phase. |
-| **FindAbruptDownlevelFailure** | 55882B1A-DA3E-408A-9076-23B22A0472BD | Gives last operation failure information when the system fails in the down-level, but the log just ends abruptly. |
+| **FindAbruptDownlevelFailure** | 55882B1A-DA3E-408A-9076-23B22A0472BD | Gives last operation failure information when the system fails in the downlevel, but the log just ends abruptly. |
-| **FindEarlyDownlevelError** | A4CE4FC9-5E10-4BB1-8ECE-3B29EB9D7C52 | Detects failures in down-level phase before setup platform is invoked. |
+| **FindEarlyDownlevelError** | A4CE4FC9-5E10-4BB1-8ECE-3B29EB9D7C52 | Detects failures in downlevel phase before setup platform is invoked. |
 | **FindSPFatalError** | A4028172-1B09-48F8-AD3B-86CDD7D55852 | Captures failure information when setup platform encounters a fatal error. |
-| **FindSetupPlatformFailedOperationInfo** | 307A0133-F06B-4B75-AEA8-116C3B53C2D1 | Gives last phase and error information when SetupPlatform indicates a critical failure.  This rule indicates the operation and error associated with the failure for diagnostic purposes. |
+| **FindSetupPlatformFailedOperationInfo** | 307A0133-F06B-4B75-AEA8-116C3B53C2D1 | Gives last phase and error information when SetupPlatform indicates a critical failure. This rule indicates the operation and error associated with the failure for diagnostic purposes. |
-| **FindRollbackFailure** | 3A43C9B5-05B3-4F7C-A955-88F991BB5A48 | Gives last operation, failure phase and error information when a rollback occurs. |
+| **FindRollbackFailure** | 3A43C9B5-05B3-4F7C-A955-88F991BB5A48 | Gives last operation, failure phase, and error information when a rollback occurs. |
 ## Sample logs
@ -374,8 +362,8 @@ System Information:
    ReportId = dd4db176-4e3f-4451-aef6-22cf46de8bde
 Error: SetupDiag reports Optional Component installation failed to open OC Package. Package Name: Foundation, Error: 0x8007001F
-Recommend you check the "Windows Modules Installer" service (Trusted Installer) is started on the system and set to automatic start, reboot and try the update again.  Optionally, you can check the status of optional components on the system (search for Windows Features), uninstall any unneeded optional components, reboot and try the update again.
+Recommend you check the "Windows Modules Installer" service (Trusted Installer) is started on the system and set to automatic start, reboot and try the update again. Optionally, you can check the status of optional components on the system (search for Windows Features), uninstall any unneeded optional components, reboot and try the update again.
-Error: SetupDiag reports down-level failure, Operation: Finalize, Error: 0x8007001F - 0x50015
+Error: SetupDiag reports downlevel failure, Operation: Finalize, Error: 0x8007001F - 0x50015
 Refer to https://learn.microsoft.com/windows/deployment/upgrade/upgrade-error-codes for error information.
 ```
--- a/windows/deployment/upgrade/submit-errors.md
+++ b/windows/deployment/upgrade/submit-errors.md
@ -2,13 +2,13 @@
 title: Submit Windows upgrade errors using Feedback Hub
 manager: aaroncz
 ms.author: frankroj
-description: Download the Feedback Hub app, and then submit Windows upgrade errors for diagnosis using feedback hub.
+description: Download the Feedback Hub app, and then submit Windows upgrade errors for diagnosis using Feedback Hub.
 ms.service: windows-client
 author: frankroj
 ms.localizationpriority: medium
 ms.topic: troubleshooting-general
 ms.subservice: itpro-deploy
-ms.date: 01/29/2025
+ms.date: 04/08/2025
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@ -28,17 +28,17 @@ This article describes how to submit problems with a Windows upgrade to Microsof
 The Feedback Hub app allows reporting to Microsoft of any problems encountered while using Windows. It also allows sending suggestions to Microsoft on how to improve the Windows experience. Previously, the Feedback Hub could only be used through the Windows Insider Program. Now anyone can use this tool. The Feedback Hub app can be downloaded from the [Microsoft Store](https://www.microsoft.com/store/p/feedback-hub/9nblggh4r32n?SilentAuth=1&wa=wsignin1.0).
-The Feedback Hub requires a currently supported version of Windows. The Feedback Hub can be used to submit information to Microsoft if problems are encountered while upgrading Windows. If upgrading to a currently supported version of Windows from a previous version that's Windows 10 or newer, the Feedback Hub automatically collects log files. For operating systems prior to Windows 10 that don't support the Feedback Hub, the log files must be manually collected. The log files can then be attached to the feedback item using a device that is running a currently supported version of Windows that supports the Feedback Hub.
+The Feedback Hub requires a [currently supported version of Windows](/windows/release-health/supported-versions-windows-client). The Feedback Hub can be used to submit information to Microsoft if problems are encountered while upgrading Windows. If upgrading between [currently supported version of Windows](/windows/release-health/supported-versions-windows-client), the Feedback Hub automatically collects log files. For out of support operating systems before Windows 10 that don't support the Feedback Hub, the log files must be manually collected. The log files can then be attached to the feedback item using a device that is running a [currently supported version of Windows](/windows/release-health/supported-versions-windows-client) that supports the Feedback Hub.
 ## Submit feedback
 To submit feedback about a failed Windows upgrade, open the [Feedback Hub](feedback-hub://?referrer=resolveUpgradeErrorsPage&tabid=2&contextid=81&newFeedback=true&feedbackType=2&topic=submit-errors.md).
-In the Feedback Hub, fill out all four sections with as much detail as possible:
+In the Feedback Hub, fill out all of the sections with as much detail as possible:
 1. **Enter your feedback**
 1. **Choose a category**
-1. **Find similar feedback**
+1. **Find similar feedback** - this section doesn't have anything to fill out, but it is important to check for similar feedback items. If a similar feedback item is found, select it and then select the **Next** button. This allows Microsoft to see how many people are affected by the same issue.
 1. **Add more details**
 Recommended information that can be included under the **Add more details** section include:
@ -71,5 +71,3 @@ After the feedback is submitted, additional information and items can be added t
 1. Copy and then use the short link that is displayed.
 :::image type="content" alt-text="Share example." source="../images/share.jpg":::
 ## Related articles
--- a/windows/deployment/upgrade/windows-error-reporting.md
+++ b/windows/deployment/upgrade/windows-error-reporting.md
@ -8,7 +8,7 @@ author: frankroj
 ms.localizationpriority: medium
 ms.topic: article
 ms.subservice: itpro-deploy
-ms.date: 01/29/2025
+ms.date: 04/08/2025
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@ -22,7 +22,7 @@ appliesto:
 >
 > See [Resolve Windows upgrade errors](resolve-windows-upgrade-errors.md) for a full list of articles in this section.
-When Windows Setup fails, the result and extend code are recorded as an informational event in the Application log by Windows Error Reporting as event 1001. The event name is **WinSetupDiag02**.  Event Viewer or Windows PowerShell can be used to review this event.
+When Windows Setup fails, the [result code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) and [extend code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes) are recorded as an informational event in the Application log by Windows Error Reporting as event 1001. The event name is **WinSetupDiag02**. Event Viewer or Windows PowerShell can be used to review this event.
 To use Windows PowerShell, type the following commands from an elevated Windows PowerShell prompt:
@ -48,18 +48,18 @@ To use Event Viewer:
 Ten parameters are listed in the event:
-| Parameters  |
+| Parameters  | Description| Example |
-| ------------- |
+| ------------- | --- | --- |
-| P1: The Setup Scenario (1=Media,5=WindowsUpdate,7=Media Creation Tool) |
+| P1 | The Setup Scenario | 1=Media, 5=WindowsUpdate, 7=Media Creation Tool |
-| P2: Setup Mode (x=default,1=Downlevel,5=Rollback) |
+| P2 | Setup Mode | x=default, 1=Downlevel, 5=Rollback |
-| P3: New OS Architecture (x=default,0=X86,9=AMD64) |
+| P3 | New OS Architecture | x=default, 0=X86, 9=AMD64 |
-| P4: Install Result (x=default,0=Success,1=Failure,2=Cancel,3=Blocked) |
+| P4 | Install Result | x=default, 0=Success, 1=Failure,2=Cancel, 3=Blocked |
-| **P5: Result Error Code**  (Ex: 0xc1900101) |
+| **P5** | Result Error Code | 0xc1900101 |
-| **P6: Extend Error Code**  (Ex: 0x20017) |
+| **P6** | Extend Error Code | 0x20017 |
-| P7: Source OS build (Ex: 9600) |
+| P7 | Source OS build | 9600 |
-| P8: Source OS branch (not typically available) |
+| P8 | Source OS branch | Not typically available |
-| P9: New OS build (Ex: 16299) |
+| P9 | New OS build | 16299 |
-| P10: New OS branch (Ex: rs3_release) |
+| P10 | New OS branch | rs3_release |
 The event also contains links to log files that can be used to perform a detailed diagnosis of the error. The following example is an example of this event from a successful upgrade:
--- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
+++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
@ -7,7 +7,10 @@ ms.service: windows-client
 author: frankroj
 ms.topic: upgrade-and-migration-article
 ms.subservice: itpro-deploy
-ms.date: 08/30/2024
+ms.date: 04/08/2025
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 # Windows upgrade and migration considerations
@ -61,7 +64,7 @@ If a single-language Windows image that matches the system default UI language o
 ### Errorhandler.cmd
-If using **Errorhandler.cmd** when upgrading from an earlier version of Windows, copy **Errorhandler.cmd** into the `%WINDIR%\Setup\Scripts` directory on the original installation of Windows. Copying **Errorhandler.cmd** into the `%WINDIR%\Setup\Scripts` directory on the original installation of Windows makes sure that if there are errors during the down-level phase of Windows Setup, the commands in **Errorhandler.cmd** run. For more information, see [Run a script if Windows Setup encounters a fatal error (ErrorHandler.cmd)](/windows-hardware/manufacture/desktop/add-a-custom-script-to-windows-setup#run-a-script-if-windowssetup-encounters-a-fatal-error-errorhandlercmd).
+If using **Errorhandler.cmd** when upgrading from an earlier version of Windows, copy **Errorhandler.cmd** into the `%WINDIR%\Setup\Scripts` directory on the original installation of Windows. Copying **Errorhandler.cmd** into the `%WINDIR%\Setup\Scripts` directory on the original installation of Windows makes sure that if there are errors during the downlevel phase of Windows Setup, the commands in **Errorhandler.cmd** run. For more information, see [Run a script if Windows Setup encounters a fatal error (ErrorHandler.cmd)](/windows-hardware/manufacture/desktop/add-a-custom-script-to-windows-setup#run-a-script-if-windowssetup-encounters-a-fatal-error-errorhandlercmd).
 ## Related content
--- a/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates.md
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates.md
@ -1,7 +1,7 @@
 ---
 title: Hotpatch updates
 description: Use Hotpatch updates to receive security updates without restarting your device
-ms.date: 04/02/2025
+ms.date: 04/04/2025
 ms.service: windows-client
 ms.subservice: autopatch
 ms.topic: how-to
@ -91,7 +91,7 @@ LCUs requires you to restart the device, but the LCU ensures that the device rem
 1. Select **Devices** from the left navigation menu.
 1. Under the **Manage updates** section, select **Windows updates**.
 1. Go to the **Quality updates** tab.
-1. Select **Create**, and select **Windows quality update policy (preview)**.
+1. Select **Create**, and select **Windows quality update policy**.
 1. Under the **Basics** section, enter a name for your new policy and select Next.
 1. Under the **Settings** section, set **"When available, apply without restarting the device ("Hotpatch")** to **Allow**. Then, select **Next**.
 1. Select the appropriate Scope tags or leave as Default and select **Next**.
--- a/windows/deployment/windows-autopatch/monitor/windows-autopatch-hotpatch-quality-update-report.md
+++ b/windows/deployment/windows-autopatch/monitor/windows-autopatch-hotpatch-quality-update-report.md
@ -1,7 +1,7 @@
 ---
 title: Hotpatch quality update report
 description: Use the Hotpatch quality update report to view the current update statuses for all devices that receive Hotpatch updates
-ms.date: 03/31/2025
+ms.date: 04/04/2025
 ms.service: windows-client
 ms.subservice: autopatch
 ms.topic: how-to
@ -15,10 +15,7 @@ ms.collection:
  - tier1
 ---
-# Hotpatch quality update report (public preview)
+# Hotpatch quality update report
 > [!IMPORTANT]
 > This feature is in public preview. It is being actively developed and might not be complete. They're made available on a "Preview" basis. You can test and use these features in production environments and scenarios and provide feedback.
 The Hotpatch quality update report provides a per policy level view of the current update statuses for all devices that receive Hotpatch updates. For more information about Hotpatching, see [Hotpatch updates](../manage/windows-autopatch-hotpatch-updates.md).
@ -27,7 +24,7 @@ The Hotpatch quality update report provides a per policy level view of the curre
 1. Go to the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 1. Navigate to **Reports** > **Windows Autopatch** > **Windows quality updates**.
 1. Select the **Reports** tab.
-1. Select **Hotpatch quality updates (preview)**.
+1. Select **Hotpatch quality updates**.
 > [!NOTE]
 > The data in this report is refreshed every four hours with data received by your Windows Autopatch managed devices. The last refreshed on date/time can be seen at the top of the page. For more information about how often Windows Autopatch receives data from your managed devices, see [Data latency](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#about-data-latency).
--- a/windows/security/identity-protection/access-control/access-control.md
+++ b/windows/security/identity-protection/access-control/access-control.md
@ -1,6 +1,6 @@
 ---
-ms.date: 09/06/2024
+ms.date: 04/07/2025
-title: Access Control overview
+title: Access Control Overview
 description: Learn about access control in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer.
 ms.topic: overview
 appliesto:
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@ -1,5 +1,5 @@
 ---
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 title: Local Accounts
 description: Learn how to secure and manage access to the resources on a standalone or member server for services or users.
 ms.topic: concept-article
@ -225,33 +225,33 @@ The following table shows the Group Policy and registry settings that are used t
 #### To enforce local account restrictions for remote access
 1. Start the **Group Policy Management** Console (GPMC)
-1. In the console tree, expand &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;, and then **Group Policy Objects** where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO)
+1. In the console tree, expand <*Forest*>\Domains\<*Domain*>, and then **Group Policy Objects** where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO)
 1. In the console tree, right-click **Group Policy Objects > New**
-1. In the **New GPO** dialog box, type &lt;**gpo\_name**&gt;, and &gt; **OK** where *gpo\_name* is the name of the new GPO. The GPO name indicates that the GPO is used to restrict local administrator rights from being carried over to another computer
+1. In the **New GPO** dialog box, type <**gpo_name**>, and > **OK** where *gpo_name* is the name of the new GPO. The GPO name indicates that the GPO is used to restrict local administrator rights from being carried over to another computer
-1. In the details pane, right-click &lt;**gpo\_name**&gt;, and &gt; **Edit**
+1. In the details pane, right-click <**gpo_name**>, and > **Edit**
 1. Ensure that UAC is enabled and that UAC restrictions apply to the default Administrator account by following these steps:
-   - Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\, and &gt; **Security Options**
+   - Navigate to the **Computer Configuration** > **Windows Settings** > **Security Settings** > **Local Policies** > **Security Options**
-   - Double-click **User Account Control: Run all administrators in Admin Approval Mode** &gt; **Enabled** &gt; **OK**
+   - Select **User Account Control: Run all administrators in Admin Approval Mode** > **Enabled** > **OK**
-   - Double-click **User Account Control: Admin Approval Mode for the Built-in Administrator account** &gt; **Enabled** &gt; **OK**
+   - Select **User Account Control: Admin Approval Mode for the Built-in Administrator account** > **Enabled** > **OK**
 1. Ensure that the local account restrictions are applied to network interfaces by following these steps:
   - Navigate to *Computer Configuration\Preferences and Windows Settings*, and > **Registry**
-   - Right-click **Registry**, and &gt; **New** &gt; **Registry Item**
+   - Right-click **Registry**, and > **New** > **Registry Item**
   - In the **New Registry Properties** dialog box, on the **General** tab, change the setting in the **Action** box to **Replace**
   - Ensure that the **Hive** box is set to **HKEY_LOCAL_MACHINE**
-   - Select (**…**), browse to the following location for **Key Path** &gt; **Select** for: `SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`
+   - Select (**…**), browse to the following location for **Key Path** > **Select** for: `SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`
   - In the **Value name** area, type `LocalAccountTokenFilterPolicy`
   - In the **Value type** box, from the drop-down list, select **REG_DWORD** to change the value
   - In the **Value data** box, ensure that the value is set to **0**
-   - Verify this configuration, and &gt; **OK**
+   - Verify this configuration, and > **OK**
 1. Link the GPO to the first **Workstations** organizational unit (OU) by doing the following:
   - Navigate to the `*Forest*\<Domains>\*Domain*\*OU*` path
   - Right-click the **Workstations > Link an existing GPO**
-   - Select the GPO that you created, and &gt; **OK**
+   - Select the GPO that you created, and > **OK**
 1. Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy
 1. Create links to all other OUs that contain workstations
@ -278,23 +278,23 @@ The following table shows the Group Policy settings that are used to deny networ
 #### To deny network logon to all local administrator accounts
 1. Start the **Group Policy Management** Console (GPMC)
-1. In the console tree, expand &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;, and then **Group Policy Objects**, where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO)
+1. In the console tree, expand <*Forest*>\Domains\<*Domain*>, and then **Group Policy Objects**, where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO)
-1. In the console tree, right-click **Group Policy Objects**, and &gt; **New**
+1. In the console tree, right-click **Group Policy Objects**, and > **New**
-1. In the **New GPO** dialog box, type &lt;**gpo\_name**&gt;, and then &gt; **OK** where *gpo\_name* is the name of the new GPO indicates that it's being used to restrict the local administrative accounts from interactively signing in to the computer
+1. In the **New GPO** dialog box, type <**gpo_name**>, and then > **OK** where *gpo_name* is the name of the new GPO indicates that it's being used to restrict the local administrative accounts from interactively signing in to the computer
-1. In the details pane, right-click &lt;**gpo\_name**&gt;, and &gt; **Edit**
+1. In the details pane, right-click <**gpo_name**>, and > **Edit**
 1. Configure the user rights to deny network logons for administrative local accounts as follows:
-1. Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\, and &gt; **User Rights Assignment**
+1. Navigate to the Computer Configuration\Windows Settings\Security Settings\, and > **User Rights Assignment**
 1. Double-click **Deny access to this computer from the network**
-1. Select **Add User or Group**, type **Local account and member of Administrators group**, and &gt; **OK**
+1. Select **Add User or Group**, type **Local account and member of Administrators group**, and > **OK**
 1. Configure the user rights to deny Remote Desktop (Remote Interactive) logons for administrative local accounts as follows:
-1. Navigate to Computer Configuration\\Policies\\Windows Settings and Local Policies, and then select **User Rights Assignment**
+1. Navigate to Computer Configuration\Policies\Windows Settings and Local Policies, and then select **User Rights Assignment**
 1. Double-click **Deny log on through Remote Desktop Services**
-1. Select **Add User or Group**, type **Local account and member of Administrators group**, and &gt; **OK**
+1. Select **Add User or Group**, type **Local account and member of Administrators group**, and > **OK**
 1. Link the GPO to the first **Workstations** OU as follows:
-   - Navigate to the &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;\\OU path
+   - Navigate to the <*Forest*>\Domains\<*Domain*>\OU path
-   - Right-click the **Workstations** OU, and &gt; **Link an existing GPO**
+   - Right-click the **Workstations** OU, and > **Link an existing GPO**
-   - Select the GPO that you created, and &gt; **OK**
+   - Select the GPO that you created, and > **OK**
 1. Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy
 1. Create links to all other OUs that contain workstations
--- a/windows/security/identity-protection/credential-guard/configure.md
+++ b/windows/security/identity-protection/credential-guard/configure.md
@ -212,7 +212,7 @@ The following event indicates whether TPM is used for key protection. Path: `App
  :::column-end:::
 :::row-end:::
-If you're running with a TPM, the TPM PCR mask value is something other than 0.
+The TPM PCR mask is only relevant when SRTM is used. If the cached Copy status is 1, SRTM was not used - typically indicating DRTM is in use - and the PCR mask should be ignored.
 ## Disable Credential Guard
--- a/windows/security/identity-protection/passkeys/index.md
+++ b/windows/security/identity-protection/passkeys/index.md
@ -1,10 +1,10 @@
 ---
-title: Support for passkeys in Windows
+title: Support for Passkeys in Windows
 description: Learn about passkeys and how to use them on Windows devices.
 ms.collection:
 - tier1
 ms.topic: overview
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
@ -2,7 +2,7 @@
 title: Deploy Virtual Smart Cards
 description: Learn about what to consider when deploying a virtual smart card authentication solution
 ms.topic: concept-article
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ---
 # Deploy Virtual Smart Cards
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
@ -2,7 +2,7 @@
 title: Evaluate Virtual Smart Card Security
 description: Learn about the security characteristics and considerations when deploying TPM virtual smart cards.
 ms.topic: concept-article
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ---
 # Evaluate Virtual Smart Card Security
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
@ -2,7 +2,7 @@
 title: Get Started with Virtual Smart Cards - Walkthrough Guide
 description: This topic for the IT professional describes how to set up a basic test environment for using TPM virtual smart cards.
 ms.topic: get-started
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ---
 # Get Started with Virtual Smart Cards: Walkthrough Guide
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
@ -2,7 +2,7 @@
 title: Virtual Smart Card Overview
 description: Learn about virtual smart card technology for Windows.
 ms.topic: overview
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ---
 # Virtual Smart Card Overview
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
@ -2,7 +2,7 @@
 title: Tpmvscmgr
 description: Learn about the Tpmvscmgr command-line tool, through which an administrator can create and delete TPM virtual smart cards on a computer.
 ms.topic: reference
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ---
 # Tpmvscmgr
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
@ -2,7 +2,7 @@
 title: Understanding and Evaluating Virtual Smart Cards
 description: Learn how smart card technology can fit into your authentication design.
 ms.topic: overview
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ---
 # Understand and Evaluate Virtual Smart Cards
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
@ -2,7 +2,7 @@
 title: Use Virtual Smart Cards
 description: Learn about the requirements for virtual smart cards, how to use and manage them.
 ms.topic: concept-article
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ---
 # Use Virtual Smart Cards
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
@ -2,7 +2,7 @@
 title: Configure Windows Firewall logging
 description: Learn how to configure Windows Firewall to log dropped packets or successful connections with CSP and group policy.
 ms.topic: how-to
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ---
 # Configure Windows Firewall logging
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md
@ -1,8 +1,8 @@
 ---
-title: Manage Windows Firewall with the command line
+title: Manage Windows Firewall With the Command Line
 description: Learn how to manage Windows Firewall from the command line. This guide provides examples how to manage Windows Firewall with PowerShell and Netsh.
 ms.topic: how-to
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ---
 # Manage Windows Firewall with the command line
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure.md
@ -1,8 +1,8 @@
 ---
-title: Configure firewall rules with group policy
+title: Configure Firewall Rules With Group Policy
 description: Learn how to configure firewall rules using group policy with the Windows Firewall with Advanced Security console.
 ms.topic: how-to
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ---
 # Configure rules with group policy
--- a/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md
@ -1,8 +1,8 @@
 ---
-title: Windows Firewall dynamic keywords
+title: Windows Firewall Dynamic Keywords
 description: Learn about Windows Firewall dynamic keywords and how to configure it using Windows PowerShell.
 ms.topic: how-to
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ---
 # Windows Firewall dynamic keywords
--- a/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
@ -1,8 +1,8 @@
 ---
-title: Filter origin audit log
+title: Filter Origin Audit Log
 description: Learn about Windows Firewall and filter origin audit log to troubleshoot packet drops.
 ms.topic: troubleshooting
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ---
 # Filter origin audit log
--- a/windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall.md
@ -1,8 +1,8 @@
 ---
-title: Hyper-V firewall
+title: Hyper-V Firewall
 description: Learn how to configure Hyper-V firewall rules and settings using PowerShell or Configuration Service Provider (CSP).
 ms.topic: how-to
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
 ---
--- a/windows/security/operating-system-security/network-security/windows-firewall/index.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/index.md
@ -1,8 +1,8 @@
 ---
-title: Windows Firewall overview
+title: Windows Firewall Overview
 description: Learn overview information about the Windows Firewall security feature.
 ms.topic: overview
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ---
 # Windows Firewall overview
--- a/windows/security/operating-system-security/network-security/windows-firewall/quarantine.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/quarantine.md
@ -1,8 +1,8 @@
 ---
-title: Quarantine behavior
+title: Quarantine Behavior
 description: Learn about Windows Firewall and the quarantine feature behavior.
 ms.topic: concept-article
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ---
 # Quarantine behavior
--- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md
@ -1,7 +1,7 @@
 ---
-title: Windows Firewall rules
+title: Windows Firewall Rules
 description: Learn about Windows Firewall rules and design recommendations.
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ms.topic: concept-article
 ---
--- a/windows/security/operating-system-security/network-security/windows-firewall/tools.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/tools.md
@ -1,7 +1,7 @@
 ---
-title: Windows Firewall tools
+title: Windows Firewall Tools
 description: Learn about the available tools to configure Windows Firewall and firewall rules.
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ms.topic: best-practice
 ---
--- a/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md
@ -2,7 +2,7 @@
 title: Troubleshooting UWP App Connectivity Issues in Windows Firewall
 description: Troubleshooting UWP App Connectivity Issues in Windows Firewall
 ms.topic: troubleshooting
-ms.date: 09/06/2024
+ms.date: 04/07/2025
 ---
 # Troubleshooting UWP App Connectivity Issues
--- a/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md
+++ b/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md
@ -63,7 +63,7 @@ The following tables list the completed Common Criteria certifications for Windo
 [security-target-april-2014]: https://www.commoncriteriaportal.org/files/epfiles/st_vid10540-st.pdf
 [security-target-january-2014]: https://www.commoncriteriaportal.org/files/epfiles/st_vid10529-st.pdf
 [security-target-march-2011]: https://www.commoncriteriaportal.org/files/epfiles/st_vid10390-st.pdf
-[security-target-july-2009]: https://www.microsoft.com/download/en/details.aspx?id=29305
+[security-target-july-2009]: https://www.microsoft.com/download/details.aspx?id=29305
 [security-target-july-2009-hyperv]: https://www.commoncriteriaportal.org/files/epfiles/0570b_pdf.pdf
 [security-target-august-2009]: https://www.commoncriteriaportal.org/files/epfiles/st_vid10291-st.pdf
 [security-target-september-2008]: https://www.commoncriteriaportal.org/files/epfiles/efs-t005_msvista_msserver2008_eal1_st_v1.0.pdf
@ -77,7 +77,7 @@ The following tables list the completed Common Criteria certifications for Windo
 [admin-guide-january-2015-pro]: https://download.microsoft.com/download/6/0/b/60b27ded-705a-4751-8e9f-642e635c3cf3/microsoft%20windows%208%20windows%20server%202012%20common%20criteria%20supplemental%20admin%20guidance.docx
 [admin-guide-april-2014]: https://download.microsoft.com/download/0/8/4/08468080-540b-4326-91bf-f2a33b7e1764/administrative%20guidance%20for%20software%20full%20disk%20encryption%20clients.pdf
 [admin-guide-january-2014]: https://download.microsoft.com/download/a/9/f/a9fd7e2d-023b-4925-a62f-58a7f1a6bd47/microsoft%20windows%208%20windows%20server%202012%20supplemental%20admin%20guidance%20ipsec%20vpn%20client.docx
-[admin-guide-july-2009]: https://www.microsoft.com/download/en/details.aspx?id=29308
+[admin-guide-july-2009]: https://www.microsoft.com/download/details.aspx?id=29308
 [admin-guide-july-2009-hyperv]: https://www.microsoft.com/en-us/download/details.aspx?id=14252
 <!-- Assurance Activity Reports -->
--- a/windows/whats-new/deprecated-features-resources.md
+++ b/windows/whats-new/deprecated-features-resources.md
@ -1,7 +1,7 @@
 ---
 title: Resources for deprecated features in the Windows client
 description: Resources and details for deprecated features in the Windows client.
-ms.date: 08/14/2024
+ms.date: 04/08/2025
 ms.service: windows-client
 ms.subservice: itpro-fundamentals
 ms.localizationpriority: medium
@ -21,6 +21,15 @@ appliesto:
 This article provides additional resources about [deprecated features for Windows client](deprecated-features.md) that may be needed by IT professionals. The following information is provided to help IT professionals plan for the removal of deprecated features:
 ## Windows UWP Map control and Windows Maps platform APIs
 In May 2024, we announced the unification of [Bing Maps for Enterprise](https://blogs.bing.com/maps/2024-05/Microsoft-Announces-Vision-for-Next-Generation-of-Enterprise-Maps) with [Azure Maps](https://azure.microsoft.com/products/azure-maps). This means that going forward, Azure Maps will combine the best of Bing Maps for Enterprise and Azure Maps. If your solution uses the Windows UWP Map control, look to move to an Azure Maps based replacement within one year of this deprecation notice rather than the end date for the entire Bing Maps for Enterprise platform. The following resources can help you with this transition:
 - [Migrate from Bing Maps to Azure Maps](/azure/azure-maps/migrate-bing-maps-overview)
 - [Use the Azure Maps map control](/azure/azure-maps/how-to-use-map-control)
 - [Azure Maps code samples](https://samples.azuremaps.com/)
 - [Bing Maps Blog](https://blogs.bing.com/maps)
 - [Azure Maps Blog](https://techcommunity.microsoft.com/category/azure/blog/azuremapsblog)
 ## Paint 3D
 Paint 3D is deprecated and will be removed from the Microsoft Store on November 4, 2024. Existing installations of Paint 3D will continue to work, but the app will no longer be available for download from the Microsoft Store. If you remove the app, you can reinstall it from the Microsoft Store until November 4, 2024. After that date, Paint 3D will no longer be available for download. Paint 3D was preinstalled on some Windows 10 devices, but wasn't preinstalled on Windows 11 devices. Some alternatives to Paint 3D include:
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@ -1,7 +1,7 @@
 ---
 title: Deprecated features in the Windows client
 description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11.
-ms.date: 02/19/2025
+ms.date: 04/08/2025
 ms.service: windows-client
 ms.subservice: itpro-fundamentals
 ms.localizationpriority: medium
@ -47,6 +47,7 @@ The features in this article are no longer being actively developed, and might b
 | Feature | Details and mitigation  | Deprecation announced |
 |---|---|---|
 | Windows UWP Map control and Windows Maps platform APIs <!--9853556--> | The [Windows UWP Map control](/uwp/api/windows.ui.xaml.controls.maps) and [Windows Maps platform APIs](/uwp/api/windows.services.maps) within Windows have been deprecated as of April 8, 2025. The Maps UWP Control and Maps platform support within Windows will continue to function but will not be updated. For more information, see [Resources for deprecated features](deprecated-features-resources.md#windows-uwp-map-control-and-windows-maps-platform-apis). | April 8, 2025 |
 | Line printer daemon (LPR/LPD) <!--9787121--> | Deprecation reminder: [The line printer daemon protocol (LPR/LPD) was deprecated](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831568(v=ws.11)#printing) starting in Windows Server 2012. As removal of the line printer daemon protocol nears, we'd like to remind customers to ensure their environments are prepared for removal. When these features are eventually removed, clients that print to a server using this protocol, such as UNIX clients, will not be able to connect or print. Instead, UNIX clients should use IPP. Windows clients can connect to UNIX shared printers using the [Windows Standard Port Monitor](/troubleshoot/windows-server/printing/standard-port-monitor-for-tcpip).  | [Original announcement: Windows Server 2012](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831568(v=ws.11)#printing) </br> <br> Courtesy reminder: February 2025 |
 | Location History <!--9798092--> | We are deprecating and removing the Location History feature, an [API](/uwp/api/windows.devices.geolocation.geolocator.getgeopositionhistoryasync) that allowed Cortana to access 24 hours of device history when location was enabled. With the removal of the Location History feature, location data will no longer be saved locally and the corresponding settings will also be removed from the **Privacy & Security** > **Location** page in **Settings**. | February 2025 |
 | Suggested actions <!--9614241-->| Suggested actions that appear when you copy a phone number or future date in Windows 11 are deprecated and will be removed in a future Windows 11 update. | December 2024 |