From 3cff584f8bafbb92de0b95867b4e441296af2cbe Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 20 Apr 2023 11:27:09 -0400
Subject: [PATCH 001/107] initial import

---
 includes/intune/intune-custom-settings-1.md   | 13 +++
 includes/intune/intune-custom-settings-2.md   |  9 ++
 .../intune/intune-custom-settings-info.md     |  6 ++
 includes/licensing/_edition-requirements.md   | 83 +++++++++++++++++++
 includes/licensing/_licensing-requirements.md | 83 +++++++++++++++++++
 .../licensing/access-control-aclsscals.md     | 22 +++++
 includes/licensing/account-lockout-policy.md  | 22 +++++
 includes/licensing/always-on-vpn.md           | 22 +++++
 includes/licensing/applocker.md               | 22 +++++
 .../licensing/assigned-access-kiosk-mode.md   | 22 +++++
 .../licensing/attack-surface-reduction-asr.md | 22 +++++
 ...d-azure-ad-join-with-single-sign-on-sso.md | 22 +++++
 includes/licensing/bitlocker.md               | 22 +++++
 ...tooth-pairing-and-connection-protection.md | 22 +++++
 .../common-criteria-certifications.md         | 22 +++++
 .../licensing/controlled-folder-access.md     | 22 +++++
 .../device-health-attestation-service.md      | 22 +++++
 includes/licensing/direct-access.md           | 22 +++++
 includes/licensing/email-encryption-smime.md  | 22 +++++
 includes/licensing/encrypted-hard-drive.md    | 22 +++++
 ...ed-phishing-protection-with-smartscreen.md | 22 +++++
 includes/licensing/exploit-protection.md      | 22 +++++
 ...fast-identity-online-fido2-security-key.md | 22 +++++
 ...processing-standard-fips-140-validation.md | 22 +++++
 includes/licensing/federated-sign-in.md       | 22 +++++
 .../hardware-enforced-stack-protection.md     | 22 +++++
 ...ypervisor-protected-code-integrity-hvci.md | 22 +++++
 ...nel-direct-memory-access-dma-protection.md | 22 +++++
 .../local-administrator-password-solution.md  | 22 +++++
 ...local-security-authority-lsa-protection.md | 22 +++++
 ...-device-management-mdm-and-group-policy.md | 22 +++++
 includes/licensing/measured-boot.md           | 22 +++++
 .../licensing/microsoft-defender-antivirus.md | 22 +++++
 ...pplication-guard-mdag-configure-via-mdm.md | 22 +++++
 ...terprise-mode-and-enterprise-management.md | 22 +++++
 ...ion-guard-mdag-for-edge-standalone-mode.md | 22 +++++
 ...ication-guard-mdag-for-microsoft-office.md | 22 +++++
 ...nder-application-guard-mdag-public-apis.md | 22 +++++
 .../microsoft-defender-for-endpoint.md        | 22 +++++
 .../microsoft-defender-smartscreen.md         | 22 +++++
 .../microsoft-pluton-security-processor.md    | 22 +++++
 .../microsoft-vulnerable-driver-blocklist.md  | 22 +++++
 .../opportunistic-wireless-encryption-owe.md  | 22 +++++
 .../licensing/personal-data-encryption-pde.md | 22 +++++
 includes/licensing/privacy-resource-usage.md  | 22 +++++
 .../privacy-transparency-and-controls.md      | 22 +++++
 .../licensing/remote-wipe-autopilot-reset.md  | 22 +++++
 .../licensing/secure-boot-and-trusted-boot.md | 22 +++++
 .../secured-core-configuration-lock.md        | 22 +++++
 includes/licensing/secured-core-pc.md         | 22 +++++
 .../security-baselines-with-intune.md         | 22 +++++
 .../server-message-block-direct-smb-direct.md | 22 +++++
 .../server-message-block-smb-file-service.md  | 22 +++++
 includes/licensing/smart-app-control.md       | 22 +++++
 .../smart-cards-for-windows-service.md        | 22 +++++
 .../tamper-protection-settings-for-mde.md     | 22 +++++
 .../licensing/transport-layer-security-tls.md | 22 +++++
 .../trusted-platform-module-tpm-20.md         | 22 +++++
 includes/licensing/universal-print.md         | 22 +++++
 .../licensing/user-account-control-uac.md     | 22 +++++
 .../licensing/virtual-private-network-vpn.md  | 22 +++++
 .../virtualization-based-security-vbs.md      | 22 +++++
 includes/licensing/wifi-security.md           | 22 +++++
 includes/licensing/windows-autopatch.md       | 22 +++++
 includes/licensing/windows-autopilot.md       | 22 +++++
 includes/licensing/windows-containers.md      | 22 +++++
 ...ndows-defender-application-control-wdac.md | 22 +++++
 .../windows-defender-credential-guard.md      | 22 +++++
 ...indows-defender-remote-credential-guard.md | 22 +++++
 .../windows-defender-system-guard.md          | 22 +++++
 includes/licensing/windows-firewall.md        | 22 +++++
 ...business-enhanced-security-sign-in-ess-.md | 22 +++++
 .../licensing/windows-hello-for-business.md   | 22 +++++
 .../licensing/windows-presence-sensing.md     | 22 +++++
 includes/licensing/windows-sandbox.md         | 22 +++++
 ...s-security-policy-settings-and-auditing.md | 22 +++++
 76 files changed, 1756 insertions(+)
 create mode 100644 includes/intune/intune-custom-settings-1.md
 create mode 100644 includes/intune/intune-custom-settings-2.md
 create mode 100644 includes/intune/intune-custom-settings-info.md
 create mode 100644 includes/licensing/_edition-requirements.md
 create mode 100644 includes/licensing/_licensing-requirements.md
 create mode 100644 includes/licensing/access-control-aclsscals.md
 create mode 100644 includes/licensing/account-lockout-policy.md
 create mode 100644 includes/licensing/always-on-vpn.md
 create mode 100644 includes/licensing/applocker.md
 create mode 100644 includes/licensing/assigned-access-kiosk-mode.md
 create mode 100644 includes/licensing/attack-surface-reduction-asr.md
 create mode 100644 includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
 create mode 100644 includes/licensing/bitlocker.md
 create mode 100644 includes/licensing/bluetooth-pairing-and-connection-protection.md
 create mode 100644 includes/licensing/common-criteria-certifications.md
 create mode 100644 includes/licensing/controlled-folder-access.md
 create mode 100644 includes/licensing/device-health-attestation-service.md
 create mode 100644 includes/licensing/direct-access.md
 create mode 100644 includes/licensing/email-encryption-smime.md
 create mode 100644 includes/licensing/encrypted-hard-drive.md
 create mode 100644 includes/licensing/enhanced-phishing-protection-with-smartscreen.md
 create mode 100644 includes/licensing/exploit-protection.md
 create mode 100644 includes/licensing/fast-identity-online-fido2-security-key.md
 create mode 100644 includes/licensing/federal-information-processing-standard-fips-140-validation.md
 create mode 100644 includes/licensing/federated-sign-in.md
 create mode 100644 includes/licensing/hardware-enforced-stack-protection.md
 create mode 100644 includes/licensing/hypervisor-protected-code-integrity-hvci.md
 create mode 100644 includes/licensing/kernel-direct-memory-access-dma-protection.md
 create mode 100644 includes/licensing/local-administrator-password-solution.md
 create mode 100644 includes/licensing/local-security-authority-lsa-protection.md
 create mode 100644 includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
 create mode 100644 includes/licensing/measured-boot.md
 create mode 100644 includes/licensing/microsoft-defender-antivirus.md
 create mode 100644 includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
 create mode 100644 includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
 create mode 100644 includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
 create mode 100644 includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
 create mode 100644 includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
 create mode 100644 includes/licensing/microsoft-defender-for-endpoint.md
 create mode 100644 includes/licensing/microsoft-defender-smartscreen.md
 create mode 100644 includes/licensing/microsoft-pluton-security-processor.md
 create mode 100644 includes/licensing/microsoft-vulnerable-driver-blocklist.md
 create mode 100644 includes/licensing/opportunistic-wireless-encryption-owe.md
 create mode 100644 includes/licensing/personal-data-encryption-pde.md
 create mode 100644 includes/licensing/privacy-resource-usage.md
 create mode 100644 includes/licensing/privacy-transparency-and-controls.md
 create mode 100644 includes/licensing/remote-wipe-autopilot-reset.md
 create mode 100644 includes/licensing/secure-boot-and-trusted-boot.md
 create mode 100644 includes/licensing/secured-core-configuration-lock.md
 create mode 100644 includes/licensing/secured-core-pc.md
 create mode 100644 includes/licensing/security-baselines-with-intune.md
 create mode 100644 includes/licensing/server-message-block-direct-smb-direct.md
 create mode 100644 includes/licensing/server-message-block-smb-file-service.md
 create mode 100644 includes/licensing/smart-app-control.md
 create mode 100644 includes/licensing/smart-cards-for-windows-service.md
 create mode 100644 includes/licensing/tamper-protection-settings-for-mde.md
 create mode 100644 includes/licensing/transport-layer-security-tls.md
 create mode 100644 includes/licensing/trusted-platform-module-tpm-20.md
 create mode 100644 includes/licensing/universal-print.md
 create mode 100644 includes/licensing/user-account-control-uac.md
 create mode 100644 includes/licensing/virtual-private-network-vpn.md
 create mode 100644 includes/licensing/virtualization-based-security-vbs.md
 create mode 100644 includes/licensing/wifi-security.md
 create mode 100644 includes/licensing/windows-autopatch.md
 create mode 100644 includes/licensing/windows-autopilot.md
 create mode 100644 includes/licensing/windows-containers.md
 create mode 100644 includes/licensing/windows-defender-application-control-wdac.md
 create mode 100644 includes/licensing/windows-defender-credential-guard.md
 create mode 100644 includes/licensing/windows-defender-remote-credential-guard.md
 create mode 100644 includes/licensing/windows-defender-system-guard.md
 create mode 100644 includes/licensing/windows-firewall.md
 create mode 100644 includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess-.md
 create mode 100644 includes/licensing/windows-hello-for-business.md
 create mode 100644 includes/licensing/windows-presence-sensing.md
 create mode 100644 includes/licensing/windows-sandbox.md
 create mode 100644 includes/licensing/windows-security-policy-settings-and-auditing.md

diff --git a/includes/intune/intune-custom-settings-1.md b/includes/intune/intune-custom-settings-1.md
new file mode 100644
index 0000000000..d911751e75
--- /dev/null
+++ b/includes/intune/intune-custom-settings-1.md
@@ -0,0 +1,13 @@
+---
+ms.date: 02/22/2022
+ms.topic: include
+---
+
+To configure devices with Microsoft Intune, use a custom policy:
+
+1. Go to the <a href="https://intune.microsoft.com" target="_blank"><b>Microsoft Intune admin center</b></a>
+2. Select **Devices > Configuration profiles > Create profile**
+3. Select **Platform > Windows 10 and later** and **Profile type > Templates > Custom**
+4. Select **Create**
+5. Specify a **Name** and, optionally, a **Description > Next**
+6. Add the following settings:
\ No newline at end of file
diff --git a/includes/intune/intune-custom-settings-2.md b/includes/intune/intune-custom-settings-2.md
new file mode 100644
index 0000000000..1a601acaa7
--- /dev/null
+++ b/includes/intune/intune-custom-settings-2.md
@@ -0,0 +1,9 @@
+---
+ms.date: 11/08/2022
+ms.topic: include
+---
+
+7. Select **Next**
+8. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**
+9. Under **Applicability Rules**, select **Next**
+10. Review the policy configuration and select **Create**
\ No newline at end of file
diff --git a/includes/intune/intune-custom-settings-info.md b/includes/intune/intune-custom-settings-info.md
new file mode 100644
index 0000000000..8ff9da4294
--- /dev/null
+++ b/includes/intune/intune-custom-settings-info.md
@@ -0,0 +1,6 @@
+---
+ms.date: 11/08/2022
+ms.topic: include
+---
+
+For more information about how to create custom settings using Intune, see [Use custom settings for Windows devices in Intune](/mem/intune/configuration/custom-settings-windows-10).
\ No newline at end of file
diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md
new file mode 100644
index 0000000000..ceb1113e19
--- /dev/null
+++ b/includes/licensing/_edition-requirements.md
@@ -0,0 +1,83 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+The following table lists the security features that are available in Windows, and the Windows editions that support them:
+
+|Feature name|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|:---:|
+|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
+|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|
+|**[Always On VPN](/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|Yes|Yes|
+|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|Yes|Yes|Yes|Yes|
+|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|
+|**[Attack surface reduction (ASR)](/en-us/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|
+|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|
+|**[BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|
+|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|
+|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|
+|**[Controlled folder access](/en-us/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|
+|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|
+|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|No|Yes|No|Yes|
+|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|
+|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|
+|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|
+|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|
+|**[Fast Identity Online (FIDO2) security key](/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|
+|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|
+|**[Federated sign-in](/education/windows/federated-sign-in)**|No|No|Yes|Yes|
+|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|
+|**[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)**|Yes|Yes|Yes|Yes|
+|**[Kernel Direct Memory Access (DMA) protection](/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|
+|**Local Administrator Password Solution**|Yes|Yes|Yes|Yes|
+|**[Local Security Authority (LSA) Protection](/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=%2Fwindows%2Fsecurity%2Ftoc.json&bc=%2Fwindows%2Fsecurity%2Fbreadcrumb%2Ftoc.json)**|Yes|Yes|Yes|Yes|
+|**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|
+|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Antivirus](/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|No|Yes|No|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|No|Yes|No|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/en-us/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|No|Yes|No|Yes|
+|**Microsoft Defender Application Guard (MDAG) public APIs**|No|Yes|No|Yes|
+|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Vulnerable Driver Blocklist](/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules%23microsoft-vulnerable-driver-blocklist)**|Yes|Yes|Yes|Yes|
+|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|
+|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|No|Yes|No|Yes|
+|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|
+|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|
+|**[Remote wipe (Autopilot reset)](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|
+|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|
+|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|
+|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|
+|**[Security baselines with Intune](/mem/intune/protect/security-baselines)**|Yes|Yes|Yes|Yes|
+|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|
+|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|
+|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
+|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|
+|**[Tamper protection settings for MDE](/en-us/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|
+|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|
+|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|
+|**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes|
+|**[User Account Control (UAC)](/indows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|
+|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|
+|**[Virtualization-based security (VBS)](/en-us/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|
+|**WiFi Security**|Yes|Yes|Yes|Yes|
+|**[Windows Autopatch](/en-us/windows/deployment/windows-autopatch/)**|No|Yes|No|Yes|
+|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|
+|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|
+|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
+|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|Yes|Yes|Yes|Yes|
+|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|
+|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|
+|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business Enhanced Security Sign-in (ESS) ](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|
+|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|
+|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|
+|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|
+
diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md
new file mode 100644
index 0000000000..ed1bc471ae
--- /dev/null
+++ b/includes/licensing/_licensing-requirements.md
@@ -0,0 +1,83 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+The following table lists the security features that are available in Windows, and the licensing requirements to use them:
+
+|Feature name|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|:---:|
+|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
+|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes|
+|**[Always On VPN](/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|Yes|Yes|Yes|
+|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes|
+|**[Attack surface reduction (ASR)](/en-us/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes|
+|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes|
+|**[BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|Yes|
+|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|Yes|
+|**[Controlled folder access](/en-us/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|Yes|
+|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|Yes|
+|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|No|Yes|Yes|Yes|Yes|
+|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|Yes|
+|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|Yes|
+|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|Yes|
+|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes|
+|**[Fast Identity Online (FIDO2) security key](/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|Yes|
+|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes|
+|**[Federated sign-in](/education/windows/federated-sign-in)**|No|No|No|Yes|Yes|
+|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes|
+|**[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)**|Yes|Yes|Yes|Yes|Yes|
+|**[Kernel Direct Memory Access (DMA) protection](/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes|
+|**Local Administrator Password Solution**|Yes|Yes|Yes|Yes|Yes|
+|**[Local Security Authority (LSA) Protection](/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=%2Fwindows%2Fsecurity%2Ftoc.json&bc=%2Fwindows%2Fsecurity%2Fbreadcrumb%2Ftoc.json)**|Yes|Yes|Yes|Yes|Yes|
+|**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Antivirus](/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|No|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|No|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/en-us/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|No|No|No|No|No|
+|**Microsoft Defender Application Guard (MDAG) public APIs**|No|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|No|Yes|No|Yes|
+|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Vulnerable Driver Blocklist](/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules%23microsoft-vulnerable-driver-blocklist)**|Yes|Yes|Yes|Yes|Yes|
+|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes|
+|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|No|Yes|Yes|Yes|Yes|
+|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes|
+|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|Yes|
+|**[Remote wipe (Autopilot reset)](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes|
+|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|Yes|
+|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|Yes|
+|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes|
+|**[Security baselines with Intune](/mem/intune/protect/security-baselines)**|Yes|Yes|Yes|Yes|Yes|
+|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|Yes|
+|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
+|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|Yes|
+|**[Tamper protection settings for MDE](/en-us/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes|
+|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes|Yes|
+|**[User Account Control (UAC)](/indows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes|
+|**[Virtualization-based security (VBS)](/en-us/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes|
+|**WiFi Security**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Autopatch](/en-us/windows/deployment/windows-autopatch/)**|No|Yes|Yes|No|No|
+|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business Enhanced Security Sign-in (ESS) ](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes|
+
diff --git a/includes/licensing/access-control-aclsscals.md b/includes/licensing/access-control-aclsscals.md
new file mode 100644
index 0000000000..b61af93fa8
--- /dev/null
+++ b/includes/licensing/access-control-aclsscals.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Access Control (ACLs/SCALS):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Access Control (ACLs/SCALS) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/account-lockout-policy.md b/includes/licensing/account-lockout-policy.md
new file mode 100644
index 0000000000..8b18a6b661
--- /dev/null
+++ b/includes/licensing/account-lockout-policy.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Account Lockout Policy:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Account Lockout Policy license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/always-on-vpn.md b/includes/licensing/always-on-vpn.md
new file mode 100644
index 0000000000..81d7029add
--- /dev/null
+++ b/includes/licensing/always-on-vpn.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Always On VPN:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Always On VPN license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/applocker.md b/includes/licensing/applocker.md
new file mode 100644
index 0000000000..2fff9e6ab8
--- /dev/null
+++ b/includes/licensing/applocker.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support AppLocker:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+AppLocker license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/assigned-access-kiosk-mode.md b/includes/licensing/assigned-access-kiosk-mode.md
new file mode 100644
index 0000000000..a82316265b
--- /dev/null
+++ b/includes/licensing/assigned-access-kiosk-mode.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Assigned Access (kiosk mode):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Assigned Access (kiosk mode) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/attack-surface-reduction-asr.md b/includes/licensing/attack-surface-reduction-asr.md
new file mode 100644
index 0000000000..3a5d744e92
--- /dev/null
+++ b/includes/licensing/attack-surface-reduction-asr.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Attack surface reduction (ASR):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Attack surface reduction (ASR) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
new file mode 100644
index 0000000000..8617927b9e
--- /dev/null
+++ b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/bitlocker.md b/includes/licensing/bitlocker.md
new file mode 100644
index 0000000000..94fd275f1b
--- /dev/null
+++ b/includes/licensing/bitlocker.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support BitLocker:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+BitLocker license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/bluetooth-pairing-and-connection-protection.md b/includes/licensing/bluetooth-pairing-and-connection-protection.md
new file mode 100644
index 0000000000..1e9b048129
--- /dev/null
+++ b/includes/licensing/bluetooth-pairing-and-connection-protection.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Bluetooth pairing and connection protection:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Bluetooth pairing and connection protection license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/common-criteria-certifications.md b/includes/licensing/common-criteria-certifications.md
new file mode 100644
index 0000000000..c79ce326be
--- /dev/null
+++ b/includes/licensing/common-criteria-certifications.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Common Criteria certifications:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Common Criteria certifications license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/controlled-folder-access.md b/includes/licensing/controlled-folder-access.md
new file mode 100644
index 0000000000..2a61948725
--- /dev/null
+++ b/includes/licensing/controlled-folder-access.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Controlled folder access:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Controlled folder access license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/device-health-attestation-service.md b/includes/licensing/device-health-attestation-service.md
new file mode 100644
index 0000000000..6a665ad462
--- /dev/null
+++ b/includes/licensing/device-health-attestation-service.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Device health attestation service:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Device health attestation service license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/direct-access.md b/includes/licensing/direct-access.md
new file mode 100644
index 0000000000..8b51088d50
--- /dev/null
+++ b/includes/licensing/direct-access.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Direct Access:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Direct Access license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/email-encryption-smime.md b/includes/licensing/email-encryption-smime.md
new file mode 100644
index 0000000000..4927db3ddc
--- /dev/null
+++ b/includes/licensing/email-encryption-smime.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Email Encryption (S/MIME):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Email Encryption (S/MIME) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/encrypted-hard-drive.md b/includes/licensing/encrypted-hard-drive.md
new file mode 100644
index 0000000000..bed3785662
--- /dev/null
+++ b/includes/licensing/encrypted-hard-drive.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Encrypted hard drive:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Encrypted hard drive license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
new file mode 100644
index 0000000000..a686eedfa0
--- /dev/null
+++ b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Enhanced phishing protection with SmartScreen:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Enhanced phishing protection with SmartScreen license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/exploit-protection.md b/includes/licensing/exploit-protection.md
new file mode 100644
index 0000000000..79075680e1
--- /dev/null
+++ b/includes/licensing/exploit-protection.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Exploit protection:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Exploit protection license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/fast-identity-online-fido2-security-key.md b/includes/licensing/fast-identity-online-fido2-security-key.md
new file mode 100644
index 0000000000..b77f7bcdda
--- /dev/null
+++ b/includes/licensing/fast-identity-online-fido2-security-key.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Fast Identity Online (FIDO2) security key:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Fast Identity Online (FIDO2) security key license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/federal-information-processing-standard-fips-140-validation.md b/includes/licensing/federal-information-processing-standard-fips-140-validation.md
new file mode 100644
index 0000000000..c69f77ad4d
--- /dev/null
+++ b/includes/licensing/federal-information-processing-standard-fips-140-validation.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Federal Information Processing Standard (FIPS) 140 validation:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Federal Information Processing Standard (FIPS) 140 validation license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md
new file mode 100644
index 0000000000..dd7843efd2
--- /dev/null
+++ b/includes/licensing/federated-sign-in.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Federated sign-in:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|No|Yes|Yes|
+
+Federated sign-in license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|No|No|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/hardware-enforced-stack-protection.md b/includes/licensing/hardware-enforced-stack-protection.md
new file mode 100644
index 0000000000..78d7aeec9a
--- /dev/null
+++ b/includes/licensing/hardware-enforced-stack-protection.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Hardware-enforced stack protection:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Hardware-enforced stack protection license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/hypervisor-protected-code-integrity-hvci.md b/includes/licensing/hypervisor-protected-code-integrity-hvci.md
new file mode 100644
index 0000000000..7e61d752bb
--- /dev/null
+++ b/includes/licensing/hypervisor-protected-code-integrity-hvci.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Hypervisor-protected Code Integrity (HVCI):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Hypervisor-protected Code Integrity (HVCI) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/kernel-direct-memory-access-dma-protection.md b/includes/licensing/kernel-direct-memory-access-dma-protection.md
new file mode 100644
index 0000000000..279343b746
--- /dev/null
+++ b/includes/licensing/kernel-direct-memory-access-dma-protection.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Kernel Direct Memory Access (DMA) protection:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Kernel Direct Memory Access (DMA) protection license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/local-administrator-password-solution.md b/includes/licensing/local-administrator-password-solution.md
new file mode 100644
index 0000000000..f3755e26ef
--- /dev/null
+++ b/includes/licensing/local-administrator-password-solution.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Local Administrator Password Solution:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Local Administrator Password Solution license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/local-security-authority-lsa-protection.md b/includes/licensing/local-security-authority-lsa-protection.md
new file mode 100644
index 0000000000..d73f52dbb0
--- /dev/null
+++ b/includes/licensing/local-security-authority-lsa-protection.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Local Security Authority (LSA) Protection:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Local Security Authority (LSA) Protection license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
new file mode 100644
index 0000000000..0f451c84a3
--- /dev/null
+++ b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Manage by Mobile Device Management (MDM) and group policy:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Manage by Mobile Device Management (MDM) and group policy license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/measured-boot.md b/includes/licensing/measured-boot.md
new file mode 100644
index 0000000000..6ef4375480
--- /dev/null
+++ b/includes/licensing/measured-boot.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Measured boot:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Measured boot license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/microsoft-defender-antivirus.md b/includes/licensing/microsoft-defender-antivirus.md
new file mode 100644
index 0000000000..9c1be50238
--- /dev/null
+++ b/includes/licensing/microsoft-defender-antivirus.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Antivirus:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Defender Antivirus license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
new file mode 100644
index 0000000000..51a3ed00c4
--- /dev/null
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) configure via MDM:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Microsoft Defender Application Guard (MDAG) configure via MDM license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
new file mode 100644
index 0000000000..e54c7297e5
--- /dev/null
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
new file mode 100644
index 0000000000..63209d39a9
--- /dev/null
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) for Edge standalone mode:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Defender Application Guard (MDAG) for Edge standalone mode license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
new file mode 100644
index 0000000000..ddf7f5724f
--- /dev/null
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) for Microsoft Office:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Microsoft Defender Application Guard (MDAG) for Microsoft Office license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|No|No|No|No|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
new file mode 100644
index 0000000000..8013ede707
--- /dev/null
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) public APIs:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Microsoft Defender Application Guard (MDAG) public APIs license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/microsoft-defender-for-endpoint.md b/includes/licensing/microsoft-defender-for-endpoint.md
new file mode 100644
index 0000000000..64f94347cb
--- /dev/null
+++ b/includes/licensing/microsoft-defender-for-endpoint.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender for Endpoint:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Defender for Endpoint license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|No|Yes|No|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/microsoft-defender-smartscreen.md b/includes/licensing/microsoft-defender-smartscreen.md
new file mode 100644
index 0000000000..79341e2f69
--- /dev/null
+++ b/includes/licensing/microsoft-defender-smartscreen.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender SmartScreen:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Defender SmartScreen license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/microsoft-pluton-security-processor.md b/includes/licensing/microsoft-pluton-security-processor.md
new file mode 100644
index 0000000000..a829864982
--- /dev/null
+++ b/includes/licensing/microsoft-pluton-security-processor.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Pluton security processor:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Pluton security processor license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/microsoft-vulnerable-driver-blocklist.md b/includes/licensing/microsoft-vulnerable-driver-blocklist.md
new file mode 100644
index 0000000000..5e8d7d0619
--- /dev/null
+++ b/includes/licensing/microsoft-vulnerable-driver-blocklist.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Vulnerable Driver Blocklist:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Vulnerable Driver Blocklist license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/opportunistic-wireless-encryption-owe.md b/includes/licensing/opportunistic-wireless-encryption-owe.md
new file mode 100644
index 0000000000..329b98a56f
--- /dev/null
+++ b/includes/licensing/opportunistic-wireless-encryption-owe.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Opportunistic Wireless Encryption (OWE):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Opportunistic Wireless Encryption (OWE) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/personal-data-encryption-pde.md b/includes/licensing/personal-data-encryption-pde.md
new file mode 100644
index 0000000000..17db0c0d9b
--- /dev/null
+++ b/includes/licensing/personal-data-encryption-pde.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Personal data encryption (PDE):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Personal data encryption (PDE) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/privacy-resource-usage.md b/includes/licensing/privacy-resource-usage.md
new file mode 100644
index 0000000000..1912cef847
--- /dev/null
+++ b/includes/licensing/privacy-resource-usage.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Privacy Resource Usage:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Privacy Resource Usage license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/privacy-transparency-and-controls.md b/includes/licensing/privacy-transparency-and-controls.md
new file mode 100644
index 0000000000..423adcfba8
--- /dev/null
+++ b/includes/licensing/privacy-transparency-and-controls.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Privacy Transparency and Controls:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Privacy Transparency and Controls license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/remote-wipe-autopilot-reset.md b/includes/licensing/remote-wipe-autopilot-reset.md
new file mode 100644
index 0000000000..d4c0bc571a
--- /dev/null
+++ b/includes/licensing/remote-wipe-autopilot-reset.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Remote wipe (Autopilot reset):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Remote wipe (Autopilot reset) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/secure-boot-and-trusted-boot.md b/includes/licensing/secure-boot-and-trusted-boot.md
new file mode 100644
index 0000000000..fd57393232
--- /dev/null
+++ b/includes/licensing/secure-boot-and-trusted-boot.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Secure Boot and Trusted Boot:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Secure Boot and Trusted Boot license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/secured-core-configuration-lock.md b/includes/licensing/secured-core-configuration-lock.md
new file mode 100644
index 0000000000..282eefbd8f
--- /dev/null
+++ b/includes/licensing/secured-core-configuration-lock.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Secured-core configuration lock:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Secured-core configuration lock license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/secured-core-pc.md b/includes/licensing/secured-core-pc.md
new file mode 100644
index 0000000000..cd335f6263
--- /dev/null
+++ b/includes/licensing/secured-core-pc.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Secured-core PC:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Secured-core PC license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/security-baselines-with-intune.md b/includes/licensing/security-baselines-with-intune.md
new file mode 100644
index 0000000000..bc9a0ca9c2
--- /dev/null
+++ b/includes/licensing/security-baselines-with-intune.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Security baselines with Intune:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Security baselines with Intune license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/server-message-block-direct-smb-direct.md b/includes/licensing/server-message-block-direct-smb-direct.md
new file mode 100644
index 0000000000..4b468b65a6
--- /dev/null
+++ b/includes/licensing/server-message-block-direct-smb-direct.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Server Message Block Direct (SMB Direct):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Server Message Block Direct (SMB Direct) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/server-message-block-smb-file-service.md b/includes/licensing/server-message-block-smb-file-service.md
new file mode 100644
index 0000000000..1e1f9fc40a
--- /dev/null
+++ b/includes/licensing/server-message-block-smb-file-service.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Server Message Block (SMB) file service:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Server Message Block (SMB) file service license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/smart-app-control.md b/includes/licensing/smart-app-control.md
new file mode 100644
index 0000000000..6ea29fbfb6
--- /dev/null
+++ b/includes/licensing/smart-app-control.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Smart App Control:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Smart App Control license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/smart-cards-for-windows-service.md b/includes/licensing/smart-cards-for-windows-service.md
new file mode 100644
index 0000000000..803b2af86c
--- /dev/null
+++ b/includes/licensing/smart-cards-for-windows-service.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Smart Cards for Windows Service:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Smart Cards for Windows Service license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/tamper-protection-settings-for-mde.md b/includes/licensing/tamper-protection-settings-for-mde.md
new file mode 100644
index 0000000000..28cbc5ff70
--- /dev/null
+++ b/includes/licensing/tamper-protection-settings-for-mde.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Tamper protection settings for MDE:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Tamper protection settings for MDE license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/transport-layer-security-tls.md b/includes/licensing/transport-layer-security-tls.md
new file mode 100644
index 0000000000..43104ded20
--- /dev/null
+++ b/includes/licensing/transport-layer-security-tls.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Transport layer security (TLS):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Transport layer security (TLS) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/trusted-platform-module-tpm-20.md b/includes/licensing/trusted-platform-module-tpm-20.md
new file mode 100644
index 0000000000..60a46d1917
--- /dev/null
+++ b/includes/licensing/trusted-platform-module-tpm-20.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Trusted Platform Module (TPM) 2.0:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Trusted Platform Module (TPM) 2.0 license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/universal-print.md b/includes/licensing/universal-print.md
new file mode 100644
index 0000000000..a346b3ff35
--- /dev/null
+++ b/includes/licensing/universal-print.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Universal Print:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Universal Print license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/user-account-control-uac.md b/includes/licensing/user-account-control-uac.md
new file mode 100644
index 0000000000..41276ad062
--- /dev/null
+++ b/includes/licensing/user-account-control-uac.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support User Account Control (UAC):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+User Account Control (UAC) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/virtual-private-network-vpn.md b/includes/licensing/virtual-private-network-vpn.md
new file mode 100644
index 0000000000..ea1d783bc4
--- /dev/null
+++ b/includes/licensing/virtual-private-network-vpn.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Virtual Private Network (VPN):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Virtual Private Network (VPN) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/virtualization-based-security-vbs.md b/includes/licensing/virtualization-based-security-vbs.md
new file mode 100644
index 0000000000..25e88ae0f7
--- /dev/null
+++ b/includes/licensing/virtualization-based-security-vbs.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Virtualization-based security (VBS):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Virtualization-based security (VBS) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/wifi-security.md b/includes/licensing/wifi-security.md
new file mode 100644
index 0000000000..64cd094090
--- /dev/null
+++ b/includes/licensing/wifi-security.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support WiFi Security:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+WiFi Security license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/windows-autopatch.md b/includes/licensing/windows-autopatch.md
new file mode 100644
index 0000000000..5befd266fd
--- /dev/null
+++ b/includes/licensing/windows-autopatch.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Autopatch:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Windows Autopatch license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|No|No|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/windows-autopilot.md b/includes/licensing/windows-autopilot.md
new file mode 100644
index 0000000000..864a70420d
--- /dev/null
+++ b/includes/licensing/windows-autopilot.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Autopilot:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Autopilot license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/windows-containers.md b/includes/licensing/windows-containers.md
new file mode 100644
index 0000000000..4a4dfb57ff
--- /dev/null
+++ b/includes/licensing/windows-containers.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows containers:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows containers license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/windows-defender-application-control-wdac.md b/includes/licensing/windows-defender-application-control-wdac.md
new file mode 100644
index 0000000000..e24df8d22d
--- /dev/null
+++ b/includes/licensing/windows-defender-application-control-wdac.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Defender Application Control (WDAC):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Defender Application Control (WDAC) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/windows-defender-credential-guard.md b/includes/licensing/windows-defender-credential-guard.md
new file mode 100644
index 0000000000..f8de73da86
--- /dev/null
+++ b/includes/licensing/windows-defender-credential-guard.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Defender Credential Guard:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Defender Credential Guard license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/windows-defender-remote-credential-guard.md b/includes/licensing/windows-defender-remote-credential-guard.md
new file mode 100644
index 0000000000..427cb21ad5
--- /dev/null
+++ b/includes/licensing/windows-defender-remote-credential-guard.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Defender Remote Credential Guard:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Defender Remote Credential Guard license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/windows-defender-system-guard.md b/includes/licensing/windows-defender-system-guard.md
new file mode 100644
index 0000000000..b41b5fe127
--- /dev/null
+++ b/includes/licensing/windows-defender-system-guard.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Defender System Guard:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Defender System Guard license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/windows-firewall.md b/includes/licensing/windows-firewall.md
new file mode 100644
index 0000000000..f315039fc8
--- /dev/null
+++ b/includes/licensing/windows-firewall.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Firewall:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Firewall license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess-.md b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess-.md
new file mode 100644
index 0000000000..050a888208
--- /dev/null
+++ b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess-.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Hello for Business Enhanced Security Sign-in (ESS) :
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Hello for Business Enhanced Security Sign-in (ESS)  license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/windows-hello-for-business.md b/includes/licensing/windows-hello-for-business.md
new file mode 100644
index 0000000000..04670f3262
--- /dev/null
+++ b/includes/licensing/windows-hello-for-business.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Hello for Business:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Hello for Business license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/windows-presence-sensing.md b/includes/licensing/windows-presence-sensing.md
new file mode 100644
index 0000000000..b86eea0301
--- /dev/null
+++ b/includes/licensing/windows-presence-sensing.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows presence sensing:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows presence sensing license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/windows-sandbox.md b/includes/licensing/windows-sandbox.md
new file mode 100644
index 0000000000..7b4226f716
--- /dev/null
+++ b/includes/licensing/windows-sandbox.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Sandbox:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Sandbox license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/windows-security-policy-settings-and-auditing.md b/includes/licensing/windows-security-policy-settings-and-auditing.md
new file mode 100644
index 0000000000..d366e1660e
--- /dev/null
+++ b/includes/licensing/windows-security-policy-settings-and-auditing.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/20/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Security policy settings and auditing:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Security policy settings and auditing license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).

From 09033a677518ab23999dc9630c9ef6da90f8fbac Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 20 Apr 2023 12:56:26 -0400
Subject: [PATCH 002/107] changes

---
 education/windows/federated-sign-in.md        |   2 +
 .../hello-for-business/hello-overview.md      |   2 +
 .../security/introduction/chip-to-cloud.svg   |   3 +
 windows/security/introduction/index.md        |  57 +++++++
 .../security-features-edition-requirements.md |  19 +++
 ...ity-features-licensing-requirements-edu.md |  19 +++
 ...ecurity-features-licensing-requirements.md |  19 +++
 windows/whats-new/windows-licensing.md        | 157 ++++++++++++++++++
 8 files changed, 278 insertions(+)
 create mode 100644 windows/security/introduction/chip-to-cloud.svg
 create mode 100644 windows/security/introduction/index.md
 create mode 100644 windows/security/introduction/security-features-edition-requirements.md
 create mode 100644 windows/security/introduction/security-features-licensing-requirements-edu.md
 create mode 100644 windows/security/introduction/security-features-licensing-requirements.md
 create mode 100644 windows/whats-new/windows-licensing.md

diff --git a/education/windows/federated-sign-in.md b/education/windows/federated-sign-in.md
index 326c71ca59..6f2f8963c2 100644
--- a/education/windows/federated-sign-in.md
+++ b/education/windows/federated-sign-in.md
@@ -53,6 +53,8 @@ To use federated sign-in, the devices must have Internet access. This feature wo
 > - provisioning packages (PPKG)
 > - Windows Autopilot self-deploying mode
 
+[!INCLUDE [federated-sign-in](../../includes/licensing/security/federated-sign-in.md)]
+
 ### System requirements
 
 Federated sign-in is supported on the following Windows SKUs and versions:
diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md
index 005fb6c685..f4c5e4f7a1 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/hello-overview.md
@@ -65,6 +65,8 @@ Imagine that someone is looking over your shoulder as you get money from an ATM
 
 Windows Hello helps protect user identities and user credentials. Because the user doesn't enter a password (except during provisioning), it helps circumvent phishing and brute force attacks. It also helps prevent server breaches because Windows Hello credentials are an asymmetric key pair, which helps prevent replay attacks when these keys are protected by TPMs.
 
+[!INCLUDE [windows-hello-for-business](../../../../includes/licensing/security/windows-hello-for-business.md)]
+
 ## How Windows Hello for Business works: key points
 
 - Windows Hello credentials are based on certificate or asymmetrical key pair. Windows Hello credentials can be bound to the device, and the token that is obtained using the credential is also bound to the device.
diff --git a/windows/security/introduction/chip-to-cloud.svg b/windows/security/introduction/chip-to-cloud.svg
new file mode 100644
index 0000000000..62f4230955
--- /dev/null
+++ b/windows/security/introduction/chip-to-cloud.svg
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="1595px" height="631px" viewBox="-0.5 -0.5 1595 631"><defs/><g><rect x="0" y="426" width="1590" height="200" rx="8" ry="8" fill="#000000" stroke="none" pointer-events="all" transform="translate(2,3)" opacity="0.25"/><rect x="0" y="426" width="1590" height="200" rx="8" ry="8" fill="#0c59a4" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe flex-start; width: 1442px; height: 1px; padding-top: 526px; margin-left: 150px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 20px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;"><span style="font-weight: normal;">Hardware<br style="font-size: 20px;" />(Chip)</span></div></div></div></foreignObject><text x="150" y="532" fill="#FFFFFF" font-family="Segoe UI semibold" font-size="20px" font-weight="bold">Hardware...</text></switch></g><image x="29.5" y="485.5" width="90" height="90" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMDQ4IDIwNDgiPiYjeGE7ICA8cGF0aCBmaWxsPSIjRkZGRkZGIiBkPSJNMzg0IDE3NThxLTU5LTM1LTk0LTk0SDY0cS0yNiAwLTQ1LTE5dC0xOS00NXEwLTI2IDE5LTQ1dDQ1LTE5aDE5MnYtMjU2SDY0cS0yNiAwLTQ1LTE5dC0xOS00NXEwLTI2IDE5LTQ1dDQ1LTE5aDE5MlY4OTZINjRxLTI2IDAtNDUtMTlUMCA4MzJxMC0yNiAxOS00NXQ0NS0xOWgxOTJWNTEySDY0cS0yNiAwLTQ1LTE5VDAgNDQ4cTAtMjYgMTktNDV0NDUtMTloMjI2cTM1LTU5IDk0LTk0VjY0cTAtMjYgMTktNDV0NDUtMTlxMjYgMCA0NSAxOXQxOSA0NXYxOTJoMjU2VjY0cTAtMjYgMTktNDV0NDUtMTlxMjYgMCA0NSAxOXQxOSA0NXYxOTJoMjU2VjY0cTAtMjYgMTktNDV0NDUtMTlxMjYgMCA0NSAxOXQxOSA0NXYxOTJoMjU2VjY0cTAtMjYgMTktNDV0NDUtMTlxMjYgMCA0NSAxOXQxOSA0NXYyMjZxNTkgMzUgOTQgOTRoMjI2cTI2IDAgNDUgMTl0MTkgNDVxMCAyNi0xOSA0NXQtNDUgMTloLTE5MnYyNTZoMTkycTI2IDAgNDUgMTl0MTkgNDVxMCAyNi0xOSA0NXQtNDUgMTloLTE5MnYyNTZoMTkycTI2IDAgNDUgMTl0MTkgNDVxMCAyNi0xOSA0NXQtNDUgMTloLTE5MnYyNTZoMTkycTI2IDAgNDUgMTl0MTkgNDVxMCAyNi0xOSA0NXQtNDUgMTloLTIyNnEtMzUgNTktOTQgOTR2MjI2cTAgMjYtMTkgNDV0LTQ1IDE5cS0yNiAwLTQ1LTE5dC0xOS00NXYtMTkyaC0yNTZ2MTkycTAgMjYtMTkgNDV0LTQ1IDE5cS0yNiAwLTQ1LTE5dC0xOS00NXYtMTkySDg5NnYxOTJxMCAyNi0xOSA0NXQtNDUgMTlxLTI2IDAtNDUtMTl0LTE5LTQ1di0xOTJINTEydjE5MnEwIDI2LTE5IDQ1dC00NSAxOXEtMjYgMC00NS0xOXQtMTktNDV2LTIyNnptMTE1Mi05NHEyNyAwIDUwLTEwdDQwLTI3IDI4LTQxIDEwLTUwVjUxMnEwLTI2LTEwLTQ5dC0yNy00MS00MS0yOC01MC0xMEg1MTJxLTI3IDAtNTAgMTB0LTQwIDI3LTI4IDQxLTEwIDUwdjEwMjRxMCAyNyAxMCA1MHQyNyA0MSA0MCAyNyA1MSAxMGgxMDI0ek01NTUgODMxcTAtMTQgNi0yNiAzMS02NiA4MC0xMjB0MTA5LTkzIDEzMS01OSAxNDMtMjFxMTEwIDAgMjEwIDQ1dDE3NCAxMjhWNTc2cTAtMjYgMTktNDV0NDUtMTlxMjYgMCA0NSAxOXQxOSA0NXYyNTZxMCAyNi0xOSA0NXQtNDUgMTloLTI1NnEtMjYgMC00NS0xOXQtMTktNDVxMC0yMSA4LTM0dDIzLTIwIDMxLTkgMzYtM3ExNyAwIDMyIDF0MjggMXEtNTUtNjItMTI5LTk1dC0xNTctMzNxLTExMiAwLTIwNiA2MC0yNiAxNi00NiAzM3QtMzYgMzYtMzEgNDItMjggNDhxLTkgMTctMjMgMjd0LTM1IDEwcS0yNiAwLTQ1LTE5dC0xOS00NnptLTQzIDY0MXYtMjU2cTAtMjYgMTktNDV0NDUtMTloMjU2cTI2IDAgNDUgMTl0MTkgNDVxMCAyMS04IDM0dC0yMyAyMC0zMSA5LTM2IDNxLTE3IDAtMzItMXQtMjgtMXE1NSA2MiAxMjkgOTV0MTU3IDMzcTExMCAwIDIwNS02MCAyNS0xNiA0NS0zM3QzNy0zNiAzMS00MiAyOS00OXExOS0zNiA1OC0zNiAyNiAwIDQ1IDE5dDE5IDQ1cTAgMTUtNiAyNy0zMCA2Ni03OSAxMjB0LTExMCA5My0xMzIgNTktMTQyIDIxcS0xMTEgMC0yMTEtNDR0LTE3My0xMjl2MTA5cTAgMjYtMTkgNDV0LTQ1IDE5cS0yNiAwLTQ1LTE5dC0xOS00NXoiLz4mI3hhOzwvc3ZnPg==" preserveAspectRatio="none"/><rect x="330" y="436" width="600" height="180" rx="7.2" ry="7.2" fill="#000000" stroke="none" pointer-events="all" transform="translate(2,3)" opacity="0.25"/><rect x="330" y="436" width="600" height="180" rx="7.2" ry="7.2" fill="#243a5e" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 582px; height: 1px; padding-top: 451px; margin-left: 350px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 20px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;"><font style="font-size: 18px;"><span style="color: rgb(80, 230, 255); font-weight: normal;">Hardware Root-of-Trust<br /></span><br /><font face="Segoe UI" style="font-weight: normal;">TPM 2.0<br />Microsoft Puton Security Processor</font><br /></font></div></div></div></foreignObject><text x="350" y="471" fill="#FFFFFF" font-family="Segoe UI semibold" font-size="20px" font-weight="bold">Hardware Root-of-Trust...</text></switch></g><rect x="940" y="436" width="640" height="180" rx="7.2" ry="7.2" fill="#000000" stroke="none" pointer-events="all" transform="translate(2,3)" opacity="0.25"/><rect x="940" y="436" width="640" height="180" rx="7.2" ry="7.2" fill="#243a5e" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 622px; height: 1px; padding-top: 451px; margin-left: 960px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 20px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;"><font style="font-size: 18px;"><font color="#50e6ff"><span style="font-weight: 400;">Silicon Assisted Security</span></font><br /><font face="Segoe UI" style="font-weight: normal;"><br />Secure Kernel (HVCI enabled by default)<br />Hardware Enforced Stack Protection<br />Secured-Core PCs<br /></font></font><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><font style="font-size: 18px;"><font face="Segoe UI" style="font-weight: normal;">Firmware Protection</font></font></blockquote></div></div></div></foreignObject><text x="960" y="471" fill="#FFFFFF" font-family="Segoe UI semibold" font-size="20px" font-weight="bold">Silicon Assisted Security...</text></switch></g><image x="849.5" y="530.5" width="70" height="70" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMDQ4IDIwNDgiPiYjeGE7ICA8cGF0aCBmaWxsPSIjNTBFNkZGIiBkPSJNMTc5MiAxMDI0djc2OHEwIDUzLTIwIDk5dC01NSA4Mi04MSA1NS0xMDAgMjBINTEycS01MyAwLTk5LTIwdC04Mi01NS01NS04MS0yMC0xMDB2LTc2OHEwLTUzIDIwLTk5dDU1LTgyIDgxLTU1IDEwMC0yMFY1MTJxMC0xMDYgNDAtMTk5dDEwOS0xNjNUODI0IDQwdDIwMC00MHExMDYgMCAxOTkgNDB0MTYzIDEwOSAxMTAgMTYzIDQwIDIwMHYyNTZxNTMgMCA5OSAyMHQ4MiA1NSA1NSA4MSAyMCAxMDB6TTY0MCA3NjhoNzY4VjUxMnEwLTgwLTMwLTE1MHQtODItMTIyLTEyMi04Mi0xNTAtMzBxLTgwIDAtMTUwIDMwdC0xMjIgODItODIgMTIyLTMwIDE1MHYyNTZ6bTEwMjQgMjU2cTAtMjYtMTAtNDl0LTI3LTQxLTQxLTI4LTUwLTEwSDUxMnEtMjcgMC01MCAxMHQtNDAgMjctMjggNDEtMTAgNTB2NzY4cTAgMjcgMTAgNTB0MjcgNDEgNDAgMjcgNTEgMTBoMTAyNHEyNyAwIDUwLTEwdDQwLTI3IDI4LTQxIDEwLTUwdi03Njh6bS01MTIgMzg0cTAgMjctMTAgNTB0LTI3IDQwLTQxIDI4LTUwIDEwcS0yNyAwLTUwLTEwdC00MS0yNy0yNy00MC0xMC01MXEwLTI3IDEwLTUwdDI3LTQwIDQxLTI4IDUwLTEwcTI2IDAgNDkgMTB0NDEgMjcgMjggNDEgMTAgNTB6Ii8+JiN4YTs8L3N2Zz4=" preserveAspectRatio="none"/><image x="1489.5" y="530.5" width="70" height="70" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMDQ4IDIwNDgiPiYjeGE7ICA8cGF0aCBmaWxsPSIjNTBFNkZGIiBkPSJNMTQwOCA2ODZxMC0yMS0xMy0zM3QtMzQtMTZxLTM4LTYtNzItMTJ0LTY3LTE3LTYyLTI4LTYxLTQzcS03LTYtMTYtMTV0LTE5LTE5LTIxLTE2LTE5LTdxLTkgMC0xOSA3dC0yMSAxNi0xOSAxOC0xNyAxNnEtMzIgMjYtNjIgNDJ0LTYyIDI3LTY2IDE2LTc0IDEzcS0xOSAzLTMxIDE1dC0xMyAzM3YyMjlxMCAyMDIgOTAgMzMxdDI4MiAxOTVxOCAyIDEyIDJ0MTItMnExODctNjcgMjc5LTE5NnQ5Mi0zMzBWNzk5cTAtNTYgMS0xMTN6TTEyOCA1MTJxMC01MyAyMC05OXQ1NS04MiA4MS01NSAxMDAtMjBoMTI4MHE1MyAwIDk5IDIwdDgyIDU1IDU1IDgxIDIwIDEwMHY4OTZxMCA1My0yMCA5OXQtNTUgODItODEgNTUtMTAwIDIwSDM4NHEtNTMgMC05OS0yMHQtODItNTUtNTUtODEtMjAtMTAwVjUxMnptMjU2LTEyOHEtMjcgMC01MCAxMHQtNDAgMjctMjggNDEtMTAgNTB2ODk2cTAgMjcgMTAgNTB0MjcgNDAgNDEgMjggNTAgMTBoMTI4MHEyNyAwIDUwLTEwdDQwLTI3IDI4LTQxIDEwLTUwVjUxMnEwLTI3LTEwLTUwdC0yNy00MC00MS0yOC01MC0xMEgzODR6TTAgMTg1NnEwLTI2IDE5LTQ1dDQ1LTE5aDE5MjBxMjYgMCA0NSAxOXQxOSA0NXEwIDI2LTE5IDQ1dC00NSAxOUg2NHEtMjYgMC00NS0xOXQtMTktNDV6Ii8+JiN4YTs8L3N2Zz4=" preserveAspectRatio="none"/><rect x="0" y="1" width="1590" height="420" rx="16.8" ry="16.8" fill="#000000" stroke="none" pointer-events="all" transform="translate(2,3)" opacity="0.25"/><rect x="0" y="1" width="1590" height="420" rx="16.8" ry="16.8" fill="#0c59a4" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe flex-start; width: 1442px; height: 1px; padding-top: 211px; margin-left: 150px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 20px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;"><span style="font-weight: 400;">Operating<br /></span>System</div></div></div></foreignObject><text x="150" y="217" fill="#FFFFFF" font-family="Segoe UI semibold" font-size="20px" font-weight="bold">Operating...</text></switch></g><rect x="330" y="11" width="410" height="300" rx="12" ry="12" fill="#000000" stroke="none" pointer-events="all" transform="translate(2,3)" opacity="0.25"/><rect x="330" y="11" width="410" height="300" rx="12" ry="12" fill="#243a5e" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 392px; height: 1px; padding-top: 36px; margin-left: 350px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 20px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;"><font style="font-size: 18px;"><span style="color: rgb(80, 230, 255); font-weight: normal;">Encryption and Data Protection<br /></span><br /><font face="Segoe UI" style="font-weight: normal;"><font style="">BitLocker<br />Encrypted Hard Drive<br /></font>Personal Data Encryption<br />Email Encryption</font><br /></font></div></div></div></foreignObject><text x="350" y="56" fill="#FFFFFF" font-family="Segoe UI semibold" font-size="20px" font-weight="bold">Encryption and Data Protection...</text></switch></g><rect x="330" y="321" width="1250" height="90" rx="3.6" ry="3.6" fill="#000000" stroke="none" pointer-events="all" transform="translate(2,3)" opacity="0.25"/><rect x="330" y="321" width="1250" height="90" rx="3.6" ry="3.6" fill="#243a5e" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 1232px; height: 1px; padding-top: 336px; margin-left: 350px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 20px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;"><font style="font-size: 18px;"><span style="color: rgb(80, 230, 255); font-weight: normal;">System Security</span><br /></font></div></div></div></foreignObject><text x="350" y="356" fill="#FFFFFF" font-family="Segoe UI semibold" font-size="20px" font-weight="bold">System Security&#xa;</text></switch></g><rect x="650" y="321" width="200" height="90" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 198px; height: 1px; padding-top: 338px; margin-left: 652px;"><div data-drawio-colors="color: #ffffff; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 18px; font-family: &quot;Segoe UI&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Trusted Boot<br />Cryptography<br />Certificates</div></div></div></foreignObject><text x="652" y="356" fill="#ffffff" font-family="Segoe UI" font-size="18px">Trusted Boot...</text></switch></g><rect x="850" y="321" width="210" height="90" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 208px; height: 1px; padding-top: 338px; margin-left: 852px;"><div data-drawio-colors="color: #ffffff; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 18px; font-family: &quot;Segoe UI&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Code Signing<br />Code Integrity<br />Device Health Attestation</div></div></div></foreignObject><text x="852" y="356" fill="#ffffff" font-family="Segoe UI" font-size="18px">Code Signing...</text></switch></g><rect x="1090" y="321" width="370" height="90" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 368px; height: 1px; padding-top: 338px; margin-left: 1092px;"><div data-drawio-colors="color: #ffffff; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 18px; font-family: &quot;Segoe UI&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Windows Security Policy Setting and Auditing<br />Windows Security App</div></div></div></foreignObject><text x="1092" y="356" fill="#ffffff" font-family="Segoe UI" font-size="18px">Windows Security Policy Setting and Audit...</text></switch></g><rect x="750" y="11" width="410" height="300" rx="12" ry="12" fill="#000000" stroke="none" pointer-events="all" transform="translate(2,3)" opacity="0.25"/><rect x="750" y="11" width="410" height="300" rx="12" ry="12" fill="#243a5e" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 392px; height: 1px; padding-top: 36px; margin-left: 770px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 20px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;"><font style="font-size: 18px;"><font color="#50e6ff"><span style="font-weight: 400;">Network Security<br /></span></font><br /><font face="Segoe UI" style=""><font style="font-weight: normal;">Transport Layer Security (TLS)<br />DNS Security<br /></font><span style="font-weight: normal;">Bluetooth protection</span><br /><span style="font-weight: normal;">Secured Wi-Fi<br /></span></font><font face="Segoe UI" style="font-weight: normal;">Windows Defender Firewall<br />VPN<br />SMB File Services</font><br /></font></div></div></div></foreignObject><text x="770" y="56" fill="#FFFFFF" font-family="Segoe UI semibold" font-size="20px" font-weight="bold">Network Security...</text></switch></g><rect x="1170" y="11" width="410" height="300" rx="12" ry="12" fill="#000000" stroke="none" pointer-events="all" transform="translate(2,3)" opacity="0.25"/><rect x="1170" y="11" width="410" height="300" rx="12" ry="12" fill="#243a5e" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 392px; height: 1px; padding-top: 36px; margin-left: 1190px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 20px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;"><font style="font-size: 18px;"><span style="color: rgb(80, 230, 255); font-weight: normal;">Virus an Threat Protection<br /></span><br /><font face="Segoe UI" style=""><font style="font-weight: normal;">Microsoft Defender Antivirus<br />Local Security Authority<br /></font><span style="font-weight: normal;">Attack Surface Reduction<br />Tamper Protection<br /></span></font><font face="Segoe UI" style="font-weight: normal;">Vulnerable Driver Blocklist<br />Controlled Folder Access<br />Exploit Protection<br />Enhanced Phishing Protection<br />Microsoft Defender for Endpoint</font><br /></font></div></div></div></foreignObject><text x="1190" y="56" fill="#FFFFFF" font-family="Segoe UI semibold" font-size="20px" font-weight="bold">Virus an Threat Protection...</text></switch></g><image x="659.5" y="240.5" width="70" height="70" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMDQ4IDIwNDgiPiYjeGE7ICA8cGF0aCBmaWxsPSIjNTBFNkZGIiBkPSJNMCA5NjBWNDQ4cTAtMjIgOC0zNHQyMS0xOSAzMC05IDM0LTJoMzVxMC0yMy0xLTQ3dC0xLTQ5cTAtMzQgNC02NnQxNy02NHEzMS03MyA5NC0xMTVUMzg0IDBxNTMgMCA5OSAyMHQ4MiA1NCA1NSA4MiAyMCAxMDB2MTI4aDMycTE3IDAgMzQgMnQzMSA4IDIyIDE5IDkgMzV2NTEycTAgMjYtMTkgNDV0LTQ1IDE5SDY0cS0yNyAwLTQ1LTE4VDAgOTYwem0yNTYtNTc2aDI1NlYyNTZxMC0yNy0xMC01MHQtMjctNDAtNDEtMjgtNTAtMTBxLTI3IDAtNTAgMTB0LTQxIDI3LTI3IDQwLTEwIDUxdjEyOHptMjU2IDMyMHEwLTI2LTEwLTQ5dC0yNy00MS00MS0yOC01MC0xMHEtMjcgMC01MCAxMHQtNDAgMjctMjggNDEtMTAgNTBxMCAyNyAxMCA1MHQyNyA0MSA0MCAyNyA1MSAxMHEyNiAwIDQ5LTEwdDQxLTI3IDI4LTQxIDEwLTUwem0xMjg1LTY0cTUwIDAgOTUgMjB0ODAgNTUgNTUgODAgMjEgOTZ2MjY2cTAgNTAtMjAgOTV0LTU1IDgwLTgwIDU1LTk2IDIxSDI1MXEtNTAgMC05NS0yMHQtODAtNTUtNTUtODAtMjEtOTZ2LTVoMTI4cTAgMjcgMTAgNTB0MjcgNDEgNDAgMjcgNTEgMTBoMTUzNnEyNyAwIDUwLTEwdDQwLTI3IDI4LTQxIDEwLTUwVjg5NnEwLTI2LTEwLTQ5dC0yNy00MS00MS0yOC01MC0xMEg4OTZWNjQwaDkwMXptLTIyOSA0NDhxLTQwIDAtNjgtMjh0LTI4LTY4cTAtNDAgMjgtNjh0NjgtMjhxNDAgMCA2OCAyOHQyOCA2OHEwIDQwLTI4IDY4dC02OCAyOHoiLz4mI3hhOzwvc3ZnPg==" preserveAspectRatio="none"/><image x="1079.5" y="230.5" width="70" height="70" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMDQ4IDIwNDgiPiYjeGE7ICA8cGF0aCBmaWxsPSIjNTBFNkZGIiBkPSJNMTkyMCAzODR2NTc2cTAgMjExLTY3IDM4MHQtMTg0IDMwMi0yNzcgMjMyLTM0NSAxNzBxLTkgNC0yMyA0LTUgMC0xMS0xdC0xMi0zcS0xODUtNzAtMzQ0LTE2OXQtMjc3LTIzMy0xODUtMzAzLTY3LTM3OVYzODRxMC0yOCAxNS00MnQ0MC0yMXEyMi02IDQ2LTh0NDYtOHEzOC03IDc1LTE1dDc2LTIwcTc4LTIyIDE1MC00OXQxNDAtNTkgMTM2LTcwIDEzNi04MXE5LTUgMTctOHQxOS0zcTExIDAgMTkgM3QxNyA4cTY5IDQzIDEzNiA4MXQxMzUgNzAgMTQxIDU5IDE1MCA0OXEzOCAxMSA3NSAxOXQ3NiAxNnEyMiA1IDQ2IDd0NDYgOXEyNCA3IDM5IDIxdDE2IDQyem0tMTI4IDU1cS0yMDUtMzUtMzk5LTExMHQtMzY5LTE4OVE4NDkgMjU0IDY1NSAzMjlUMjU2IDQzOXY1MjFxMCAxODcgNTkgMzM1dDE2MiAyNjUgMjQ0IDIwMyAzMDMgMTUycTE2My02NCAzMDMtMTUxdDI0My0yMDQgMTYzLTI2NCA1OS0zMzZWNDM5em0tNzY4IDI2NXEzOSAwIDc0IDE1dDYxIDQxIDQyIDYyIDE1IDc0cTAgNTctMzAgMTA0dC04MiA3MWwzOCAyNjR2NHEwIDIgMSA0IDAgMjctMTkgNDZ0LTQ2IDE5SDk3MHEtMjcgMC00Ni0xOXQtMTktNDZ2LTRxMC0yIDEtNGwzOC0yNjRxLTUxLTI0LTgxLTcxdC0zMS0xMDRxMC0zOSAxNS03NHQ0MS02MSA2Mi00MiA3NC0xNXoiLz4mI3hhOzwvc3ZnPg==" preserveAspectRatio="none"/><image x="1489.5" y="330.5" width="70" height="70" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMDQ4IDIwNDgiPiYjeGE7ICA8cGF0aCBmaWxsPSIjNTBFNkZGIiBkPSJNMzc2IDE3OTJxLTc1IDAtMTQzLTMwdC0xMjAtODItODItMTIwLTMxLTE0NFY2MzJxMC03NSAzMC0xNDN0ODItMTIwIDEyMC04MiAxNDQtMzFoMTI5NnE3NSAwIDE0MyAzMHQxMjAgODIgODIgMTIwIDMxIDE0NHY0NXEtNjMtNjgtMTM5LTExMy0xMy00MC0zNy03M3QtNTYtNTctNzEtMzctODEtMTNIMzc5cS01MCAwLTk1IDIwdC04MCA1NS01NSA4MC0yMSA5NnY3NzhxMCA1MiAyMSA5N3Q1NiA4MCA4MSA1NCA5OCAyMGg3Njh2MTI4SDM3NnptNzItMTAyNHEtMjYgMC00NS0xOXQtMTktNDVxMC0yNiAxOS00NXQ0NS0xOWg2NDBxMjYgMCA0NSAxOXQxOSA0NXEwIDI2LTE5IDQ1dC00NSAxOUg0NDh6bTcwNCAzMTJxMC05MCAzNi0xNzB0OTgtMTQwIDE0My05NSAxNzEtMzVxOTIgMCAxNzMgMzV0MTQzIDk3IDk2IDE0MiAzNiAxNzRxMCA5Mi0zNSAxNzN0LTk3IDE0My0xNDIgOTYtMTc0IDM2cS05NSAwLTE3Ny0zNnQtMTQyLTk4LTk0LTE0NS0zNS0xNzd6bS03MDQgMzI4cS0yNiAwLTQ1LTE5dC0xOS00NXEwLTI2IDE5LTQ1dDQ1LTE5aDUxMnEyNiAwIDQ1IDE5dDE5IDQ1cTAgMjYtMTkgNDV0LTQ1IDE5SDQ0OHptODk2IDYzNXEtMjcgMC00NS0xOHQtMTktNDZ2LTM3NHE3MiA0NSAxNTMgNjh0MTY3IDIzcTg1IDAgMTY2LTIzdDE1NC02OHYzNzRxMCAyNy0xOCA0NXQtNDYgMTlxLTIzIDAtNDAtMTRsLTE3Ni0xNDFxLTE3LTE0LTQwLTE0dC00MCAxNGwtMTc2IDE0MXEtMTcgMTQtNDAgMTR6Ii8+JiN4YTs8L3N2Zz4=" preserveAspectRatio="none"/><image x="1489.5" y="230.5" width="70" height="70" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMDQ4IDIwNDgiPiYjeGE7ICA8cGF0aCBmaWxsPSIjNTBFNkZGIiBkPSJNMTMgODk2UTMgODU4IDIgODIwdC0yLTc4VjMyMHEwLTMwIDE3LTQ2dDQ3LTE4cTU5LTQgMTE3LTh0MTE3LTE2cTgyLTE3IDE1OC00OXQxNDYtODFxMzctMjcgNzEtNDR0NjgtMjggNzItMTggODMtMTJ2ODk2SDEzek0xMDI0IDBxNDIgNSA4MCAxMnQ3NSAxOCA3MCAyOCA2OSA0NHEzMyAyNiA2OSA0OXQ3NSA0MXE0MyAyMSA5MiAzM3QxMDEgMTkgMTAyIDkgOTkgM3EyOSAwIDQ2IDE3dDE4IDQ3djQyMnEwIDM5LTEgNzd0LTEyIDc3aC04ODNWMHpNODk2IDE5MjBxLTg4LTQ5LTE3OS0xMDV0LTE4MC0xMjItMTcwLTEzOC0xNDgtMTU3LTExNy0xNzctNzYtMTk3aDg3MHY4OTZ6bTEyOC04OTZoODcwcS0yNiAxMDQtNzYgMTk3dC0xMTcgMTc2LTE0OCAxNTctMTY5IDEzOS0xODAgMTIxLTE4MCAxMDZ2LTg5NnoiLz4mI3hhOzwvc3ZnPg==" preserveAspectRatio="none"/><image x="29.5" y="165.5" width="90" height="90" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMDQ4IDIwNDgiPiYjeGE7ICA8cGF0aCBmaWxsPSIjRkZGRkZGIiBkPSJNOTgxIDk4MUgyNTZWMjU2aDcyNXY3MjV6bTc5MCAwaC03MjZWMjU2aDcyNnY3MjV6bS03OTAgNzkwSDI1NnYtNzI2aDcyNXY3MjZ6bTc5MCAwaC03MjZ2LTcyNmg3MjZ2NzI2eiIvPiYjeGE7PC9zdmc+" preserveAspectRatio="none"/></g><switch><g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/><a transform="translate(0,-5)" xlink:href="https://www.diagrams.net/doc/faq/svg-export-text-problems" target="_blank"><text text-anchor="middle" font-size="10px" x="50%" y="100%">Text is not SVG - cannot display</text></a></switch></svg>
\ No newline at end of file
diff --git a/windows/security/introduction/index.md b/windows/security/introduction/index.md
new file mode 100644
index 0000000000..b955feffb8
--- /dev/null
+++ b/windows/security/introduction/index.md
@@ -0,0 +1,57 @@
+---
+title: Introduction to Windows security
+description: System security book.
+ms.date: 04/10/2023
+ms.topic: tutorial
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
+---
+
+# Introduction to Windows security
+
+The acceleration of digital transformation and the expansion of both remote and hybrid workplaces brings new opportunities to organizations, communities, and individuals. Our work styles have transformed. And now more than ever, employees need simple, intuitive user experiences to collaborate and stay productive, wherever work happens. But the expansion of access and ability to work anywhere has also introduced new threats and risks. According to data from the Microsoft commissioned Security Signals report, 75% of security decision-makers at the vice-president level and above feel the move to hybrid work leaves their organization more vulnerable to security threats. And [Microsoft's 2022 Work Trend Index](https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/) shows "cybersecurity issues and risks" are top concerns for business decisions makers, who worry about issues like malware, stolen credentials, devices that lack security updates, and physical attacks on lost or stolen devices.
+
+:::image type="content" source="chip-to-cloud.svg" lightbox="chip-to-cloud.svg" alt-text="chip to cloud diagram":::
+
+## How Windows 11 enables zero-trust protection
+
+A zero-trust security model gives the right people the right access at the right time. Zero-trust security is based on three principles:
+
+1. Reduce risk by explicitly verifying data points such as user identity, location, and device health for every access request, without exception
+2. When verified, give people and devices access to only necessary resources for the necessary amount of time
+3. Use continuous analytics to drive threat detection and improve defenses
+
+You should continue to strengthen your zero-trust posture as well. To improve threat detection and defenses, verify end-to-end encryption and use analytics to gain visibility.
+
+For Windows 11, the zero-trust principle of *verify explicitly* applies to risks introduced by both devices and people. Windows 11 provides chip-to-cloud security, enabling IT administrators to implement strong authorization and authentication processes with tools such as our premier solution Windows Hello for Business. IT administrators also gain attestation and measurements for determining if a device meets requirements and can be trusted. In addition, Windows 11 works out-of-the-box with Microsoft Endpoint Manager and Azure Active Directory, so access decisions and enforcement are seamless. Plus, IT administrators can easily customize Windows 11 to meet specific user and policy requirements for access, privacy, compliance, and more.
+
+Individual users also benefit from powerful safeguards including new standards for hardware-based security and passwordless protection that help safeguard data and privacy.
+
+## Security, by default
+
+Nearly 90% of security decision makers surveyed say outdated hardware leaves organizations more open to attacks and using modern hardware would help protect against future threats. Building on the innovations of Windows 10, we've worked with our manufacturer and silicon partners to provide additional hardware security capabilities to meet the evolving threat landscape and enable hybrid work and learning. The new set of hardware security requirements that comes with Windows 11 supports new ways of working with a foundation that is even stronger and more resilient to attacks.
+
+## Enhanced hardware and operating system security
+
+With hardware-based isolation security that begins at the chip, Windows 11 stores sensitive data behind additional barriers separated from the operating system. As a result, information including encryption keys and user credentials are protected from unauthorized access and tampering.
+
+In Windows 11, hardware and software work together to protect the operating system. For example, new devices come with virtualization-based security (VBS) and Secure Boot built-in and enabled by default to contain and limit malware exploits. <sup>[\[1\]](#note1)</sup>
+
+## Robust application security and privacy controls
+
+To help keep personal and business information protected and private, Windows 11 has multiple layers of application security that safeguard critical data and code integrity. Application isolation and controls, code integrity, privacy controls, and least-privilege principles enable developers to build in security and privacy from the ground up. This integrated security protects against breaches and malware, helps keep data private, and gives IT administrators the controls they need.
+
+In Windows 11, [Microsoft Defender Application Guard](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-app-guard) <sup>[\[2\]](#note2)</sup> uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device's location, or access resources like camera and microphone.
+
+## Secured identities
+
+Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as TPM 2.0, VBS, and/or Windows Defender Credential Guard, making it harder for attackers to steal credentials from a device. And with Windows Hello, users can quickly sign in with face, fingerprint, or PIN for passwordless protection. <sup>[\[3\]](#note3)</sup>
+
+## Connecting to cloud services
+
+Microsoft offers comprehensive cloud services for identity, storage, and access management in addition to the tools needed to attest that Windows 11 devices connecting to your network are trustworthy. You can also enforce compliance and conditional access with a modern device management (MDM) service such as Microsoft Endpoint Manager, which works with Azure Active Directory and Microsoft Azure Attestation to control access to applications and data through the cloud. <sup>[\[4\]](#note4)</sup>
+
+<sup><a name="note1"></a>[1]</sup> Hypervisor-protected coder integrity, which activates virtualization-based security, is enabled by default on clean installations only.\
+<sup><a name="note2"></a>[2]</sup> Windows 10 Pro and above support Application Guard protection for Microsoft Edge. Microsoft Defender Application Guard for Office requires Windows 10 Enterprise, and Microsoft 365 E5 or Microsoft 365 E5 Security.\
+<sup><a name="note3"></a>[3]</sup> Windows Hello supports multi-factor authentication including facial recognition, fingerprint, and PIN. Requires specialized hardware such as fingerprint reader, illuminated IT sensor or other biometric sensors and capable devices.\
+<sup><a name="note4"></a>[4]</sup> Microsoft Endpoint Manager and Microsoft Azure Active Directory subscriptions sold separately.\
diff --git a/windows/security/introduction/security-features-edition-requirements.md b/windows/security/introduction/security-features-edition-requirements.md
new file mode 100644
index 0000000000..8e934ddbdf
--- /dev/null
+++ b/windows/security/introduction/security-features-edition-requirements.md
@@ -0,0 +1,19 @@
+---
+title: Windows edition requirements
+description: Learn about Windows edition requirements for the feature included in Windows.
+ms.prod: windows-client
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.collection:
+- tier3
+ms.topic: conceptual
+ms.date: 04/03/2023
+appliesto:
+- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+ms.technology: itpro-security
+---
+
+# Security features Windows edition requirements
+
+[!INCLUDE [_commercial](../../whats-new/licensing/includes/_edition-requirements.md)]
\ No newline at end of file
diff --git a/windows/security/introduction/security-features-licensing-requirements-edu.md b/windows/security/introduction/security-features-licensing-requirements-edu.md
new file mode 100644
index 0000000000..c209c60a6d
--- /dev/null
+++ b/windows/security/introduction/security-features-licensing-requirements-edu.md
@@ -0,0 +1,19 @@
+---
+title: Windows security licensing requirements for Education
+description: Learn about Windows features and licensing requirements for the feature included in Windows (Education).
+ms.prod: windows-client
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.collection:
+- tier3
+ms.topic: conceptual
+ms.date: 03/12/2023
+appliesto:
+- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+ms.technology: itpro-security
+---
+
+# Windows security licensing requirements for Education
+
+[!INCLUDE [_licensing-requirements](../../whats-new/licensing/includes/_licensing-requirements-edu.md)]
\ No newline at end of file
diff --git a/windows/security/introduction/security-features-licensing-requirements.md b/windows/security/introduction/security-features-licensing-requirements.md
new file mode 100644
index 0000000000..faad9c9fab
--- /dev/null
+++ b/windows/security/introduction/security-features-licensing-requirements.md
@@ -0,0 +1,19 @@
+---
+title: Windows security licensing requirements
+description: Learn about Windows features and licensing requirements for the feature included in Windows.
+ms.prod: windows-client
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.collection:
+- tier3
+ms.topic: conceptual
+ms.date: 03/12/2023
+appliesto:
+- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+ms.technology: itpro-security
+---
+
+# Windows security licensing requirements
+
+[!INCLUDE [_licensing-requirements](../../whats-new/licensing/includes/_licensing-requirements.md)]
\ No newline at end of file
diff --git a/windows/whats-new/windows-licensing.md b/windows/whats-new/windows-licensing.md
new file mode 100644
index 0000000000..e14bbefe13
--- /dev/null
+++ b/windows/whats-new/windows-licensing.md
@@ -0,0 +1,157 @@
+---
+title: Windows 11 commercial licensing overview
+description: Learn about licensing requirements to use the features included in the Windows operating system.
+ms.prod: windows-client
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.collection:
+- tier3
+ms.topic: conceptual
+ms.date: 03/12/2023
+appliesto:
+- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+ms.technology: itpro-security
+---
+
+# Windows 11 commercial licensing overview
+
+Microsoft Commercial Licensing solutions provide the most flexible and cost-effective way to give your organization access to the latest Windows Desktop technologies. Whether you want to upgrade your devices to Windows 11, gain access to exclusive offerings such as Windows 11 Enterprise edition, or use Windows with greater flexibility, there's a Commercial Licensing option that's right for your organization. 
+
+This document provides an overview of the products and use rights available through Commercial Licensing, information about the products that are eligible for upgrades, and the key choices you have for using Windows in your organization.
+
+> [!NOTE]
+> This content is not meant to replace or override other licensing documentation, such as the Windows 11 End User License Agreement or Commercial Licensing Product Terms.
+
+## Windows 11 editions 
+
+There's an edition of Windows software designed to meet the needs of every organization, from a small, growing business to a multinational enterprise. The following table lists the editions of Windows 11 available through each Microsoft distribution channel.
+
+| Full Packaged Product (Retail) | Preinstalled on device (OEM)|Commercial Licensing|
+|-|-|-|
+|Windows 11 Pro <br>Windows 11 Home|Windows 11 Pro<br>Windows 11 Home|Windows 11 Pro<br>Windows 11 Enterprise <br>Windows 11 Enterprise LTSC|
+
+## Windows desktop offerings available through Commercial Licensing
+
+The following offerings are available for purchase through Microsoft Commercial Licensing:
+
+|Product|Description|
+|-|-|
+|Windows 11 Pro Upgrade |Windows 11 Pro is designed for small and medium businesses and enables organizations to manage their devices and apps, protect their business data, facilitate remote and mobile scenarios, and take advantage of the cloud technologies for their organizations. Windows 11 Pro devices are a good choice for organizations that support *choose your own device (CYOD)* programs and *prosumer* customers. The Windows 11 Pro Upgrade in Commercial Licensing upgrades a device from a previous version of Windows Pro|
+|Windows 11 Enterprise E3|Windows 11 Enterprise E3 is a per user subscription available in Commercial Licensing programs, and is intended for large and medium sized organizations. It includes Windows Enterprise edition with cloud-powered capabilities and subscription use rights. Examples include advanced identity protection, the broadest range of options for operating system deployment, update control, and device management. Windows Enterprise E3 is licensed through Commercial Licensing programs and requires Windows Pro as qualifying operating systems.
+|Windows 11 Enterprise E5|Windows 11 Enterprise E5 is for organizations that want to take advantage of everything in Windows 11 Enterprise E3 with the addition of **Microsoft Defender for Endpoint Plan 2**, a service that helps enterprises detect, investigate, and respond to advanced cybersecurity attacks on their endpoints and networks. Windows 11 Enterprise E5 is available per user in Commercial Licensing programs|
+|Windows 10 Enterprise LTSC |Windows 10 Enterprise LTSC is designed for PC systems that have strict change-management policies with only security and critical bug fixes. By using a Long-Term Servicing Channel edition, you can apply monthly Windows 10 security updates for specialized devices while holding back new-feature updates for an extended period of time, up to 5 years. Windows Enterprise LTSC is available in the per user or per device model depending on the Volume Licensing program through witch it is acquired|
+|Windows Virtual Desktop Access (VDA) Subscription License|The Windows VDA subscription license provides the right to access virtual Windows desktop environments from devices that aren't covered by a Commercial Licensing offer that includes VDA rights, such as thin clients. Windows VDA is available on a per device or per user basis|
+
+## Windows 11 Enterprise
+
+There are two core Windows 11 Enterprise offers: **Windows 11 Enterprise E3** and **Windows 11 Enterprise E5**. Each of these can be purchased on a **per-user basis**, and are available only through **Commercial Licensing**, including the **Cloud Solution Provider** program. For more details about Windows Enterprise, see [per device check out this section of this guide](*TO ADD*)
+
+### Windows 11 Enterprise E3
+
+Windows 11 Enterprise E3 is a per-user subscription, intended for organizations. It includes **Windows Enterprise edition** with cloud-powered capabilities and subscription use rights.
+Windows 11 Enterprise E3 builds on Windows 11 Pro by adding more advanced features designed to address the needs of large and mid-size organizations. Examples include advanced protection against modern security threats, the broadest range of options for operating system deployment and update, and comprehensive device and app management. Organizations with devices running Windows 11 Enterprise will can take advantage of the latest security and feature updates on an ongoing basis, while having the ability to choose the pace at which they adopt new technology.
+
+Windows 11 Enterprise E3 is usually licensed through Volume Licensing programs and is an upgrade from Windows Pro.
+
+### Windows 11 Enterprise E3 OS features
+
+With Windows 11 Enterprise E3, you can take advantage of the following OS features:
+
+| OS feature | Description |
+|-|-|
+|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard-requirements)**|Protects against user credential harvesting and pass-the-hash attacks or pass the token attacks, enabled by default|
+|**Managed Microsoft Defender Application Guard for Microsoft Edge**| Isolates enterprise-defined untrusted sites with virtualization-based security from Windows, protecting your company while employees browse the Internet|
+|**Personal Data Encryption**|Encrypts individual's content using Windows Hello for Business to link the encryption keys to user credentials|
+|**Direct Access & Always-On VPN device tunnel**|Connect remote users to the organization network without the need for traditional VPN connections with DirectAccess or benefit from advanced security capabilities to restrict the type of traffic and which applications can use the VPN connection with Always-On VPN (device tunnel)|
+|**Application Management GPOs**|Prevents unverified apps from executing and endangering your safe zone|
+|**Windows UI customization (CSP)**|Locks down the user experience of frontline workers devices or public kiosks|
+
+### Windows 11 Enterprise E3 cloud services
+
+With Windows 11 Enterprise E3, you can take advantage of the following cloud services:
+
+|Cloud-based service | Description |
+|-|-|
+|**Cloud-based BitLocker Management**|Allows you to eliminate on-premises tools to trigger, monitor and support recovery scenarios|
+|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**|Enables you to *step-up* from **Windows Pro edition** to **Enterprise edition** in an instant. You can eliminate license key management or deployment of Enterprise edition images|
+|**[Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview)**|Cloud service that puts Microsoft in control of automating updates to Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams|
+|**[Windows Update For Business deployment service](/windows/deployment/update/deployment-service-overview)**|This cloud service gives you the control over the approval, scheduling, and safeguarding of quality, feature upgrades, and driver updates delivered from Windows Update|
+|**[Universal Print](/universal-print/)**|Removes the need for on-premises print servers and enables any endpoint to print to cloud registered printers|
+|Microsoft Connected Cache|A software-only solution that caches app and OS updates on the local network to save internet bandwidth in locations with limited connectivity|
+|**Endpoint analytics proactive remediation**|Helps you fix common support issues before end-users notice issues|
+|**[Organizational messages](/mem/intune/remote-actions/organizational-messages-overview)**|Keeps employees informed with organizational messages directly inserted in Windows UI surfaces|
+|**Windows release health**|Gives you essential information about monthly quality and feature updates in the Microsoft 365 admin center|
+|**[Windows feature update device readiness report](/mem/intune/protect/windows-update-compatibility-reports)**|Provides per-device information about compatibility risks that are associated with an upgrade or update to a chosen version of Windows|
+|**[Windows feature update compatibility risks reports](/mem/intune/protect/windows-update-compatibility-reports)**|Provides a summary view of the top compatibility risks, so you understand which compatibility risks impact the greatest number of devices in your organization|
+
+### Windows 11 Enterprise E3 licensing use rights
+
+With Windows 11 Enterprise E3, you can take advantage of the following licensing use rights:
+
+|Licensing use rights|Description|
+|-|-|
+|**Five Windows Instances per licensed user**|Allows your employees to simultaneously use a Windows laptop, a cloud PC and a specialized device with Windows LTSC, and more|
+|**36 months (3 years) support on annual feature releases**|Get extra time to deploy feature releases|
+|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access](/azure/virtual-desktop/prerequisites#operating-systems-and-licenses)**|Empower flexible workstyles and smarter work with the included best-in-class virtualization access rights|
+|**Windows LTSC Enterprise**|Intended for highly specialized devices that require limited changes due to regulations and certification|
+|**[Microsoft Desktop Optimization Pack (MDOP) ](/microsoft-desktop-optimization-pack)**|Help improve compatibility and management, reduce support costs, improve asset management, and improve policy control|
+
+Learn more about [Windows 11 Enterprise E3]()
+
+### Windows 11 Enterprise E5
+
+Windows 11 Enterprise E5 is for organizations that want to take advantage of everything in Windows 11 Enterprise E3 with the addition of **Microsoft Defender for Endpoint Plan 2**, a cloud service that helps enterprises detect, investigate, and respond to advanced cybersecurity attacks on their endpoints and networks. Windows 11 Enterprise E5 is available per user in Commercial Licensing programs.
+
+Learn more about [Windows 11 Enterprise E5]()
+
+### Windows Enterprise E3 in Microsoft 365 F3
+
+Windows Enterprise E3 in Microsoft 365 F3 is only sold as part of the full F3 suite, and has all the OS features, and most of the cloud services and use rights included with regular Windows Enterprise E3.
+
+Windows Enterprise E3 in Microsoft 365 F3 doesn't include the following use rights that are included in the regular E3 user subscription license:
+
+- Microsoft Desktop Optimization Pack (MDOP)
+- Windows LTSC Enterprise
+- Windows Autopatch
+
+## Use a Windows Pro device with the Windows Enterprise user subscription license
+
+In most cases, the Windows Pro edition comes pre-installed on a business-class device. Microsoft recommends upgrading your Windows Pro devices to Enterprise edition when you have acquired a user subscription licenses for Windows. However, there are cases that require to keep devices on the Pro edition and not upgrade them to Enterprise edition. With Windows 11 Enterprise E3, you can take advantage of features, services and use rights not licensed to the Windows Pro license bound to the device. It includes Windows Enterprise edition with cloud-powered capabilities and subscription use rights, and these capabilities are not always technically enforced. Some scenarios that may require to not upgrade to Windows Enterprise edition:
+
+- Devices not properly provisioned that don't automatically upgrade to Windows Enterprise edition
+- Devices may have been acquired for a business process that was not under control of a central IT department or outside of the IT department's knowledge
+- A developer that is developing applications that must be tested and certified on Pro, as that is how it will be delivered to customers
+
+In these cases, you want the PC to be configured, secured, monitored, and updated with the enterprise management and security tools that come with the Windows Enterprise user subscription. Your Windows Enterprise E3 subscriptions does not block these scenarios.
+
+The following table lists the Windows 11 Enterprise E3 features, services and use rights and their applicability to Windows Pro and Enterprise editions:
+
+|Feature, service or use right|Windows Pro|Windows Enterprise|
+|-|-|-|
+|**Windows Defender Credential Guard**||Yes|
+|**Managed Microsoft Defender Application Guard for Microsoft Edge**|Yes|Yes|
+|**Cloud-based BitLocker Management**|Yes|Yes|
+|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**||Yes|
+|**Direct Access**|Yes|Yes|
+|**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes <sup>[\[1\]](#Note1)</sup>|Yes|
+|**Application Management GPOs**||Yes|
+|**Windows UI customization (CSP to manage)**||Yes|
+|**Windows Subscription Activation**|Yes|Yes|
+|**Windows Autopatch**|Yes|Yes|
+|**[Windows Update For Business deployment service](/windows/deployment/update/deployment-service-overview)**|Yes|Yes|
+|**[Universal Print](/universal-print/)**|Yes|Yes|
+|**[Microsoft Connected Cache](/windows/deployment/do/waas-microsoft-connected-cache)**|Yes|Yes|
+|**Endpoint analytics proactive remediation**|Yes|Yes|
+|**[Organizational messages](/mem/intune/remote-actions/organizational-messages-overview)**||Yes|
+|**Feature release support period**| 24 months | 36 months|
+|**Windows feature update device readiness report** <sup>[\[2\]](#Note2)</sup>|Yes|Yes|
+|**Windows feature update compatibility risk report** <sup>[\[2\]](#Note2)</sup>|Yes|Yes|
+|**Microsoft Desktop Optimization Pack (MDOP)**|Yes|Yes|
+
+<sup><a name="Note1"></a>[1]</sup> Device Tunnel requires Enterprise edition.
+<sup><a name="Note2"></a>[2]</sup> Intune license required.
+
+## Next steps
+
+To learn more about Windows 11 Enterprise E3 and E5, see [Windows 11 Enterprise E3 and E5](/windows/deployment/windows-11-enterprise-e3-e5).
\ No newline at end of file

From b208588bbb8f4654884a6b822e647f5ae1e70db6 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Fri, 21 Apr 2023 17:34:39 -0400
Subject: [PATCH 003/107] updates

---
 .../Access-Control-ACLsSCALS.md}              |  2 +-
 .../Account-Lockout-Policy.md}                |  2 +-
 .../Always-On-VPN.md}                         |  2 +-
 .../{applocker.md => security/AppLocker.md}   |  2 +-
 .../Assigned-Access-kiosk-mode.md}            |  2 +-
 .../Attack-surface-reduction-ASR.md}          |  2 +-
 ...-Azure-AD-join-with-single-sign-on-SSO.md} |  2 +-
 .../{bitlocker.md => security/BitLocker.md}   |  2 +-
 ...ooth-pairing-and-connection-protection.md} |  2 +-
 .../Common-Criteria-certifications.md}        |  2 +-
 .../Controlled-folder-access.md}              |  2 +-
 .../Device-health-attestation-service.md}     |  2 +-
 .../Direct-Access.md}                         |  2 +-
 .../Email-Encryption-SMIME.md}                |  2 +-
 .../Encrypted-hard-drive.md}                  |  2 +-
 .../licensing/security/Endpoint-Analytics.md  | 22 ++++++++++++
 ...d-phishing-protection-with-SmartScreen.md} |  2 +-
 .../Exploit-protection.md}                    |  2 +-
 ...ast-Identity-Online-FIDO2-security-key.md} |  2 +-
 ...rocessing-Standard-FIPS-140-validation.md} |  2 +-
 .../Federated-sign-in.md}                     |  2 +-
 .../Hardware-enforced-stack-protection.md}    |  2 +-
 ...pervisor-protected-Code-Integrity-HVCI.md} |  2 +-
 ...el-Direct-Memory-Access-DMA-protection.md} |  2 +-
 .../Local-Administrator-Password-Solution.md} |  2 +-
 ...ocal-Security-Authority-LSA-Protection.md} |  2 +-
 ...Device-Management-MDM-and-group-policy.md} |  2 +-
 .../Measured-boot.md}                         |  2 +-
 .../Microsoft-Defender-Antivirus.md}          |  2 +-
 ...plication-Guard-MDAG-configure-via-MDM.md} |  2 +-
 ...erprise-mode-and-enterprise-management.md} |  2 +-
 ...on-Guard-MDAG-for-Edge-standalone-mode.md} |  2 +-
 ...cation-Guard-MDAG-for-Microsoft-Office.md} |  2 +-
 ...der-Application-Guard-MDAG-public-APIs.md} |  2 +-
 .../Microsoft-Defender-SmartScreen.md}        |  2 +-
 .../Microsoft-Defender-for-Endpoint.md}       |  2 +-
 .../Microsoft-Pluton-security-processor.md}   |  2 +-
 .../Microsoft-Vulnerable-Driver-Blocklist.md} |  2 +-
 .../Opportunistic-Wireless-Encryption-OWE.md} |  2 +-
 .../Personal-data-encryption-PDE.md}          |  2 +-
 .../Privacy-Resource-Usage.md}                |  2 +-
 .../Privacy-Transparency-and-Controls.md}     |  2 +-
 .../Remote-wipe-Autopilot-reset.md}           |  2 +-
 .../Secure-Boot-and-Trusted-Boot.md}          |  2 +-
 .../Secured-core-PC.md}                       |  2 +-
 .../Secured-core-configuration-lock.md}       |  2 +-
 .../Security-baselines-with-Intune.md}        |  2 +-
 ...Server-Message-Block-Direct-SMB-Direct.md} |  2 +-
 .../Server-Message-Block-SMB-file-service.md} |  2 +-
 .../Smart-App-Control.md}                     |  2 +-
 .../Smart-Cards-for-Windows-Service.md}       |  2 +-
 .../Tamper-protection-settings-for-MDE.md}    |  2 +-
 .../Transport-layer-security-TLS.md}          |  2 +-
 .../Trusted-Platform-Module-TPM-20.md}        |  2 +-
 .../Universal-Print.md}                       |  2 +-
 .../User-Account-Control-UAC.md}              |  2 +-
 .../Virtual-Private-Network-VPN.md}           |  2 +-
 .../Virtualization-based-security-VBS.md}     |  2 +-
 .../WiFi-Security.md}                         |  2 +-
 .../Windows-Autopatch.md}                     |  2 +-
 .../Windows-Autopilot.md}                     |  2 +-
 ...dows-Defender-Application-Control-WDAC.md} |  2 +-
 .../Windows-Defender-Credential-Guard.md}     |  2 +-
 ...ndows-Defender-Remote-Credential-Guard.md} |  2 +-
 .../Windows-Defender-System-Guard.md}         |  2 +-
 .../Windows-Firewall.md}                      |  2 +-
 ...-Business-Enhanced-Security-Sign-in-ESS.md | 22 ++++++++++++
 .../Windows-Hello-for-Business.md}            |  2 +-
 .../Windows-Sandbox.md}                       |  2 +-
 ...-Security-policy-settings-and-auditing.md} |  2 +-
 .../security/Windows-Update-for-Business.md   | 22 ++++++++++++
 .../Windows-containers.md}                    |  2 +-
 ...eature-and-expedite-updates-with-Intune.md | 22 ++++++++++++
 .../Windows-presence-sensing.md}              |  2 +-
 .../{ => security}/_edition-requirements.md   | 34 ++++++++++---------
 .../{ => security}/_licensing-requirements.md | 32 +++++++++--------
 ...business-enhanced-security-sign-in-ess-.md | 22 ------------
 77 files changed, 193 insertions(+), 123 deletions(-)
 rename includes/licensing/{access-control-aclsscals.md => security/Access-Control-ACLsSCALS.md} (97%)
 rename includes/licensing/{account-lockout-policy.md => security/Account-Lockout-Policy.md} (97%)
 rename includes/licensing/{always-on-vpn.md => security/Always-On-VPN.md} (97%)
 rename includes/licensing/{applocker.md => security/AppLocker.md} (97%)
 rename includes/licensing/{assigned-access-kiosk-mode.md => security/Assigned-Access-kiosk-mode.md} (97%)
 rename includes/licensing/{attack-surface-reduction-asr.md => security/Attack-surface-reduction-ASR.md} (97%)
 rename includes/licensing/{azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md => security/Azure-AD-join-Active-Directory-domain-join-and-Hybrid-Azure-AD-join-with-single-sign-on-SSO.md} (97%)
 rename includes/licensing/{bitlocker.md => security/BitLocker.md} (97%)
 rename includes/licensing/{bluetooth-pairing-and-connection-protection.md => security/Bluetooth-pairing-and-connection-protection.md} (97%)
 rename includes/licensing/{common-criteria-certifications.md => security/Common-Criteria-certifications.md} (97%)
 rename includes/licensing/{controlled-folder-access.md => security/Controlled-folder-access.md} (97%)
 rename includes/licensing/{device-health-attestation-service.md => security/Device-health-attestation-service.md} (97%)
 rename includes/licensing/{direct-access.md => security/Direct-Access.md} (97%)
 rename includes/licensing/{email-encryption-smime.md => security/Email-Encryption-SMIME.md} (97%)
 rename includes/licensing/{encrypted-hard-drive.md => security/Encrypted-hard-drive.md} (97%)
 create mode 100644 includes/licensing/security/Endpoint-Analytics.md
 rename includes/licensing/{enhanced-phishing-protection-with-smartscreen.md => security/Enhanced-phishing-protection-with-SmartScreen.md} (97%)
 rename includes/licensing/{exploit-protection.md => security/Exploit-protection.md} (97%)
 rename includes/licensing/{fast-identity-online-fido2-security-key.md => security/Fast-Identity-Online-FIDO2-security-key.md} (97%)
 rename includes/licensing/{federal-information-processing-standard-fips-140-validation.md => security/Federal-Information-Processing-Standard-FIPS-140-validation.md} (97%)
 rename includes/licensing/{federated-sign-in.md => security/Federated-sign-in.md} (97%)
 rename includes/licensing/{hardware-enforced-stack-protection.md => security/Hardware-enforced-stack-protection.md} (97%)
 rename includes/licensing/{hypervisor-protected-code-integrity-hvci.md => security/Hypervisor-protected-Code-Integrity-HVCI.md} (97%)
 rename includes/licensing/{kernel-direct-memory-access-dma-protection.md => security/Kernel-Direct-Memory-Access-DMA-protection.md} (97%)
 rename includes/licensing/{local-administrator-password-solution.md => security/Local-Administrator-Password-Solution.md} (97%)
 rename includes/licensing/{local-security-authority-lsa-protection.md => security/Local-Security-Authority-LSA-Protection.md} (97%)
 rename includes/licensing/{manage-by-mobile-device-management-mdm-and-group-policy.md => security/Manage-by-Mobile-Device-Management-MDM-and-group-policy.md} (97%)
 rename includes/licensing/{measured-boot.md => security/Measured-boot.md} (97%)
 rename includes/licensing/{microsoft-defender-antivirus.md => security/Microsoft-Defender-Antivirus.md} (97%)
 rename includes/licensing/{microsoft-defender-application-guard-mdag-configure-via-mdm.md => security/Microsoft-Defender-Application-Guard-MDAG-configure-via-MDM.md} (97%)
 rename includes/licensing/{microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md => security/Microsoft-Defender-Application-Guard-MDAG-for-Edge-enterprise-mode-and-enterprise-management.md} (97%)
 rename includes/licensing/{microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md => security/Microsoft-Defender-Application-Guard-MDAG-for-Edge-standalone-mode.md} (97%)
 rename includes/licensing/{microsoft-defender-application-guard-mdag-for-microsoft-office.md => security/Microsoft-Defender-Application-Guard-MDAG-for-Microsoft-Office.md} (97%)
 rename includes/licensing/{microsoft-defender-application-guard-mdag-public-apis.md => security/Microsoft-Defender-Application-Guard-MDAG-public-APIs.md} (97%)
 rename includes/licensing/{microsoft-defender-smartscreen.md => security/Microsoft-Defender-SmartScreen.md} (97%)
 rename includes/licensing/{microsoft-defender-for-endpoint.md => security/Microsoft-Defender-for-Endpoint.md} (97%)
 rename includes/licensing/{microsoft-pluton-security-processor.md => security/Microsoft-Pluton-security-processor.md} (97%)
 rename includes/licensing/{microsoft-vulnerable-driver-blocklist.md => security/Microsoft-Vulnerable-Driver-Blocklist.md} (97%)
 rename includes/licensing/{opportunistic-wireless-encryption-owe.md => security/Opportunistic-Wireless-Encryption-OWE.md} (97%)
 rename includes/licensing/{personal-data-encryption-pde.md => security/Personal-data-encryption-PDE.md} (97%)
 rename includes/licensing/{privacy-resource-usage.md => security/Privacy-Resource-Usage.md} (97%)
 rename includes/licensing/{privacy-transparency-and-controls.md => security/Privacy-Transparency-and-Controls.md} (97%)
 rename includes/licensing/{remote-wipe-autopilot-reset.md => security/Remote-wipe-Autopilot-reset.md} (97%)
 rename includes/licensing/{secure-boot-and-trusted-boot.md => security/Secure-Boot-and-Trusted-Boot.md} (97%)
 rename includes/licensing/{secured-core-pc.md => security/Secured-core-PC.md} (97%)
 rename includes/licensing/{secured-core-configuration-lock.md => security/Secured-core-configuration-lock.md} (97%)
 rename includes/licensing/{security-baselines-with-intune.md => security/Security-baselines-with-Intune.md} (97%)
 rename includes/licensing/{server-message-block-direct-smb-direct.md => security/Server-Message-Block-Direct-SMB-Direct.md} (97%)
 rename includes/licensing/{server-message-block-smb-file-service.md => security/Server-Message-Block-SMB-file-service.md} (97%)
 rename includes/licensing/{smart-app-control.md => security/Smart-App-Control.md} (97%)
 rename includes/licensing/{smart-cards-for-windows-service.md => security/Smart-Cards-for-Windows-Service.md} (97%)
 rename includes/licensing/{tamper-protection-settings-for-mde.md => security/Tamper-protection-settings-for-MDE.md} (97%)
 rename includes/licensing/{transport-layer-security-tls.md => security/Transport-layer-security-TLS.md} (97%)
 rename includes/licensing/{trusted-platform-module-tpm-20.md => security/Trusted-Platform-Module-TPM-20.md} (97%)
 rename includes/licensing/{universal-print.md => security/Universal-Print.md} (97%)
 rename includes/licensing/{user-account-control-uac.md => security/User-Account-Control-UAC.md} (97%)
 rename includes/licensing/{virtual-private-network-vpn.md => security/Virtual-Private-Network-VPN.md} (97%)
 rename includes/licensing/{virtualization-based-security-vbs.md => security/Virtualization-based-security-VBS.md} (97%)
 rename includes/licensing/{wifi-security.md => security/WiFi-Security.md} (97%)
 rename includes/licensing/{windows-autopatch.md => security/Windows-Autopatch.md} (97%)
 rename includes/licensing/{windows-autopilot.md => security/Windows-Autopilot.md} (97%)
 rename includes/licensing/{windows-defender-application-control-wdac.md => security/Windows-Defender-Application-Control-WDAC.md} (97%)
 rename includes/licensing/{windows-defender-credential-guard.md => security/Windows-Defender-Credential-Guard.md} (97%)
 rename includes/licensing/{windows-defender-remote-credential-guard.md => security/Windows-Defender-Remote-Credential-Guard.md} (97%)
 rename includes/licensing/{windows-defender-system-guard.md => security/Windows-Defender-System-Guard.md} (97%)
 rename includes/licensing/{windows-firewall.md => security/Windows-Firewall.md} (97%)
 create mode 100644 includes/licensing/security/Windows-Hello-for-Business-Enhanced-Security-Sign-in-ESS.md
 rename includes/licensing/{windows-hello-for-business.md => security/Windows-Hello-for-Business.md} (97%)
 rename includes/licensing/{windows-sandbox.md => security/Windows-Sandbox.md} (97%)
 rename includes/licensing/{windows-security-policy-settings-and-auditing.md => security/Windows-Security-policy-settings-and-auditing.md} (97%)
 create mode 100644 includes/licensing/security/Windows-Update-for-Business.md
 rename includes/licensing/{windows-containers.md => security/Windows-containers.md} (97%)
 create mode 100644 includes/licensing/security/Windows-feature-and-expedite-updates-with-Intune.md
 rename includes/licensing/{windows-presence-sensing.md => security/Windows-presence-sensing.md} (97%)
 rename includes/licensing/{ => security}/_edition-requirements.md (75%)
 rename includes/licensing/{ => security}/_licensing-requirements.md (76%)
 delete mode 100644 includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess-.md

diff --git a/includes/licensing/access-control-aclsscals.md b/includes/licensing/security/Access-Control-ACLsSCALS.md
similarity index 97%
rename from includes/licensing/access-control-aclsscals.md
rename to includes/licensing/security/Access-Control-ACLsSCALS.md
index b61af93fa8..0364fa5804 100644
--- a/includes/licensing/access-control-aclsscals.md
+++ b/includes/licensing/security/Access-Control-ACLsSCALS.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/account-lockout-policy.md b/includes/licensing/security/Account-Lockout-Policy.md
similarity index 97%
rename from includes/licensing/account-lockout-policy.md
rename to includes/licensing/security/Account-Lockout-Policy.md
index 8b18a6b661..df33653d30 100644
--- a/includes/licensing/account-lockout-policy.md
+++ b/includes/licensing/security/Account-Lockout-Policy.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/always-on-vpn.md b/includes/licensing/security/Always-On-VPN.md
similarity index 97%
rename from includes/licensing/always-on-vpn.md
rename to includes/licensing/security/Always-On-VPN.md
index 81d7029add..0dc04a9527 100644
--- a/includes/licensing/always-on-vpn.md
+++ b/includes/licensing/security/Always-On-VPN.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/applocker.md b/includes/licensing/security/AppLocker.md
similarity index 97%
rename from includes/licensing/applocker.md
rename to includes/licensing/security/AppLocker.md
index 2fff9e6ab8..ba9a2131d6 100644
--- a/includes/licensing/applocker.md
+++ b/includes/licensing/security/AppLocker.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/assigned-access-kiosk-mode.md b/includes/licensing/security/Assigned-Access-kiosk-mode.md
similarity index 97%
rename from includes/licensing/assigned-access-kiosk-mode.md
rename to includes/licensing/security/Assigned-Access-kiosk-mode.md
index a82316265b..29e6639e12 100644
--- a/includes/licensing/assigned-access-kiosk-mode.md
+++ b/includes/licensing/security/Assigned-Access-kiosk-mode.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/attack-surface-reduction-asr.md b/includes/licensing/security/Attack-surface-reduction-ASR.md
similarity index 97%
rename from includes/licensing/attack-surface-reduction-asr.md
rename to includes/licensing/security/Attack-surface-reduction-ASR.md
index 3a5d744e92..b9fcdbbbec 100644
--- a/includes/licensing/attack-surface-reduction-asr.md
+++ b/includes/licensing/security/Attack-surface-reduction-ASR.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md b/includes/licensing/security/Azure-AD-join-Active-Directory-domain-join-and-Hybrid-Azure-AD-join-with-single-sign-on-SSO.md
similarity index 97%
rename from includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
rename to includes/licensing/security/Azure-AD-join-Active-Directory-domain-join-and-Hybrid-Azure-AD-join-with-single-sign-on-SSO.md
index 8617927b9e..98caba3406 100644
--- a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
+++ b/includes/licensing/security/Azure-AD-join-Active-Directory-domain-join-and-Hybrid-Azure-AD-join-with-single-sign-on-SSO.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/bitlocker.md b/includes/licensing/security/BitLocker.md
similarity index 97%
rename from includes/licensing/bitlocker.md
rename to includes/licensing/security/BitLocker.md
index 94fd275f1b..bb61941f20 100644
--- a/includes/licensing/bitlocker.md
+++ b/includes/licensing/security/BitLocker.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/bluetooth-pairing-and-connection-protection.md b/includes/licensing/security/Bluetooth-pairing-and-connection-protection.md
similarity index 97%
rename from includes/licensing/bluetooth-pairing-and-connection-protection.md
rename to includes/licensing/security/Bluetooth-pairing-and-connection-protection.md
index 1e9b048129..452c4e8579 100644
--- a/includes/licensing/bluetooth-pairing-and-connection-protection.md
+++ b/includes/licensing/security/Bluetooth-pairing-and-connection-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/common-criteria-certifications.md b/includes/licensing/security/Common-Criteria-certifications.md
similarity index 97%
rename from includes/licensing/common-criteria-certifications.md
rename to includes/licensing/security/Common-Criteria-certifications.md
index c79ce326be..fbcc3a78f3 100644
--- a/includes/licensing/common-criteria-certifications.md
+++ b/includes/licensing/security/Common-Criteria-certifications.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/controlled-folder-access.md b/includes/licensing/security/Controlled-folder-access.md
similarity index 97%
rename from includes/licensing/controlled-folder-access.md
rename to includes/licensing/security/Controlled-folder-access.md
index 2a61948725..18accb297d 100644
--- a/includes/licensing/controlled-folder-access.md
+++ b/includes/licensing/security/Controlled-folder-access.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/device-health-attestation-service.md b/includes/licensing/security/Device-health-attestation-service.md
similarity index 97%
rename from includes/licensing/device-health-attestation-service.md
rename to includes/licensing/security/Device-health-attestation-service.md
index 6a665ad462..385963b2a3 100644
--- a/includes/licensing/device-health-attestation-service.md
+++ b/includes/licensing/security/Device-health-attestation-service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/direct-access.md b/includes/licensing/security/Direct-Access.md
similarity index 97%
rename from includes/licensing/direct-access.md
rename to includes/licensing/security/Direct-Access.md
index 8b51088d50..ba0ab0da50 100644
--- a/includes/licensing/direct-access.md
+++ b/includes/licensing/security/Direct-Access.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/email-encryption-smime.md b/includes/licensing/security/Email-Encryption-SMIME.md
similarity index 97%
rename from includes/licensing/email-encryption-smime.md
rename to includes/licensing/security/Email-Encryption-SMIME.md
index 4927db3ddc..e73e64f50b 100644
--- a/includes/licensing/email-encryption-smime.md
+++ b/includes/licensing/security/Email-Encryption-SMIME.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/encrypted-hard-drive.md b/includes/licensing/security/Encrypted-hard-drive.md
similarity index 97%
rename from includes/licensing/encrypted-hard-drive.md
rename to includes/licensing/security/Encrypted-hard-drive.md
index bed3785662..35b83298ce 100644
--- a/includes/licensing/encrypted-hard-drive.md
+++ b/includes/licensing/security/Encrypted-hard-drive.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/security/Endpoint-Analytics.md b/includes/licensing/security/Endpoint-Analytics.md
new file mode 100644
index 0000000000..428534c57d
--- /dev/null
+++ b/includes/licensing/security/Endpoint-Analytics.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/21/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Endpoint Analytics:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Endpoint Analytics license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md b/includes/licensing/security/Enhanced-phishing-protection-with-SmartScreen.md
similarity index 97%
rename from includes/licensing/enhanced-phishing-protection-with-smartscreen.md
rename to includes/licensing/security/Enhanced-phishing-protection-with-SmartScreen.md
index a686eedfa0..ac0579fb14 100644
--- a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
+++ b/includes/licensing/security/Enhanced-phishing-protection-with-SmartScreen.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/exploit-protection.md b/includes/licensing/security/Exploit-protection.md
similarity index 97%
rename from includes/licensing/exploit-protection.md
rename to includes/licensing/security/Exploit-protection.md
index 79075680e1..5f38d31dc2 100644
--- a/includes/licensing/exploit-protection.md
+++ b/includes/licensing/security/Exploit-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/fast-identity-online-fido2-security-key.md b/includes/licensing/security/Fast-Identity-Online-FIDO2-security-key.md
similarity index 97%
rename from includes/licensing/fast-identity-online-fido2-security-key.md
rename to includes/licensing/security/Fast-Identity-Online-FIDO2-security-key.md
index b77f7bcdda..be5c9e5a7f 100644
--- a/includes/licensing/fast-identity-online-fido2-security-key.md
+++ b/includes/licensing/security/Fast-Identity-Online-FIDO2-security-key.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/federal-information-processing-standard-fips-140-validation.md b/includes/licensing/security/Federal-Information-Processing-Standard-FIPS-140-validation.md
similarity index 97%
rename from includes/licensing/federal-information-processing-standard-fips-140-validation.md
rename to includes/licensing/security/Federal-Information-Processing-Standard-FIPS-140-validation.md
index c69f77ad4d..c628b32b6f 100644
--- a/includes/licensing/federal-information-processing-standard-fips-140-validation.md
+++ b/includes/licensing/security/Federal-Information-Processing-Standard-FIPS-140-validation.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/security/Federated-sign-in.md
similarity index 97%
rename from includes/licensing/federated-sign-in.md
rename to includes/licensing/security/Federated-sign-in.md
index dd7843efd2..98e24a8a1c 100644
--- a/includes/licensing/federated-sign-in.md
+++ b/includes/licensing/security/Federated-sign-in.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/hardware-enforced-stack-protection.md b/includes/licensing/security/Hardware-enforced-stack-protection.md
similarity index 97%
rename from includes/licensing/hardware-enforced-stack-protection.md
rename to includes/licensing/security/Hardware-enforced-stack-protection.md
index 78d7aeec9a..e80f671329 100644
--- a/includes/licensing/hardware-enforced-stack-protection.md
+++ b/includes/licensing/security/Hardware-enforced-stack-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/hypervisor-protected-code-integrity-hvci.md b/includes/licensing/security/Hypervisor-protected-Code-Integrity-HVCI.md
similarity index 97%
rename from includes/licensing/hypervisor-protected-code-integrity-hvci.md
rename to includes/licensing/security/Hypervisor-protected-Code-Integrity-HVCI.md
index 7e61d752bb..afc25a3761 100644
--- a/includes/licensing/hypervisor-protected-code-integrity-hvci.md
+++ b/includes/licensing/security/Hypervisor-protected-Code-Integrity-HVCI.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/kernel-direct-memory-access-dma-protection.md b/includes/licensing/security/Kernel-Direct-Memory-Access-DMA-protection.md
similarity index 97%
rename from includes/licensing/kernel-direct-memory-access-dma-protection.md
rename to includes/licensing/security/Kernel-Direct-Memory-Access-DMA-protection.md
index 279343b746..7616cce432 100644
--- a/includes/licensing/kernel-direct-memory-access-dma-protection.md
+++ b/includes/licensing/security/Kernel-Direct-Memory-Access-DMA-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/local-administrator-password-solution.md b/includes/licensing/security/Local-Administrator-Password-Solution.md
similarity index 97%
rename from includes/licensing/local-administrator-password-solution.md
rename to includes/licensing/security/Local-Administrator-Password-Solution.md
index f3755e26ef..f2e7e52112 100644
--- a/includes/licensing/local-administrator-password-solution.md
+++ b/includes/licensing/security/Local-Administrator-Password-Solution.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/local-security-authority-lsa-protection.md b/includes/licensing/security/Local-Security-Authority-LSA-Protection.md
similarity index 97%
rename from includes/licensing/local-security-authority-lsa-protection.md
rename to includes/licensing/security/Local-Security-Authority-LSA-Protection.md
index d73f52dbb0..57b8046bab 100644
--- a/includes/licensing/local-security-authority-lsa-protection.md
+++ b/includes/licensing/security/Local-Security-Authority-LSA-Protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md b/includes/licensing/security/Manage-by-Mobile-Device-Management-MDM-and-group-policy.md
similarity index 97%
rename from includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
rename to includes/licensing/security/Manage-by-Mobile-Device-Management-MDM-and-group-policy.md
index 0f451c84a3..1b35f363cd 100644
--- a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
+++ b/includes/licensing/security/Manage-by-Mobile-Device-Management-MDM-and-group-policy.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/measured-boot.md b/includes/licensing/security/Measured-boot.md
similarity index 97%
rename from includes/licensing/measured-boot.md
rename to includes/licensing/security/Measured-boot.md
index 6ef4375480..3734f132f2 100644
--- a/includes/licensing/measured-boot.md
+++ b/includes/licensing/security/Measured-boot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-antivirus.md b/includes/licensing/security/Microsoft-Defender-Antivirus.md
similarity index 97%
rename from includes/licensing/microsoft-defender-antivirus.md
rename to includes/licensing/security/Microsoft-Defender-Antivirus.md
index 9c1be50238..fe7c31a35f 100644
--- a/includes/licensing/microsoft-defender-antivirus.md
+++ b/includes/licensing/security/Microsoft-Defender-Antivirus.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md b/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-configure-via-MDM.md
similarity index 97%
rename from includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
rename to includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-configure-via-MDM.md
index 51a3ed00c4..d8db86399a 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
+++ b/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-configure-via-MDM.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md b/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Edge-enterprise-mode-and-enterprise-management.md
similarity index 97%
rename from includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
rename to includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Edge-enterprise-mode-and-enterprise-management.md
index e54c7297e5..c0a5aad999 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
+++ b/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Edge-enterprise-mode-and-enterprise-management.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md b/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Edge-standalone-mode.md
similarity index 97%
rename from includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
rename to includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Edge-standalone-mode.md
index 63209d39a9..f98c67144f 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
+++ b/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Edge-standalone-mode.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md b/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Microsoft-Office.md
similarity index 97%
rename from includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
rename to includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Microsoft-Office.md
index ddf7f5724f..be2ed700a1 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
+++ b/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Microsoft-Office.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md b/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-public-APIs.md
similarity index 97%
rename from includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
rename to includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-public-APIs.md
index 8013ede707..b18edb8fc7 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
+++ b/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-public-APIs.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-smartscreen.md b/includes/licensing/security/Microsoft-Defender-SmartScreen.md
similarity index 97%
rename from includes/licensing/microsoft-defender-smartscreen.md
rename to includes/licensing/security/Microsoft-Defender-SmartScreen.md
index 79341e2f69..ace8bc007a 100644
--- a/includes/licensing/microsoft-defender-smartscreen.md
+++ b/includes/licensing/security/Microsoft-Defender-SmartScreen.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-for-endpoint.md b/includes/licensing/security/Microsoft-Defender-for-Endpoint.md
similarity index 97%
rename from includes/licensing/microsoft-defender-for-endpoint.md
rename to includes/licensing/security/Microsoft-Defender-for-Endpoint.md
index 64f94347cb..8858cb9ecf 100644
--- a/includes/licensing/microsoft-defender-for-endpoint.md
+++ b/includes/licensing/security/Microsoft-Defender-for-Endpoint.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-pluton-security-processor.md b/includes/licensing/security/Microsoft-Pluton-security-processor.md
similarity index 97%
rename from includes/licensing/microsoft-pluton-security-processor.md
rename to includes/licensing/security/Microsoft-Pluton-security-processor.md
index a829864982..f702340492 100644
--- a/includes/licensing/microsoft-pluton-security-processor.md
+++ b/includes/licensing/security/Microsoft-Pluton-security-processor.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-vulnerable-driver-blocklist.md b/includes/licensing/security/Microsoft-Vulnerable-Driver-Blocklist.md
similarity index 97%
rename from includes/licensing/microsoft-vulnerable-driver-blocklist.md
rename to includes/licensing/security/Microsoft-Vulnerable-Driver-Blocklist.md
index 5e8d7d0619..9fc3e71120 100644
--- a/includes/licensing/microsoft-vulnerable-driver-blocklist.md
+++ b/includes/licensing/security/Microsoft-Vulnerable-Driver-Blocklist.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/opportunistic-wireless-encryption-owe.md b/includes/licensing/security/Opportunistic-Wireless-Encryption-OWE.md
similarity index 97%
rename from includes/licensing/opportunistic-wireless-encryption-owe.md
rename to includes/licensing/security/Opportunistic-Wireless-Encryption-OWE.md
index 329b98a56f..dd25a92e7e 100644
--- a/includes/licensing/opportunistic-wireless-encryption-owe.md
+++ b/includes/licensing/security/Opportunistic-Wireless-Encryption-OWE.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/personal-data-encryption-pde.md b/includes/licensing/security/Personal-data-encryption-PDE.md
similarity index 97%
rename from includes/licensing/personal-data-encryption-pde.md
rename to includes/licensing/security/Personal-data-encryption-PDE.md
index 17db0c0d9b..bfb8905cf0 100644
--- a/includes/licensing/personal-data-encryption-pde.md
+++ b/includes/licensing/security/Personal-data-encryption-PDE.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/privacy-resource-usage.md b/includes/licensing/security/Privacy-Resource-Usage.md
similarity index 97%
rename from includes/licensing/privacy-resource-usage.md
rename to includes/licensing/security/Privacy-Resource-Usage.md
index 1912cef847..2685ed854c 100644
--- a/includes/licensing/privacy-resource-usage.md
+++ b/includes/licensing/security/Privacy-Resource-Usage.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/privacy-transparency-and-controls.md b/includes/licensing/security/Privacy-Transparency-and-Controls.md
similarity index 97%
rename from includes/licensing/privacy-transparency-and-controls.md
rename to includes/licensing/security/Privacy-Transparency-and-Controls.md
index 423adcfba8..c8e3ecbddb 100644
--- a/includes/licensing/privacy-transparency-and-controls.md
+++ b/includes/licensing/security/Privacy-Transparency-and-Controls.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/remote-wipe-autopilot-reset.md b/includes/licensing/security/Remote-wipe-Autopilot-reset.md
similarity index 97%
rename from includes/licensing/remote-wipe-autopilot-reset.md
rename to includes/licensing/security/Remote-wipe-Autopilot-reset.md
index d4c0bc571a..0994f56a85 100644
--- a/includes/licensing/remote-wipe-autopilot-reset.md
+++ b/includes/licensing/security/Remote-wipe-Autopilot-reset.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/secure-boot-and-trusted-boot.md b/includes/licensing/security/Secure-Boot-and-Trusted-Boot.md
similarity index 97%
rename from includes/licensing/secure-boot-and-trusted-boot.md
rename to includes/licensing/security/Secure-Boot-and-Trusted-Boot.md
index fd57393232..85dc0feba8 100644
--- a/includes/licensing/secure-boot-and-trusted-boot.md
+++ b/includes/licensing/security/Secure-Boot-and-Trusted-Boot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/secured-core-pc.md b/includes/licensing/security/Secured-core-PC.md
similarity index 97%
rename from includes/licensing/secured-core-pc.md
rename to includes/licensing/security/Secured-core-PC.md
index cd335f6263..c6b3f79578 100644
--- a/includes/licensing/secured-core-pc.md
+++ b/includes/licensing/security/Secured-core-PC.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/secured-core-configuration-lock.md b/includes/licensing/security/Secured-core-configuration-lock.md
similarity index 97%
rename from includes/licensing/secured-core-configuration-lock.md
rename to includes/licensing/security/Secured-core-configuration-lock.md
index 282eefbd8f..e64c67ca74 100644
--- a/includes/licensing/secured-core-configuration-lock.md
+++ b/includes/licensing/security/Secured-core-configuration-lock.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/security-baselines-with-intune.md b/includes/licensing/security/Security-baselines-with-Intune.md
similarity index 97%
rename from includes/licensing/security-baselines-with-intune.md
rename to includes/licensing/security/Security-baselines-with-Intune.md
index bc9a0ca9c2..c2d8d272a6 100644
--- a/includes/licensing/security-baselines-with-intune.md
+++ b/includes/licensing/security/Security-baselines-with-Intune.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/server-message-block-direct-smb-direct.md b/includes/licensing/security/Server-Message-Block-Direct-SMB-Direct.md
similarity index 97%
rename from includes/licensing/server-message-block-direct-smb-direct.md
rename to includes/licensing/security/Server-Message-Block-Direct-SMB-Direct.md
index 4b468b65a6..e1e6dea11a 100644
--- a/includes/licensing/server-message-block-direct-smb-direct.md
+++ b/includes/licensing/security/Server-Message-Block-Direct-SMB-Direct.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/server-message-block-smb-file-service.md b/includes/licensing/security/Server-Message-Block-SMB-file-service.md
similarity index 97%
rename from includes/licensing/server-message-block-smb-file-service.md
rename to includes/licensing/security/Server-Message-Block-SMB-file-service.md
index 1e1f9fc40a..d1c3090375 100644
--- a/includes/licensing/server-message-block-smb-file-service.md
+++ b/includes/licensing/security/Server-Message-Block-SMB-file-service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/smart-app-control.md b/includes/licensing/security/Smart-App-Control.md
similarity index 97%
rename from includes/licensing/smart-app-control.md
rename to includes/licensing/security/Smart-App-Control.md
index 6ea29fbfb6..232c73dcb7 100644
--- a/includes/licensing/smart-app-control.md
+++ b/includes/licensing/security/Smart-App-Control.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/smart-cards-for-windows-service.md b/includes/licensing/security/Smart-Cards-for-Windows-Service.md
similarity index 97%
rename from includes/licensing/smart-cards-for-windows-service.md
rename to includes/licensing/security/Smart-Cards-for-Windows-Service.md
index 803b2af86c..4f8931fa0c 100644
--- a/includes/licensing/smart-cards-for-windows-service.md
+++ b/includes/licensing/security/Smart-Cards-for-Windows-Service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/tamper-protection-settings-for-mde.md b/includes/licensing/security/Tamper-protection-settings-for-MDE.md
similarity index 97%
rename from includes/licensing/tamper-protection-settings-for-mde.md
rename to includes/licensing/security/Tamper-protection-settings-for-MDE.md
index 28cbc5ff70..4d9c90a617 100644
--- a/includes/licensing/tamper-protection-settings-for-mde.md
+++ b/includes/licensing/security/Tamper-protection-settings-for-MDE.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/transport-layer-security-tls.md b/includes/licensing/security/Transport-layer-security-TLS.md
similarity index 97%
rename from includes/licensing/transport-layer-security-tls.md
rename to includes/licensing/security/Transport-layer-security-TLS.md
index 43104ded20..862c656964 100644
--- a/includes/licensing/transport-layer-security-tls.md
+++ b/includes/licensing/security/Transport-layer-security-TLS.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/trusted-platform-module-tpm-20.md b/includes/licensing/security/Trusted-Platform-Module-TPM-20.md
similarity index 97%
rename from includes/licensing/trusted-platform-module-tpm-20.md
rename to includes/licensing/security/Trusted-Platform-Module-TPM-20.md
index 60a46d1917..6dd2f782e6 100644
--- a/includes/licensing/trusted-platform-module-tpm-20.md
+++ b/includes/licensing/security/Trusted-Platform-Module-TPM-20.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/universal-print.md b/includes/licensing/security/Universal-Print.md
similarity index 97%
rename from includes/licensing/universal-print.md
rename to includes/licensing/security/Universal-Print.md
index a346b3ff35..8edd1830a1 100644
--- a/includes/licensing/universal-print.md
+++ b/includes/licensing/security/Universal-Print.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/user-account-control-uac.md b/includes/licensing/security/User-Account-Control-UAC.md
similarity index 97%
rename from includes/licensing/user-account-control-uac.md
rename to includes/licensing/security/User-Account-Control-UAC.md
index 41276ad062..887d3a908f 100644
--- a/includes/licensing/user-account-control-uac.md
+++ b/includes/licensing/security/User-Account-Control-UAC.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/virtual-private-network-vpn.md b/includes/licensing/security/Virtual-Private-Network-VPN.md
similarity index 97%
rename from includes/licensing/virtual-private-network-vpn.md
rename to includes/licensing/security/Virtual-Private-Network-VPN.md
index ea1d783bc4..7c00cca450 100644
--- a/includes/licensing/virtual-private-network-vpn.md
+++ b/includes/licensing/security/Virtual-Private-Network-VPN.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/virtualization-based-security-vbs.md b/includes/licensing/security/Virtualization-based-security-VBS.md
similarity index 97%
rename from includes/licensing/virtualization-based-security-vbs.md
rename to includes/licensing/security/Virtualization-based-security-VBS.md
index 25e88ae0f7..65016d71b3 100644
--- a/includes/licensing/virtualization-based-security-vbs.md
+++ b/includes/licensing/security/Virtualization-based-security-VBS.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/wifi-security.md b/includes/licensing/security/WiFi-Security.md
similarity index 97%
rename from includes/licensing/wifi-security.md
rename to includes/licensing/security/WiFi-Security.md
index 64cd094090..73a23e84a4 100644
--- a/includes/licensing/wifi-security.md
+++ b/includes/licensing/security/WiFi-Security.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-autopatch.md b/includes/licensing/security/Windows-Autopatch.md
similarity index 97%
rename from includes/licensing/windows-autopatch.md
rename to includes/licensing/security/Windows-Autopatch.md
index 5befd266fd..015bbc1455 100644
--- a/includes/licensing/windows-autopatch.md
+++ b/includes/licensing/security/Windows-Autopatch.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-autopilot.md b/includes/licensing/security/Windows-Autopilot.md
similarity index 97%
rename from includes/licensing/windows-autopilot.md
rename to includes/licensing/security/Windows-Autopilot.md
index 864a70420d..57ca063e7e 100644
--- a/includes/licensing/windows-autopilot.md
+++ b/includes/licensing/security/Windows-Autopilot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-defender-application-control-wdac.md b/includes/licensing/security/Windows-Defender-Application-Control-WDAC.md
similarity index 97%
rename from includes/licensing/windows-defender-application-control-wdac.md
rename to includes/licensing/security/Windows-Defender-Application-Control-WDAC.md
index e24df8d22d..197986a72d 100644
--- a/includes/licensing/windows-defender-application-control-wdac.md
+++ b/includes/licensing/security/Windows-Defender-Application-Control-WDAC.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-defender-credential-guard.md b/includes/licensing/security/Windows-Defender-Credential-Guard.md
similarity index 97%
rename from includes/licensing/windows-defender-credential-guard.md
rename to includes/licensing/security/Windows-Defender-Credential-Guard.md
index f8de73da86..122f5a02ba 100644
--- a/includes/licensing/windows-defender-credential-guard.md
+++ b/includes/licensing/security/Windows-Defender-Credential-Guard.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-defender-remote-credential-guard.md b/includes/licensing/security/Windows-Defender-Remote-Credential-Guard.md
similarity index 97%
rename from includes/licensing/windows-defender-remote-credential-guard.md
rename to includes/licensing/security/Windows-Defender-Remote-Credential-Guard.md
index 427cb21ad5..01fab46e8d 100644
--- a/includes/licensing/windows-defender-remote-credential-guard.md
+++ b/includes/licensing/security/Windows-Defender-Remote-Credential-Guard.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-defender-system-guard.md b/includes/licensing/security/Windows-Defender-System-Guard.md
similarity index 97%
rename from includes/licensing/windows-defender-system-guard.md
rename to includes/licensing/security/Windows-Defender-System-Guard.md
index b41b5fe127..a4b2994d2a 100644
--- a/includes/licensing/windows-defender-system-guard.md
+++ b/includes/licensing/security/Windows-Defender-System-Guard.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-firewall.md b/includes/licensing/security/Windows-Firewall.md
similarity index 97%
rename from includes/licensing/windows-firewall.md
rename to includes/licensing/security/Windows-Firewall.md
index f315039fc8..946a1000ca 100644
--- a/includes/licensing/windows-firewall.md
+++ b/includes/licensing/security/Windows-Firewall.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/security/Windows-Hello-for-Business-Enhanced-Security-Sign-in-ESS.md b/includes/licensing/security/Windows-Hello-for-Business-Enhanced-Security-Sign-in-ESS.md
new file mode 100644
index 0000000000..ec3c3e65cc
--- /dev/null
+++ b/includes/licensing/security/Windows-Hello-for-Business-Enhanced-Security-Sign-in-ESS.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/21/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Hello for Business Enhanced Security Sign-in (ESS):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Hello for Business Enhanced Security Sign-in (ESS) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/windows-hello-for-business.md b/includes/licensing/security/Windows-Hello-for-Business.md
similarity index 97%
rename from includes/licensing/windows-hello-for-business.md
rename to includes/licensing/security/Windows-Hello-for-Business.md
index 04670f3262..ed78c5c3a7 100644
--- a/includes/licensing/windows-hello-for-business.md
+++ b/includes/licensing/security/Windows-Hello-for-Business.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-sandbox.md b/includes/licensing/security/Windows-Sandbox.md
similarity index 97%
rename from includes/licensing/windows-sandbox.md
rename to includes/licensing/security/Windows-Sandbox.md
index 7b4226f716..9745ec4edd 100644
--- a/includes/licensing/windows-sandbox.md
+++ b/includes/licensing/security/Windows-Sandbox.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-security-policy-settings-and-auditing.md b/includes/licensing/security/Windows-Security-policy-settings-and-auditing.md
similarity index 97%
rename from includes/licensing/windows-security-policy-settings-and-auditing.md
rename to includes/licensing/security/Windows-Security-policy-settings-and-auditing.md
index d366e1660e..ae5e26d298 100644
--- a/includes/licensing/windows-security-policy-settings-and-auditing.md
+++ b/includes/licensing/security/Windows-Security-policy-settings-and-auditing.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/security/Windows-Update-for-Business.md b/includes/licensing/security/Windows-Update-for-Business.md
new file mode 100644
index 0000000000..0b154d8618
--- /dev/null
+++ b/includes/licensing/security/Windows-Update-for-Business.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/21/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Update for Business:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Update for Business license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/windows-containers.md b/includes/licensing/security/Windows-containers.md
similarity index 97%
rename from includes/licensing/windows-containers.md
rename to includes/licensing/security/Windows-containers.md
index 4a4dfb57ff..89c14bb938 100644
--- a/includes/licensing/windows-containers.md
+++ b/includes/licensing/security/Windows-containers.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/security/Windows-feature-and-expedite-updates-with-Intune.md b/includes/licensing/security/Windows-feature-and-expedite-updates-with-Intune.md
new file mode 100644
index 0000000000..2f213e36ef
--- /dev/null
+++ b/includes/licensing/security/Windows-feature-and-expedite-updates-with-Intune.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/21/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows feature and expedite updates with Intune:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows feature and expedite updates with Intune license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
diff --git a/includes/licensing/windows-presence-sensing.md b/includes/licensing/security/Windows-presence-sensing.md
similarity index 97%
rename from includes/licensing/windows-presence-sensing.md
rename to includes/licensing/security/Windows-presence-sensing.md
index b86eea0301..04bdc00300 100644
--- a/includes/licensing/windows-presence-sensing.md
+++ b/includes/licensing/security/Windows-presence-sensing.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/security/_edition-requirements.md
similarity index 75%
rename from includes/licensing/_edition-requirements.md
rename to includes/licensing/security/_edition-requirements.md
index ceb1113e19..07d24e4f5e 100644
--- a/includes/licensing/_edition-requirements.md
+++ b/includes/licensing/security/_edition-requirements.md
@@ -1,51 +1,52 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
 The following table lists the security features that are available in Windows, and the Windows editions that support them:
 
-|Feature name|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+| Feature name | Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education |
 |:---:|:---:|:---:|:---:|:---:|
 |**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|
-|**[Always On VPN](/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|Yes|Yes|
+|**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|Yes|Yes|
 |**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|Yes|Yes|Yes|Yes|
 |**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|
-|**[Attack surface reduction (ASR)](/en-us/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|
+|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|
 |**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|
 |**[BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|
 |**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|
 |**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|
-|**[Controlled folder access](/en-us/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|
+|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|
 |**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|
 |**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|No|Yes|No|Yes|
 |**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|
 |**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|
+|**[Endpoint Analytics](/mem/analytics/overview)**|Yes|Yes|Yes|Yes|
 |**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|
 |**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|
-|**[Fast Identity Online (FIDO2) security key](/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|
+|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|
 |**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|
 |**[Federated sign-in](/education/windows/federated-sign-in)**|No|No|Yes|Yes|
 |**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|
 |**[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)**|Yes|Yes|Yes|Yes|
-|**[Kernel Direct Memory Access (DMA) protection](/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|
+|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|
 |**Local Administrator Password Solution**|Yes|Yes|Yes|Yes|
-|**[Local Security Authority (LSA) Protection](/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=%2Fwindows%2Fsecurity%2Ftoc.json&bc=%2Fwindows%2Fsecurity%2Fbreadcrumb%2Ftoc.json)**|Yes|Yes|Yes|Yes|
+|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=%2Fwindows%2Fsecurity%2Ftoc.json&bc=%2Fwindows%2Fsecurity%2Fbreadcrumb%2Ftoc.json)**|Yes|Yes|Yes|Yes|
 |**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|
 |**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Antivirus](/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|No|Yes|No|Yes|
 |**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|No|Yes|No|Yes|
 |**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/en-us/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|No|Yes|No|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|No|Yes|No|Yes|
 |**Microsoft Defender Application Guard (MDAG) public APIs**|No|Yes|No|Yes|
 |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Vulnerable Driver Blocklist](/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules%23microsoft-vulnerable-driver-blocklist)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules%23microsoft-vulnerable-driver-blocklist)**|Yes|Yes|Yes|Yes|
 |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|
 |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|No|Yes|No|Yes|
 |**Privacy Resource Usage**|Yes|Yes|Yes|Yes|
@@ -59,25 +60,26 @@ The following table lists the security features that are available in Windows, a
 |**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|
 |**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
 |**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|
-|**[Tamper protection settings for MDE](/en-us/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|
+|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|
 |**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|
 |**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|
 |**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes|
 |**[User Account Control (UAC)](/indows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|
 |**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|
-|**[Virtualization-based security (VBS)](/en-us/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|
+|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|
 |**WiFi Security**|Yes|Yes|Yes|Yes|
-|**[Windows Autopatch](/en-us/windows/deployment/windows-autopatch/)**|No|Yes|No|Yes|
+|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|No|Yes|No|Yes|
 |**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|
 |**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|
 |**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
 |**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|Yes|Yes|Yes|Yes|
 |**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|
 |**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|
+|**[Windows feature and expedite updates with Intune](/mem/intune/protect/windows-10-feature-updates)**|Yes|Yes|Yes|Yes|
 |**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|
-|**[Windows Hello for Business Enhanced Security Sign-in (ESS) ](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|
 |**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|
 |**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|
 |**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|
-
+|**[Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb)**|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/security/_licensing-requirements.md
similarity index 76%
rename from includes/licensing/_licensing-requirements.md
rename to includes/licensing/security/_licensing-requirements.md
index ed1bc471ae..93e8f47c54 100644
--- a/includes/licensing/_licensing-requirements.md
+++ b/includes/licensing/security/_licensing-requirements.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/20/2023
+ms.date: 04/21/2023
 ms.topic: include
 ---
 
@@ -11,41 +11,42 @@ The following table lists the security features that are available in Windows, a
 |:---:|:---:|:---:|:---:|:---:|:---:|
 |**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes|
-|**[Always On VPN](/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|Yes|Yes|Yes|
+|**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|Yes|Yes|Yes|
 |**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes|
-|**[Attack surface reduction (ASR)](/en-us/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes|
+|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes|
 |**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes|
 |**[BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|Yes|
 |**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|Yes|
-|**[Controlled folder access](/en-us/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|Yes|
+|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|Yes|
 |**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|Yes|
 |**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|No|Yes|Yes|Yes|Yes|
 |**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|Yes|
 |**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|Yes|
+|**[Endpoint Analytics](/mem/analytics/overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|Yes|
 |**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes|
-|**[Fast Identity Online (FIDO2) security key](/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|Yes|
+|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|Yes|
 |**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes|
 |**[Federated sign-in](/education/windows/federated-sign-in)**|No|No|No|Yes|Yes|
 |**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes|
 |**[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)**|Yes|Yes|Yes|Yes|Yes|
-|**[Kernel Direct Memory Access (DMA) protection](/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes|
+|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes|
 |**Local Administrator Password Solution**|Yes|Yes|Yes|Yes|Yes|
-|**[Local Security Authority (LSA) Protection](/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=%2Fwindows%2Fsecurity%2Ftoc.json&bc=%2Fwindows%2Fsecurity%2Fbreadcrumb%2Ftoc.json)**|Yes|Yes|Yes|Yes|Yes|
+|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=%2Fwindows%2Fsecurity%2Ftoc.json&bc=%2Fwindows%2Fsecurity%2Fbreadcrumb%2Ftoc.json)**|Yes|Yes|Yes|Yes|Yes|
 |**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Antivirus](/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|No|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|No|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/en-us/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|No|No|No|No|No|
+|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|No|No|No|No|No|
 |**Microsoft Defender Application Guard (MDAG) public APIs**|No|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|No|Yes|No|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Vulnerable Driver Blocklist](/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules%23microsoft-vulnerable-driver-blocklist)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules%23microsoft-vulnerable-driver-blocklist)**|Yes|Yes|Yes|Yes|Yes|
 |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes|
 |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|No|Yes|Yes|Yes|Yes|
 |**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes|
@@ -59,25 +60,26 @@ The following table lists the security features that are available in Windows, a
 |**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|Yes|
 |**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
 |**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|Yes|
-|**[Tamper protection settings for MDE](/en-us/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes|
+|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes|
 |**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes|Yes|
 |**[User Account Control (UAC)](/indows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes|
-|**[Virtualization-based security (VBS)](/en-us/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes|
+|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes|
 |**WiFi Security**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Autopatch](/en-us/windows/deployment/windows-autopatch/)**|No|Yes|Yes|No|No|
+|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|No|Yes|Yes|No|No|
 |**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows feature and expedite updates with Intune](/mem/intune/protect/windows-10-feature-updates)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Hello for Business Enhanced Security Sign-in (ESS) ](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes|
-
+|**[Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb)**|Yes|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess-.md b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess-.md
deleted file mode 100644
index 050a888208..0000000000
--- a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess-.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/20/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows Hello for Business Enhanced Security Sign-in (ESS) :
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows Hello for Business Enhanced Security Sign-in (ESS)  license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).

From 18cfbea96905943c3e99c8f470957150b0fbf37f Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Fri, 21 Apr 2023 17:44:15 -0400
Subject: [PATCH 004/107] updates

---
 windows/security/introduction/index.md        |  4 +++-
 .../security-features-edition-requirements.md |  2 +-
 ...ity-features-licensing-requirements-edu.md | 19 -------------------
 ...ecurity-features-licensing-requirements.md |  2 +-
 4 files changed, 5 insertions(+), 22 deletions(-)
 delete mode 100644 windows/security/introduction/security-features-licensing-requirements-edu.md

diff --git a/windows/security/introduction/index.md b/windows/security/introduction/index.md
index b955feffb8..f84afefa03 100644
--- a/windows/security/introduction/index.md
+++ b/windows/security/introduction/index.md
@@ -3,6 +3,8 @@ title: Introduction to Windows security
 description: System security book.
 ms.date: 04/10/2023
 ms.topic: tutorial
+ms.author: paoloma
+author: paolomatarazzo
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
 ---
@@ -41,7 +43,7 @@ In Windows 11, hardware and software work together to protect the operating syst
 
 To help keep personal and business information protected and private, Windows 11 has multiple layers of application security that safeguard critical data and code integrity. Application isolation and controls, code integrity, privacy controls, and least-privilege principles enable developers to build in security and privacy from the ground up. This integrated security protects against breaches and malware, helps keep data private, and gives IT administrators the controls they need.
 
-In Windows 11, [Microsoft Defender Application Guard](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-app-guard) <sup>[\[2\]](#note2)</sup> uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device's location, or access resources like camera and microphone.
+In Windows 11, [Microsoft Defender Application Guard](/windows-hardware/design/device-experiences/oem-app-guard) <sup>[\[2\]](#note2)</sup> uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device's location, or access resources like camera and microphone.
 
 ## Secured identities
 
diff --git a/windows/security/introduction/security-features-edition-requirements.md b/windows/security/introduction/security-features-edition-requirements.md
index 8e934ddbdf..41ca2cf5ee 100644
--- a/windows/security/introduction/security-features-edition-requirements.md
+++ b/windows/security/introduction/security-features-edition-requirements.md
@@ -16,4 +16,4 @@ ms.technology: itpro-security
 
 # Security features Windows edition requirements
 
-[!INCLUDE [_commercial](../../whats-new/licensing/includes/_edition-requirements.md)]
\ No newline at end of file
+[!INCLUDE [_edition-requirements](../../../includes/licensing/security/_edition-requirements.md)]
\ No newline at end of file
diff --git a/windows/security/introduction/security-features-licensing-requirements-edu.md b/windows/security/introduction/security-features-licensing-requirements-edu.md
deleted file mode 100644
index c209c60a6d..0000000000
--- a/windows/security/introduction/security-features-licensing-requirements-edu.md
+++ /dev/null
@@ -1,19 +0,0 @@
----
-title: Windows security licensing requirements for Education
-description: Learn about Windows features and licensing requirements for the feature included in Windows (Education).
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
-ms.collection:
-- tier3
-ms.topic: conceptual
-ms.date: 03/12/2023
-appliesto:
-- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-ms.technology: itpro-security
----
-
-# Windows security licensing requirements for Education
-
-[!INCLUDE [_licensing-requirements](../../whats-new/licensing/includes/_licensing-requirements-edu.md)]
\ No newline at end of file
diff --git a/windows/security/introduction/security-features-licensing-requirements.md b/windows/security/introduction/security-features-licensing-requirements.md
index faad9c9fab..676b071fa0 100644
--- a/windows/security/introduction/security-features-licensing-requirements.md
+++ b/windows/security/introduction/security-features-licensing-requirements.md
@@ -16,4 +16,4 @@ ms.technology: itpro-security
 
 # Windows security licensing requirements
 
-[!INCLUDE [_licensing-requirements](../../whats-new/licensing/includes/_licensing-requirements.md)]
\ No newline at end of file
+[!INCLUDE [_licensing-requirements](../../../includes/licensing/security/_licensing-requirements.md)]
\ No newline at end of file

From 2911a858bdb1bc421fbfb8e152246508c3a701f3 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Fri, 21 Apr 2023 18:01:16 -0400
Subject: [PATCH 005/107] table layout update

---
 includes/licensing/security/_edition-requirements.md   | 2 +-
 includes/licensing/security/_licensing-requirements.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/licensing/security/_edition-requirements.md b/includes/licensing/security/_edition-requirements.md
index 07d24e4f5e..545a567d4b 100644
--- a/includes/licensing/security/_edition-requirements.md
+++ b/includes/licensing/security/_edition-requirements.md
@@ -8,7 +8,7 @@ ms.topic: include
 The following table lists the security features that are available in Windows, and the Windows editions that support them:
 
 | Feature name | Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education |
-|:---:|:---:|:---:|:---:|:---:|
+|:---|:---:|:---:|:---:|:---:|
 |**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|
 |**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/security/_licensing-requirements.md b/includes/licensing/security/_licensing-requirements.md
index 93e8f47c54..733e73a885 100644
--- a/includes/licensing/security/_licensing-requirements.md
+++ b/includes/licensing/security/_licensing-requirements.md
@@ -8,7 +8,7 @@ ms.topic: include
 The following table lists the security features that are available in Windows, and the licensing requirements to use them:
 
 |Feature name|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|:---:|
+|:---|:---:|:---:|:---:|:---:|:---:|
 |**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes|
 |**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|Yes|Yes|Yes|

From 306c140a10aad8fb04f53c4d3c31d8c606a290a2 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 24 Apr 2023 07:44:27 -0400
Subject: [PATCH 006/107] update to include files

---
 education/windows/federated-sign-in.md                    | 8 ++++----
 .../licensing/{security => }/_edition-requirements.md     | 4 ++--
 .../licensing/{security => }/_licensing-requirements.md   | 4 ++--
 ...s-Control-ACLsSCALS.md => access-control-aclsscals.md} | 4 ++--
 ...ccount-Lockout-Policy.md => account-lockout-policy.md} | 4 ++--
 .../{security/Always-On-VPN.md => always-on-vpn.md}       | 4 ++--
 .../licensing/{security/AppLocker.md => applocker.md}     | 4 ++--
 ...Access-kiosk-mode.md => assigned-access-kiosk-mode.md} | 4 ++--
 ...e-reduction-ASR.md => attack-surface-reduction-asr.md} | 4 ++--
 ...n-and-hybrid-azure-ad-join-with-single-sign-on-sso.md} | 4 ++--
 .../licensing/{security/BitLocker.md => bitlocker.md}     | 4 ++--
 ....md => bluetooth-pairing-and-connection-protection.md} | 4 ++--
 ...ertifications.md => common-criteria-certifications.md} | 4 ++--
 ...olled-folder-access.md => controlled-folder-access.md} | 4 ++--
 ...on-service.md => device-health-attestation-service.md} | 4 ++--
 .../{security/Direct-Access.md => direct-access.md}       | 4 ++--
 ...mail-Encryption-SMIME.md => email-encryption-smime.md} | 4 ++--
 .../Encrypted-hard-drive.md => encrypted-hard-drive.md}   | 4 ++--
 .../Endpoint-Analytics.md => endpoint-analytics.md}       | 4 ++--
 ...d => enhanced-phishing-protection-with-smartscreen.md} | 4 ++--
 .../Exploit-protection.md => exploit-protection.md}       | 4 ++--
 ...-key.md => fast-identity-online-fido2-security-key.md} | 4 ++--
 ...nformation-processing-standard-fips-140-validation.md} | 4 ++--
 .../Federated-sign-in.md => federated-sign-in.md}         | 4 ++--
 ...rotection.md => hardware-enforced-stack-protection.md} | 4 ++--
 ...VCI.md => hypervisor-protected-code-integrity-hvci.md} | 4 ++--
 ...n.md => kernel-direct-memory-access-dma-protection.md} | 4 ++--
 ...lution.md => local-administrator-password-solution.md} | 4 ++--
 ...tion.md => local-security-authority-lsa-protection.md} | 4 ++--
 ...e-by-mobile-device-management-mdm-and-group-policy.md} | 4 ++--
 .../{security/Measured-boot.md => measured-boot.md}       | 4 ++--
 ...ender-Antivirus.md => microsoft-defender-antivirus.md} | 4 ++--
 ...-defender-application-guard-mdag-configure-via-mdm.md} | 4 ++--
 ...for-edge-enterprise-mode-and-enterprise-management.md} | 4 ++--
 ...er-application-guard-mdag-for-edge-standalone-mode.md} | 4 ++--
 ...fender-application-guard-mdag-for-microsoft-office.md} | 4 ++--
 ...rosoft-defender-application-guard-mdag-public-apis.md} | 4 ++--
 ...for-Endpoint.md => microsoft-defender-for-endpoint.md} | 4 ++--
 ...r-SmartScreen.md => microsoft-defender-smartscreen.md} | 4 ++--
 ...rocessor.md => microsoft-pluton-security-processor.md} | 4 ++--
 ...cklist.md => microsoft-vulnerable-driver-blocklist.md} | 4 ++--
 ...on-OWE.md => opportunistic-wireless-encryption-owe.md} | 4 ++--
 ...-encryption-PDE.md => personal-data-encryption-pde.md} | 4 ++--
 ...rivacy-Resource-Usage.md => privacy-resource-usage.md} | 4 ++--
 ...d-Controls.md => privacy-transparency-and-controls.md} | 4 ++--
 ...-Autopilot-reset.md => remote-wipe-autopilot-reset.md} | 4 ++--
 ...nd-Trusted-Boot.md => secure-boot-and-trusted-boot.md} | 4 ++--
 ...uration-lock.md => secured-core-configuration-lock.md} | 4 ++--
 .../{security/Secured-core-PC.md => secured-core-pc.md}   | 4 ++--
 ...s-with-Intune.md => security-baselines-with-intune.md} | 4 ++--
 ...irect.md => server-message-block-direct-smb-direct.md} | 4 ++--
 ...ervice.md => server-message-block-smb-file-service.md} | 4 ++--
 .../Smart-App-Control.md => smart-app-control.md}         | 4 ++--
 ...dows-Service.md => smart-cards-for-windows-service.md} | 4 ++--
 ...s-for-MDE.md => tamper-protection-settings-for-mde.md} | 4 ++--
 ...er-security-TLS.md => transport-layer-security-tls.md} | 4 ++--
 ...Module-TPM-20.md => trusted-platform-module-tpm-20.md} | 4 ++--
 .../{security/Universal-Print.md => universal-print.md}   | 4 ++--
 ...Account-Control-UAC.md => user-account-control-uac.md} | 4 ++--
 ...vate-Network-VPN.md => virtual-private-network-vpn.md} | 4 ++--
 ...curity-VBS.md => virtualization-based-security-vbs.md} | 4 ++--
 .../{security/WiFi-Security.md => wifi-security.md}       | 4 ++--
 .../Windows-Autopatch.md => windows-autopatch.md}         | 4 ++--
 .../Windows-Autopilot.md => windows-autopilot.md}         | 4 ++--
 .../Windows-containers.md => windows-containers.md}       | 4 ++--
 ...AC.md => windows-defender-application-control-wdac.md} | 4 ++--
 ...tial-Guard.md => windows-defender-credential-guard.md} | 4 ++--
 ...ard.md => windows-defender-remote-credential-guard.md} | 4 ++--
 ...r-System-Guard.md => windows-defender-system-guard.md} | 4 ++--
 ...> windows-feature-and-expedite-updates-with-intune.md} | 4 ++--
 .../{security/Windows-Firewall.md => windows-firewall.md} | 4 ++--
 ...s-hello-for-business-enhanced-security-sign-in-ess.md} | 4 ++--
 ...ello-for-Business.md => windows-hello-for-business.md} | 4 ++--
 ...ws-presence-sensing.md => windows-presence-sensing.md} | 4 ++--
 .../{security/Windows-Sandbox.md => windows-sandbox.md}   | 4 ++--
 ...d => windows-security-policy-settings-and-auditing.md} | 4 ++--
 ...ate-for-Business.md => windows-update-for-business.md} | 4 ++--
 77 files changed, 156 insertions(+), 156 deletions(-)
 rename includes/licensing/{security => }/_edition-requirements.md (99%)
 rename includes/licensing/{security => }/_licensing-requirements.md (99%)
 rename includes/licensing/{security/Access-Control-ACLsSCALS.md => access-control-aclsscals.md} (77%)
 rename includes/licensing/{security/Account-Lockout-Policy.md => account-lockout-policy.md} (77%)
 rename includes/licensing/{security/Always-On-VPN.md => always-on-vpn.md} (76%)
 rename includes/licensing/{security/AppLocker.md => applocker.md} (76%)
 rename includes/licensing/{security/Assigned-Access-kiosk-mode.md => assigned-access-kiosk-mode.md} (77%)
 rename includes/licensing/{security/Attack-surface-reduction-ASR.md => attack-surface-reduction-asr.md} (77%)
 rename includes/licensing/{security/Azure-AD-join-Active-Directory-domain-join-and-Hybrid-Azure-AD-join-with-single-sign-on-SSO.md => azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md} (81%)
 rename includes/licensing/{security/BitLocker.md => bitlocker.md} (76%)
 rename includes/licensing/{security/Bluetooth-pairing-and-connection-protection.md => bluetooth-pairing-and-connection-protection.md} (78%)
 rename includes/licensing/{security/Common-Criteria-certifications.md => common-criteria-certifications.md} (77%)
 rename includes/licensing/{security/Controlled-folder-access.md => controlled-folder-access.md} (77%)
 rename includes/licensing/{security/Device-health-attestation-service.md => device-health-attestation-service.md} (78%)
 rename includes/licensing/{security/Direct-Access.md => direct-access.md} (76%)
 rename includes/licensing/{security/Email-Encryption-SMIME.md => email-encryption-smime.md} (77%)
 rename includes/licensing/{security/Encrypted-hard-drive.md => encrypted-hard-drive.md} (77%)
 rename includes/licensing/{security/Endpoint-Analytics.md => endpoint-analytics.md} (77%)
 rename includes/licensing/{security/Enhanced-phishing-protection-with-SmartScreen.md => enhanced-phishing-protection-with-smartscreen.md} (78%)
 rename includes/licensing/{security/Exploit-protection.md => exploit-protection.md} (77%)
 rename includes/licensing/{security/Fast-Identity-Online-FIDO2-security-key.md => fast-identity-online-fido2-security-key.md} (78%)
 rename includes/licensing/{security/Federal-Information-Processing-Standard-FIPS-140-validation.md => federal-information-processing-standard-fips-140-validation.md} (79%)
 rename includes/licensing/{security/Federated-sign-in.md => federated-sign-in.md} (77%)
 rename includes/licensing/{security/Hardware-enforced-stack-protection.md => hardware-enforced-stack-protection.md} (78%)
 rename includes/licensing/{security/Hypervisor-protected-Code-Integrity-HVCI.md => hypervisor-protected-code-integrity-hvci.md} (78%)
 rename includes/licensing/{security/Kernel-Direct-Memory-Access-DMA-protection.md => kernel-direct-memory-access-dma-protection.md} (78%)
 rename includes/licensing/{security/Local-Administrator-Password-Solution.md => local-administrator-password-solution.md} (78%)
 rename includes/licensing/{security/Local-Security-Authority-LSA-Protection.md => local-security-authority-lsa-protection.md} (78%)
 rename includes/licensing/{security/Manage-by-Mobile-Device-Management-MDM-and-group-policy.md => manage-by-mobile-device-management-mdm-and-group-policy.md} (79%)
 rename includes/licensing/{security/Measured-boot.md => measured-boot.md} (76%)
 rename includes/licensing/{security/Microsoft-Defender-Antivirus.md => microsoft-defender-antivirus.md} (77%)
 rename includes/licensing/{security/Microsoft-Defender-Application-Guard-MDAG-configure-via-MDM.md => microsoft-defender-application-guard-mdag-configure-via-mdm.md} (79%)
 rename includes/licensing/{security/Microsoft-Defender-Application-Guard-MDAG-for-Edge-enterprise-mode-and-enterprise-management.md => microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md} (81%)
 rename includes/licensing/{security/Microsoft-Defender-Application-Guard-MDAG-for-Edge-standalone-mode.md => microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md} (79%)
 rename includes/licensing/{security/Microsoft-Defender-Application-Guard-MDAG-for-Microsoft-Office.md => microsoft-defender-application-guard-mdag-for-microsoft-office.md} (79%)
 rename includes/licensing/{security/Microsoft-Defender-Application-Guard-MDAG-public-APIs.md => microsoft-defender-application-guard-mdag-public-apis.md} (79%)
 rename includes/licensing/{security/Microsoft-Defender-for-Endpoint.md => microsoft-defender-for-endpoint.md} (77%)
 rename includes/licensing/{security/Microsoft-Defender-SmartScreen.md => microsoft-defender-smartscreen.md} (77%)
 rename includes/licensing/{security/Microsoft-Pluton-security-processor.md => microsoft-pluton-security-processor.md} (78%)
 rename includes/licensing/{security/Microsoft-Vulnerable-Driver-Blocklist.md => microsoft-vulnerable-driver-blocklist.md} (78%)
 rename includes/licensing/{security/Opportunistic-Wireless-Encryption-OWE.md => opportunistic-wireless-encryption-owe.md} (78%)
 rename includes/licensing/{security/Personal-data-encryption-PDE.md => personal-data-encryption-pde.md} (77%)
 rename includes/licensing/{security/Privacy-Resource-Usage.md => privacy-resource-usage.md} (77%)
 rename includes/licensing/{security/Privacy-Transparency-and-Controls.md => privacy-transparency-and-controls.md} (78%)
 rename includes/licensing/{security/Remote-wipe-Autopilot-reset.md => remote-wipe-autopilot-reset.md} (77%)
 rename includes/licensing/{security/Secure-Boot-and-Trusted-Boot.md => secure-boot-and-trusted-boot.md} (77%)
 rename includes/licensing/{security/Secured-core-configuration-lock.md => secured-core-configuration-lock.md} (78%)
 rename includes/licensing/{security/Secured-core-PC.md => secured-core-pc.md} (77%)
 rename includes/licensing/{security/Security-baselines-with-Intune.md => security-baselines-with-intune.md} (77%)
 rename includes/licensing/{security/Server-Message-Block-Direct-SMB-Direct.md => server-message-block-direct-smb-direct.md} (78%)
 rename includes/licensing/{security/Server-Message-Block-SMB-file-service.md => server-message-block-smb-file-service.md} (78%)
 rename includes/licensing/{security/Smart-App-Control.md => smart-app-control.md} (77%)
 rename includes/licensing/{security/Smart-Cards-for-Windows-Service.md => smart-cards-for-windows-service.md} (78%)
 rename includes/licensing/{security/Tamper-protection-settings-for-MDE.md => tamper-protection-settings-for-mde.md} (78%)
 rename includes/licensing/{security/Transport-layer-security-TLS.md => transport-layer-security-tls.md} (77%)
 rename includes/licensing/{security/Trusted-Platform-Module-TPM-20.md => trusted-platform-module-tpm-20.md} (78%)
 rename includes/licensing/{security/Universal-Print.md => universal-print.md} (77%)
 rename includes/licensing/{security/User-Account-Control-UAC.md => user-account-control-uac.md} (77%)
 rename includes/licensing/{security/Virtual-Private-Network-VPN.md => virtual-private-network-vpn.md} (77%)
 rename includes/licensing/{security/Virtualization-based-security-VBS.md => virtualization-based-security-vbs.md} (78%)
 rename includes/licensing/{security/WiFi-Security.md => wifi-security.md} (76%)
 rename includes/licensing/{security/Windows-Autopatch.md => windows-autopatch.md} (77%)
 rename includes/licensing/{security/Windows-Autopilot.md => windows-autopilot.md} (77%)
 rename includes/licensing/{security/Windows-containers.md => windows-containers.md} (77%)
 rename includes/licensing/{security/Windows-Defender-Application-Control-WDAC.md => windows-defender-application-control-wdac.md} (78%)
 rename includes/licensing/{security/Windows-Defender-Credential-Guard.md => windows-defender-credential-guard.md} (78%)
 rename includes/licensing/{security/Windows-Defender-Remote-Credential-Guard.md => windows-defender-remote-credential-guard.md} (78%)
 rename includes/licensing/{security/Windows-Defender-System-Guard.md => windows-defender-system-guard.md} (77%)
 rename includes/licensing/{security/Windows-feature-and-expedite-updates-with-Intune.md => windows-feature-and-expedite-updates-with-intune.md} (78%)
 rename includes/licensing/{security/Windows-Firewall.md => windows-firewall.md} (77%)
 rename includes/licensing/{security/Windows-Hello-for-Business-Enhanced-Security-Sign-in-ESS.md => windows-hello-for-business-enhanced-security-sign-in-ess.md} (79%)
 rename includes/licensing/{security/Windows-Hello-for-Business.md => windows-hello-for-business.md} (77%)
 rename includes/licensing/{security/Windows-presence-sensing.md => windows-presence-sensing.md} (77%)
 rename includes/licensing/{security/Windows-Sandbox.md => windows-sandbox.md} (77%)
 rename includes/licensing/{security/Windows-Security-policy-settings-and-auditing.md => windows-security-policy-settings-and-auditing.md} (78%)
 rename includes/licensing/{security/Windows-Update-for-Business.md => windows-update-for-business.md} (77%)

diff --git a/education/windows/federated-sign-in.md b/education/windows/federated-sign-in.md
index 6f2f8963c2..b587dca55d 100644
--- a/education/windows/federated-sign-in.md
+++ b/education/windows/federated-sign-in.md
@@ -1,7 +1,7 @@
 ---
 title: Configure federated sign-in for Windows devices
 description: Description of federated sign-in feature for the Education SKUs of Windows 11 and how to configure it via Intune or provisioning packages.
-ms.date: 04/11/2023
+ms.date: 04/24/2023
 ms.topic: how-to
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
@@ -53,11 +53,11 @@ To use federated sign-in, the devices must have Internet access. This feature wo
 > - provisioning packages (PPKG)
 > - Windows Autopilot self-deploying mode
 
-[!INCLUDE [federated-sign-in](../../includes/licensing/security/federated-sign-in.md)]
+[!INCLUDE [federated-sign-in](../../includes/licensing/federated-sign-in.md)]
 
-### System requirements
+## System requirements
 
-Federated sign-in is supported on the following Windows SKUs and versions:
+Federated sign-in is supported on the following Windows editions and versions:
 
 - Windows 11 SE, version 22H2 and later
 - Windows 11 Pro Edu/Education, version 22H2 with [KB5022913][KB-1]
diff --git a/includes/licensing/security/_edition-requirements.md b/includes/licensing/_edition-requirements.md
similarity index 99%
rename from includes/licensing/security/_edition-requirements.md
rename to includes/licensing/_edition-requirements.md
index 545a567d4b..d250f005e9 100644
--- a/includes/licensing/security/_edition-requirements.md
+++ b/includes/licensing/_edition-requirements.md
@@ -1,14 +1,14 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
 The following table lists the security features that are available in Windows, and the Windows editions that support them:
 
 | Feature name | Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education |
-|:---|:---:|:---:|:---:|:---:|
+|:---:|:---:|:---:|:---:|:---:|
 |**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|
 |**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/security/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md
similarity index 99%
rename from includes/licensing/security/_licensing-requirements.md
rename to includes/licensing/_licensing-requirements.md
index 733e73a885..48a9565913 100644
--- a/includes/licensing/security/_licensing-requirements.md
+++ b/includes/licensing/_licensing-requirements.md
@@ -1,14 +1,14 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
 The following table lists the security features that are available in Windows, and the licensing requirements to use them:
 
 |Feature name|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---|:---:|:---:|:---:|:---:|:---:|
+|:---:|:---:|:---:|:---:|:---:|:---:|
 |**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes|
 |**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/security/Access-Control-ACLsSCALS.md b/includes/licensing/access-control-aclsscals.md
similarity index 77%
rename from includes/licensing/security/Access-Control-ACLsSCALS.md
rename to includes/licensing/access-control-aclsscals.md
index 0364fa5804..704b5aa0dc 100644
--- a/includes/licensing/security/Access-Control-ACLsSCALS.md
+++ b/includes/licensing/access-control-aclsscals.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Access Control (ACLs/SCALS) license entitlements are granted by the following li
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Account-Lockout-Policy.md b/includes/licensing/account-lockout-policy.md
similarity index 77%
rename from includes/licensing/security/Account-Lockout-Policy.md
rename to includes/licensing/account-lockout-policy.md
index df33653d30..bafcc9a9dd 100644
--- a/includes/licensing/security/Account-Lockout-Policy.md
+++ b/includes/licensing/account-lockout-policy.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Account Lockout Policy license entitlements are granted by the following license
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Always-On-VPN.md b/includes/licensing/always-on-vpn.md
similarity index 76%
rename from includes/licensing/security/Always-On-VPN.md
rename to includes/licensing/always-on-vpn.md
index 0dc04a9527..3fbcaf2e8d 100644
--- a/includes/licensing/security/Always-On-VPN.md
+++ b/includes/licensing/always-on-vpn.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Always On VPN license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/AppLocker.md b/includes/licensing/applocker.md
similarity index 76%
rename from includes/licensing/security/AppLocker.md
rename to includes/licensing/applocker.md
index ba9a2131d6..c5dc28e7ec 100644
--- a/includes/licensing/security/AppLocker.md
+++ b/includes/licensing/applocker.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ AppLocker license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Assigned-Access-kiosk-mode.md b/includes/licensing/assigned-access-kiosk-mode.md
similarity index 77%
rename from includes/licensing/security/Assigned-Access-kiosk-mode.md
rename to includes/licensing/assigned-access-kiosk-mode.md
index 29e6639e12..b60587b44b 100644
--- a/includes/licensing/security/Assigned-Access-kiosk-mode.md
+++ b/includes/licensing/assigned-access-kiosk-mode.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Assigned Access (kiosk mode) license entitlements are granted by the following l
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Attack-surface-reduction-ASR.md b/includes/licensing/attack-surface-reduction-asr.md
similarity index 77%
rename from includes/licensing/security/Attack-surface-reduction-ASR.md
rename to includes/licensing/attack-surface-reduction-asr.md
index b9fcdbbbec..3cfd8467bf 100644
--- a/includes/licensing/security/Attack-surface-reduction-ASR.md
+++ b/includes/licensing/attack-surface-reduction-asr.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Attack surface reduction (ASR) license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Azure-AD-join-Active-Directory-domain-join-and-Hybrid-Azure-AD-join-with-single-sign-on-SSO.md b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
similarity index 81%
rename from includes/licensing/security/Azure-AD-join-Active-Directory-domain-join-and-Hybrid-Azure-AD-join-with-single-sign-on-SSO.md
rename to includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
index 98caba3406..45aae2ee7a 100644
--- a/includes/licensing/security/Azure-AD-join-Active-Directory-domain-join-and-Hybrid-Azure-AD-join-with-single-sign-on-SSO.md
+++ b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Azure AD join, Active Directory domain join, and Hybrid Azure AD join with singl
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/BitLocker.md b/includes/licensing/bitlocker.md
similarity index 76%
rename from includes/licensing/security/BitLocker.md
rename to includes/licensing/bitlocker.md
index bb61941f20..f3d0d21557 100644
--- a/includes/licensing/security/BitLocker.md
+++ b/includes/licensing/bitlocker.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ BitLocker license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Bluetooth-pairing-and-connection-protection.md b/includes/licensing/bluetooth-pairing-and-connection-protection.md
similarity index 78%
rename from includes/licensing/security/Bluetooth-pairing-and-connection-protection.md
rename to includes/licensing/bluetooth-pairing-and-connection-protection.md
index 452c4e8579..60df6fef19 100644
--- a/includes/licensing/security/Bluetooth-pairing-and-connection-protection.md
+++ b/includes/licensing/bluetooth-pairing-and-connection-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Bluetooth pairing and connection protection license entitlements are granted by
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Common-Criteria-certifications.md b/includes/licensing/common-criteria-certifications.md
similarity index 77%
rename from includes/licensing/security/Common-Criteria-certifications.md
rename to includes/licensing/common-criteria-certifications.md
index fbcc3a78f3..14b48a174b 100644
--- a/includes/licensing/security/Common-Criteria-certifications.md
+++ b/includes/licensing/common-criteria-certifications.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Common Criteria certifications license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Controlled-folder-access.md b/includes/licensing/controlled-folder-access.md
similarity index 77%
rename from includes/licensing/security/Controlled-folder-access.md
rename to includes/licensing/controlled-folder-access.md
index 18accb297d..cc49648e38 100644
--- a/includes/licensing/security/Controlled-folder-access.md
+++ b/includes/licensing/controlled-folder-access.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Controlled folder access license entitlements are granted by the following licen
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Device-health-attestation-service.md b/includes/licensing/device-health-attestation-service.md
similarity index 78%
rename from includes/licensing/security/Device-health-attestation-service.md
rename to includes/licensing/device-health-attestation-service.md
index 385963b2a3..7bf1846bec 100644
--- a/includes/licensing/security/Device-health-attestation-service.md
+++ b/includes/licensing/device-health-attestation-service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Device health attestation service license entitlements are granted by the follow
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Direct-Access.md b/includes/licensing/direct-access.md
similarity index 76%
rename from includes/licensing/security/Direct-Access.md
rename to includes/licensing/direct-access.md
index ba0ab0da50..7e6fe07896 100644
--- a/includes/licensing/security/Direct-Access.md
+++ b/includes/licensing/direct-access.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Direct Access license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |No|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Email-Encryption-SMIME.md b/includes/licensing/email-encryption-smime.md
similarity index 77%
rename from includes/licensing/security/Email-Encryption-SMIME.md
rename to includes/licensing/email-encryption-smime.md
index e73e64f50b..4c9095ff51 100644
--- a/includes/licensing/security/Email-Encryption-SMIME.md
+++ b/includes/licensing/email-encryption-smime.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Email Encryption (S/MIME) license entitlements are granted by the following lice
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Encrypted-hard-drive.md b/includes/licensing/encrypted-hard-drive.md
similarity index 77%
rename from includes/licensing/security/Encrypted-hard-drive.md
rename to includes/licensing/encrypted-hard-drive.md
index 35b83298ce..7534d36dd9 100644
--- a/includes/licensing/security/Encrypted-hard-drive.md
+++ b/includes/licensing/encrypted-hard-drive.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Encrypted hard drive license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Endpoint-Analytics.md b/includes/licensing/endpoint-analytics.md
similarity index 77%
rename from includes/licensing/security/Endpoint-Analytics.md
rename to includes/licensing/endpoint-analytics.md
index 428534c57d..dc6e851ba9 100644
--- a/includes/licensing/security/Endpoint-Analytics.md
+++ b/includes/licensing/endpoint-analytics.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Endpoint Analytics license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Enhanced-phishing-protection-with-SmartScreen.md b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
similarity index 78%
rename from includes/licensing/security/Enhanced-phishing-protection-with-SmartScreen.md
rename to includes/licensing/enhanced-phishing-protection-with-smartscreen.md
index ac0579fb14..bf0b837d8a 100644
--- a/includes/licensing/security/Enhanced-phishing-protection-with-SmartScreen.md
+++ b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Enhanced phishing protection with SmartScreen license entitlements are granted b
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Exploit-protection.md b/includes/licensing/exploit-protection.md
similarity index 77%
rename from includes/licensing/security/Exploit-protection.md
rename to includes/licensing/exploit-protection.md
index 5f38d31dc2..1d7c765c26 100644
--- a/includes/licensing/security/Exploit-protection.md
+++ b/includes/licensing/exploit-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Exploit protection license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Fast-Identity-Online-FIDO2-security-key.md b/includes/licensing/fast-identity-online-fido2-security-key.md
similarity index 78%
rename from includes/licensing/security/Fast-Identity-Online-FIDO2-security-key.md
rename to includes/licensing/fast-identity-online-fido2-security-key.md
index be5c9e5a7f..987af1177a 100644
--- a/includes/licensing/security/Fast-Identity-Online-FIDO2-security-key.md
+++ b/includes/licensing/fast-identity-online-fido2-security-key.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Fast Identity Online (FIDO2) security key license entitlements are granted by th
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Federal-Information-Processing-Standard-FIPS-140-validation.md b/includes/licensing/federal-information-processing-standard-fips-140-validation.md
similarity index 79%
rename from includes/licensing/security/Federal-Information-Processing-Standard-FIPS-140-validation.md
rename to includes/licensing/federal-information-processing-standard-fips-140-validation.md
index c628b32b6f..05a456d4c1 100644
--- a/includes/licensing/security/Federal-Information-Processing-Standard-FIPS-140-validation.md
+++ b/includes/licensing/federal-information-processing-standard-fips-140-validation.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Federal Information Processing Standard (FIPS) 140 validation license entitlemen
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Federated-sign-in.md b/includes/licensing/federated-sign-in.md
similarity index 77%
rename from includes/licensing/security/Federated-sign-in.md
rename to includes/licensing/federated-sign-in.md
index 98e24a8a1c..cdad5469cb 100644
--- a/includes/licensing/security/Federated-sign-in.md
+++ b/includes/licensing/federated-sign-in.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Federated sign-in license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |No|No|No|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Hardware-enforced-stack-protection.md b/includes/licensing/hardware-enforced-stack-protection.md
similarity index 78%
rename from includes/licensing/security/Hardware-enforced-stack-protection.md
rename to includes/licensing/hardware-enforced-stack-protection.md
index e80f671329..bbfaeed1ad 100644
--- a/includes/licensing/security/Hardware-enforced-stack-protection.md
+++ b/includes/licensing/hardware-enforced-stack-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Hardware-enforced stack protection license entitlements are granted by the follo
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Hypervisor-protected-Code-Integrity-HVCI.md b/includes/licensing/hypervisor-protected-code-integrity-hvci.md
similarity index 78%
rename from includes/licensing/security/Hypervisor-protected-Code-Integrity-HVCI.md
rename to includes/licensing/hypervisor-protected-code-integrity-hvci.md
index afc25a3761..bc49edbe6b 100644
--- a/includes/licensing/security/Hypervisor-protected-Code-Integrity-HVCI.md
+++ b/includes/licensing/hypervisor-protected-code-integrity-hvci.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Hypervisor-protected Code Integrity (HVCI) license entitlements are granted by t
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Kernel-Direct-Memory-Access-DMA-protection.md b/includes/licensing/kernel-direct-memory-access-dma-protection.md
similarity index 78%
rename from includes/licensing/security/Kernel-Direct-Memory-Access-DMA-protection.md
rename to includes/licensing/kernel-direct-memory-access-dma-protection.md
index 7616cce432..787eb73309 100644
--- a/includes/licensing/security/Kernel-Direct-Memory-Access-DMA-protection.md
+++ b/includes/licensing/kernel-direct-memory-access-dma-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Kernel Direct Memory Access (DMA) protection license entitlements are granted by
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Local-Administrator-Password-Solution.md b/includes/licensing/local-administrator-password-solution.md
similarity index 78%
rename from includes/licensing/security/Local-Administrator-Password-Solution.md
rename to includes/licensing/local-administrator-password-solution.md
index f2e7e52112..d79edc2723 100644
--- a/includes/licensing/security/Local-Administrator-Password-Solution.md
+++ b/includes/licensing/local-administrator-password-solution.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Local Administrator Password Solution license entitlements are granted by the fo
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Local-Security-Authority-LSA-Protection.md b/includes/licensing/local-security-authority-lsa-protection.md
similarity index 78%
rename from includes/licensing/security/Local-Security-Authority-LSA-Protection.md
rename to includes/licensing/local-security-authority-lsa-protection.md
index 57b8046bab..9ed8145f05 100644
--- a/includes/licensing/security/Local-Security-Authority-LSA-Protection.md
+++ b/includes/licensing/local-security-authority-lsa-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Local Security Authority (LSA) Protection license entitlements are granted by th
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Manage-by-Mobile-Device-Management-MDM-and-group-policy.md b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
similarity index 79%
rename from includes/licensing/security/Manage-by-Mobile-Device-Management-MDM-and-group-policy.md
rename to includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
index 1b35f363cd..8463963509 100644
--- a/includes/licensing/security/Manage-by-Mobile-Device-Management-MDM-and-group-policy.md
+++ b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Manage by Mobile Device Management (MDM) and group policy license entitlements a
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Measured-boot.md b/includes/licensing/measured-boot.md
similarity index 76%
rename from includes/licensing/security/Measured-boot.md
rename to includes/licensing/measured-boot.md
index 3734f132f2..02269cc179 100644
--- a/includes/licensing/security/Measured-boot.md
+++ b/includes/licensing/measured-boot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Measured boot license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Microsoft-Defender-Antivirus.md b/includes/licensing/microsoft-defender-antivirus.md
similarity index 77%
rename from includes/licensing/security/Microsoft-Defender-Antivirus.md
rename to includes/licensing/microsoft-defender-antivirus.md
index fe7c31a35f..a4b9d4fa96 100644
--- a/includes/licensing/security/Microsoft-Defender-Antivirus.md
+++ b/includes/licensing/microsoft-defender-antivirus.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Microsoft Defender Antivirus license entitlements are granted by the following l
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-configure-via-MDM.md b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
similarity index 79%
rename from includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-configure-via-MDM.md
rename to includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
index d8db86399a..b6ee63ae70 100644
--- a/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-configure-via-MDM.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Microsoft Defender Application Guard (MDAG) configure via MDM license entitlemen
 |:---:|:---:|:---:|:---:|:---:|
 |No|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Edge-enterprise-mode-and-enterprise-management.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
similarity index 81%
rename from includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Edge-enterprise-mode-and-enterprise-management.md
rename to includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
index c0a5aad999..b86e777777 100644
--- a/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Edge-enterprise-mode-and-enterprise-management.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterpr
 |:---:|:---:|:---:|:---:|:---:|
 |No|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Edge-standalone-mode.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
similarity index 79%
rename from includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Edge-standalone-mode.md
rename to includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
index f98c67144f..67b3dc3bac 100644
--- a/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Edge-standalone-mode.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Microsoft Defender Application Guard (MDAG) for Edge standalone mode license ent
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Microsoft-Office.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
similarity index 79%
rename from includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Microsoft-Office.md
rename to includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
index be2ed700a1..22d7f0bc39 100644
--- a/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-for-Microsoft-Office.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Microsoft Defender Application Guard (MDAG) for Microsoft Office license entitle
 |:---:|:---:|:---:|:---:|:---:|
 |No|No|No|No|No|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-public-APIs.md b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
similarity index 79%
rename from includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-public-APIs.md
rename to includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
index b18edb8fc7..afb6cfe684 100644
--- a/includes/licensing/security/Microsoft-Defender-Application-Guard-MDAG-public-APIs.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Microsoft Defender Application Guard (MDAG) public APIs license entitlements are
 |:---:|:---:|:---:|:---:|:---:|
 |No|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Microsoft-Defender-for-Endpoint.md b/includes/licensing/microsoft-defender-for-endpoint.md
similarity index 77%
rename from includes/licensing/security/Microsoft-Defender-for-Endpoint.md
rename to includes/licensing/microsoft-defender-for-endpoint.md
index 8858cb9ecf..8c58751525 100644
--- a/includes/licensing/security/Microsoft-Defender-for-Endpoint.md
+++ b/includes/licensing/microsoft-defender-for-endpoint.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Microsoft Defender for Endpoint license entitlements are granted by the followin
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|No|Yes|No|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Microsoft-Defender-SmartScreen.md b/includes/licensing/microsoft-defender-smartscreen.md
similarity index 77%
rename from includes/licensing/security/Microsoft-Defender-SmartScreen.md
rename to includes/licensing/microsoft-defender-smartscreen.md
index ace8bc007a..bc4723b34b 100644
--- a/includes/licensing/security/Microsoft-Defender-SmartScreen.md
+++ b/includes/licensing/microsoft-defender-smartscreen.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Microsoft Defender SmartScreen license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Microsoft-Pluton-security-processor.md b/includes/licensing/microsoft-pluton-security-processor.md
similarity index 78%
rename from includes/licensing/security/Microsoft-Pluton-security-processor.md
rename to includes/licensing/microsoft-pluton-security-processor.md
index f702340492..aac93b3784 100644
--- a/includes/licensing/security/Microsoft-Pluton-security-processor.md
+++ b/includes/licensing/microsoft-pluton-security-processor.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Microsoft Pluton security processor license entitlements are granted by the foll
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Microsoft-Vulnerable-Driver-Blocklist.md b/includes/licensing/microsoft-vulnerable-driver-blocklist.md
similarity index 78%
rename from includes/licensing/security/Microsoft-Vulnerable-Driver-Blocklist.md
rename to includes/licensing/microsoft-vulnerable-driver-blocklist.md
index 9fc3e71120..cad86c5577 100644
--- a/includes/licensing/security/Microsoft-Vulnerable-Driver-Blocklist.md
+++ b/includes/licensing/microsoft-vulnerable-driver-blocklist.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Microsoft Vulnerable Driver Blocklist license entitlements are granted by the fo
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Opportunistic-Wireless-Encryption-OWE.md b/includes/licensing/opportunistic-wireless-encryption-owe.md
similarity index 78%
rename from includes/licensing/security/Opportunistic-Wireless-Encryption-OWE.md
rename to includes/licensing/opportunistic-wireless-encryption-owe.md
index dd25a92e7e..32b8e63c1a 100644
--- a/includes/licensing/security/Opportunistic-Wireless-Encryption-OWE.md
+++ b/includes/licensing/opportunistic-wireless-encryption-owe.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Opportunistic Wireless Encryption (OWE) license entitlements are granted by the
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Personal-data-encryption-PDE.md b/includes/licensing/personal-data-encryption-pde.md
similarity index 77%
rename from includes/licensing/security/Personal-data-encryption-PDE.md
rename to includes/licensing/personal-data-encryption-pde.md
index bfb8905cf0..4da66fc8c8 100644
--- a/includes/licensing/security/Personal-data-encryption-PDE.md
+++ b/includes/licensing/personal-data-encryption-pde.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Personal data encryption (PDE) license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |No|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Privacy-Resource-Usage.md b/includes/licensing/privacy-resource-usage.md
similarity index 77%
rename from includes/licensing/security/Privacy-Resource-Usage.md
rename to includes/licensing/privacy-resource-usage.md
index 2685ed854c..926b33907a 100644
--- a/includes/licensing/security/Privacy-Resource-Usage.md
+++ b/includes/licensing/privacy-resource-usage.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Privacy Resource Usage license entitlements are granted by the following license
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Privacy-Transparency-and-Controls.md b/includes/licensing/privacy-transparency-and-controls.md
similarity index 78%
rename from includes/licensing/security/Privacy-Transparency-and-Controls.md
rename to includes/licensing/privacy-transparency-and-controls.md
index c8e3ecbddb..2b84a4262a 100644
--- a/includes/licensing/security/Privacy-Transparency-and-Controls.md
+++ b/includes/licensing/privacy-transparency-and-controls.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Privacy Transparency and Controls license entitlements are granted by the follow
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Remote-wipe-Autopilot-reset.md b/includes/licensing/remote-wipe-autopilot-reset.md
similarity index 77%
rename from includes/licensing/security/Remote-wipe-Autopilot-reset.md
rename to includes/licensing/remote-wipe-autopilot-reset.md
index 0994f56a85..ef260da96d 100644
--- a/includes/licensing/security/Remote-wipe-Autopilot-reset.md
+++ b/includes/licensing/remote-wipe-autopilot-reset.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Remote wipe (Autopilot reset) license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Secure-Boot-and-Trusted-Boot.md b/includes/licensing/secure-boot-and-trusted-boot.md
similarity index 77%
rename from includes/licensing/security/Secure-Boot-and-Trusted-Boot.md
rename to includes/licensing/secure-boot-and-trusted-boot.md
index 85dc0feba8..2a73f44f39 100644
--- a/includes/licensing/security/Secure-Boot-and-Trusted-Boot.md
+++ b/includes/licensing/secure-boot-and-trusted-boot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Secure Boot and Trusted Boot license entitlements are granted by the following l
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Secured-core-configuration-lock.md b/includes/licensing/secured-core-configuration-lock.md
similarity index 78%
rename from includes/licensing/security/Secured-core-configuration-lock.md
rename to includes/licensing/secured-core-configuration-lock.md
index e64c67ca74..61e443115c 100644
--- a/includes/licensing/security/Secured-core-configuration-lock.md
+++ b/includes/licensing/secured-core-configuration-lock.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Secured-core configuration lock license entitlements are granted by the followin
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Secured-core-PC.md b/includes/licensing/secured-core-pc.md
similarity index 77%
rename from includes/licensing/security/Secured-core-PC.md
rename to includes/licensing/secured-core-pc.md
index c6b3f79578..b8cb91b4b8 100644
--- a/includes/licensing/security/Secured-core-PC.md
+++ b/includes/licensing/secured-core-pc.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Secured-core PC license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Security-baselines-with-Intune.md b/includes/licensing/security-baselines-with-intune.md
similarity index 77%
rename from includes/licensing/security/Security-baselines-with-Intune.md
rename to includes/licensing/security-baselines-with-intune.md
index c2d8d272a6..56bf824d77 100644
--- a/includes/licensing/security/Security-baselines-with-Intune.md
+++ b/includes/licensing/security-baselines-with-intune.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Security baselines with Intune license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Server-Message-Block-Direct-SMB-Direct.md b/includes/licensing/server-message-block-direct-smb-direct.md
similarity index 78%
rename from includes/licensing/security/Server-Message-Block-Direct-SMB-Direct.md
rename to includes/licensing/server-message-block-direct-smb-direct.md
index e1e6dea11a..1d9cf90830 100644
--- a/includes/licensing/security/Server-Message-Block-Direct-SMB-Direct.md
+++ b/includes/licensing/server-message-block-direct-smb-direct.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Server Message Block Direct (SMB Direct) license entitlements are granted by the
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Server-Message-Block-SMB-file-service.md b/includes/licensing/server-message-block-smb-file-service.md
similarity index 78%
rename from includes/licensing/security/Server-Message-Block-SMB-file-service.md
rename to includes/licensing/server-message-block-smb-file-service.md
index d1c3090375..e43140a213 100644
--- a/includes/licensing/security/Server-Message-Block-SMB-file-service.md
+++ b/includes/licensing/server-message-block-smb-file-service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Server Message Block (SMB) file service license entitlements are granted by the
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Smart-App-Control.md b/includes/licensing/smart-app-control.md
similarity index 77%
rename from includes/licensing/security/Smart-App-Control.md
rename to includes/licensing/smart-app-control.md
index 232c73dcb7..e7936151a9 100644
--- a/includes/licensing/security/Smart-App-Control.md
+++ b/includes/licensing/smart-app-control.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Smart App Control license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Smart-Cards-for-Windows-Service.md b/includes/licensing/smart-cards-for-windows-service.md
similarity index 78%
rename from includes/licensing/security/Smart-Cards-for-Windows-Service.md
rename to includes/licensing/smart-cards-for-windows-service.md
index 4f8931fa0c..63a55e3fe7 100644
--- a/includes/licensing/security/Smart-Cards-for-Windows-Service.md
+++ b/includes/licensing/smart-cards-for-windows-service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Smart Cards for Windows Service license entitlements are granted by the followin
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Tamper-protection-settings-for-MDE.md b/includes/licensing/tamper-protection-settings-for-mde.md
similarity index 78%
rename from includes/licensing/security/Tamper-protection-settings-for-MDE.md
rename to includes/licensing/tamper-protection-settings-for-mde.md
index 4d9c90a617..2360237f91 100644
--- a/includes/licensing/security/Tamper-protection-settings-for-MDE.md
+++ b/includes/licensing/tamper-protection-settings-for-mde.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Tamper protection settings for MDE license entitlements are granted by the follo
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Transport-layer-security-TLS.md b/includes/licensing/transport-layer-security-tls.md
similarity index 77%
rename from includes/licensing/security/Transport-layer-security-TLS.md
rename to includes/licensing/transport-layer-security-tls.md
index 862c656964..fac4e27a34 100644
--- a/includes/licensing/security/Transport-layer-security-TLS.md
+++ b/includes/licensing/transport-layer-security-tls.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Transport layer security (TLS) license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Trusted-Platform-Module-TPM-20.md b/includes/licensing/trusted-platform-module-tpm-20.md
similarity index 78%
rename from includes/licensing/security/Trusted-Platform-Module-TPM-20.md
rename to includes/licensing/trusted-platform-module-tpm-20.md
index 6dd2f782e6..1c2698fe69 100644
--- a/includes/licensing/security/Trusted-Platform-Module-TPM-20.md
+++ b/includes/licensing/trusted-platform-module-tpm-20.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Trusted Platform Module (TPM) 2.0 license entitlements are granted by the follow
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Universal-Print.md b/includes/licensing/universal-print.md
similarity index 77%
rename from includes/licensing/security/Universal-Print.md
rename to includes/licensing/universal-print.md
index 8edd1830a1..91d81c256a 100644
--- a/includes/licensing/security/Universal-Print.md
+++ b/includes/licensing/universal-print.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Universal Print license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/User-Account-Control-UAC.md b/includes/licensing/user-account-control-uac.md
similarity index 77%
rename from includes/licensing/security/User-Account-Control-UAC.md
rename to includes/licensing/user-account-control-uac.md
index 887d3a908f..fcebe3a04f 100644
--- a/includes/licensing/security/User-Account-Control-UAC.md
+++ b/includes/licensing/user-account-control-uac.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ User Account Control (UAC) license entitlements are granted by the following lic
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Virtual-Private-Network-VPN.md b/includes/licensing/virtual-private-network-vpn.md
similarity index 77%
rename from includes/licensing/security/Virtual-Private-Network-VPN.md
rename to includes/licensing/virtual-private-network-vpn.md
index 7c00cca450..63c5f759be 100644
--- a/includes/licensing/security/Virtual-Private-Network-VPN.md
+++ b/includes/licensing/virtual-private-network-vpn.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Virtual Private Network (VPN) license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Virtualization-based-security-VBS.md b/includes/licensing/virtualization-based-security-vbs.md
similarity index 78%
rename from includes/licensing/security/Virtualization-based-security-VBS.md
rename to includes/licensing/virtualization-based-security-vbs.md
index 65016d71b3..bf7877eecf 100644
--- a/includes/licensing/security/Virtualization-based-security-VBS.md
+++ b/includes/licensing/virtualization-based-security-vbs.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Virtualization-based security (VBS) license entitlements are granted by the foll
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/WiFi-Security.md b/includes/licensing/wifi-security.md
similarity index 76%
rename from includes/licensing/security/WiFi-Security.md
rename to includes/licensing/wifi-security.md
index 73a23e84a4..60244b96fa 100644
--- a/includes/licensing/security/WiFi-Security.md
+++ b/includes/licensing/wifi-security.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ WiFi Security license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Windows-Autopatch.md b/includes/licensing/windows-autopatch.md
similarity index 77%
rename from includes/licensing/security/Windows-Autopatch.md
rename to includes/licensing/windows-autopatch.md
index 015bbc1455..0aa6b3322b 100644
--- a/includes/licensing/security/Windows-Autopatch.md
+++ b/includes/licensing/windows-autopatch.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Windows Autopatch license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |No|Yes|Yes|No|No|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Windows-Autopilot.md b/includes/licensing/windows-autopilot.md
similarity index 77%
rename from includes/licensing/security/Windows-Autopilot.md
rename to includes/licensing/windows-autopilot.md
index 57ca063e7e..20a4f93681 100644
--- a/includes/licensing/security/Windows-Autopilot.md
+++ b/includes/licensing/windows-autopilot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Windows Autopilot license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Windows-containers.md b/includes/licensing/windows-containers.md
similarity index 77%
rename from includes/licensing/security/Windows-containers.md
rename to includes/licensing/windows-containers.md
index 89c14bb938..65bf288051 100644
--- a/includes/licensing/security/Windows-containers.md
+++ b/includes/licensing/windows-containers.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Windows containers license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Windows-Defender-Application-Control-WDAC.md b/includes/licensing/windows-defender-application-control-wdac.md
similarity index 78%
rename from includes/licensing/security/Windows-Defender-Application-Control-WDAC.md
rename to includes/licensing/windows-defender-application-control-wdac.md
index 197986a72d..c92e8fbb39 100644
--- a/includes/licensing/security/Windows-Defender-Application-Control-WDAC.md
+++ b/includes/licensing/windows-defender-application-control-wdac.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Windows Defender Application Control (WDAC) license entitlements are granted by
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Windows-Defender-Credential-Guard.md b/includes/licensing/windows-defender-credential-guard.md
similarity index 78%
rename from includes/licensing/security/Windows-Defender-Credential-Guard.md
rename to includes/licensing/windows-defender-credential-guard.md
index 122f5a02ba..db77789d7b 100644
--- a/includes/licensing/security/Windows-Defender-Credential-Guard.md
+++ b/includes/licensing/windows-defender-credential-guard.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Windows Defender Credential Guard license entitlements are granted by the follow
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Windows-Defender-Remote-Credential-Guard.md b/includes/licensing/windows-defender-remote-credential-guard.md
similarity index 78%
rename from includes/licensing/security/Windows-Defender-Remote-Credential-Guard.md
rename to includes/licensing/windows-defender-remote-credential-guard.md
index 01fab46e8d..d55ab4048f 100644
--- a/includes/licensing/security/Windows-Defender-Remote-Credential-Guard.md
+++ b/includes/licensing/windows-defender-remote-credential-guard.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Windows Defender Remote Credential Guard license entitlements are granted by the
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Windows-Defender-System-Guard.md b/includes/licensing/windows-defender-system-guard.md
similarity index 77%
rename from includes/licensing/security/Windows-Defender-System-Guard.md
rename to includes/licensing/windows-defender-system-guard.md
index a4b2994d2a..d6f28be164 100644
--- a/includes/licensing/security/Windows-Defender-System-Guard.md
+++ b/includes/licensing/windows-defender-system-guard.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Windows Defender System Guard license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Windows-feature-and-expedite-updates-with-Intune.md b/includes/licensing/windows-feature-and-expedite-updates-with-intune.md
similarity index 78%
rename from includes/licensing/security/Windows-feature-and-expedite-updates-with-Intune.md
rename to includes/licensing/windows-feature-and-expedite-updates-with-intune.md
index 2f213e36ef..f3e01d0e8e 100644
--- a/includes/licensing/security/Windows-feature-and-expedite-updates-with-Intune.md
+++ b/includes/licensing/windows-feature-and-expedite-updates-with-intune.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Windows feature and expedite updates with Intune license entitlements are grante
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Windows-Firewall.md b/includes/licensing/windows-firewall.md
similarity index 77%
rename from includes/licensing/security/Windows-Firewall.md
rename to includes/licensing/windows-firewall.md
index 946a1000ca..2622f2782b 100644
--- a/includes/licensing/security/Windows-Firewall.md
+++ b/includes/licensing/windows-firewall.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Windows Firewall license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Windows-Hello-for-Business-Enhanced-Security-Sign-in-ESS.md b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
similarity index 79%
rename from includes/licensing/security/Windows-Hello-for-Business-Enhanced-Security-Sign-in-ESS.md
rename to includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
index ec3c3e65cc..8121879c76 100644
--- a/includes/licensing/security/Windows-Hello-for-Business-Enhanced-Security-Sign-in-ESS.md
+++ b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Windows Hello for Business Enhanced Security Sign-in (ESS) license entitlements
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Windows-Hello-for-Business.md b/includes/licensing/windows-hello-for-business.md
similarity index 77%
rename from includes/licensing/security/Windows-Hello-for-Business.md
rename to includes/licensing/windows-hello-for-business.md
index ed78c5c3a7..dda17d2fa2 100644
--- a/includes/licensing/security/Windows-Hello-for-Business.md
+++ b/includes/licensing/windows-hello-for-business.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Windows Hello for Business license entitlements are granted by the following lic
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Windows-presence-sensing.md b/includes/licensing/windows-presence-sensing.md
similarity index 77%
rename from includes/licensing/security/Windows-presence-sensing.md
rename to includes/licensing/windows-presence-sensing.md
index 04bdc00300..8989dd23d8 100644
--- a/includes/licensing/security/Windows-presence-sensing.md
+++ b/includes/licensing/windows-presence-sensing.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Windows presence sensing license entitlements are granted by the following licen
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Windows-Sandbox.md b/includes/licensing/windows-sandbox.md
similarity index 77%
rename from includes/licensing/security/Windows-Sandbox.md
rename to includes/licensing/windows-sandbox.md
index 9745ec4edd..ab64cdb816 100644
--- a/includes/licensing/security/Windows-Sandbox.md
+++ b/includes/licensing/windows-sandbox.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Windows Sandbox license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Windows-Security-policy-settings-and-auditing.md b/includes/licensing/windows-security-policy-settings-and-auditing.md
similarity index 78%
rename from includes/licensing/security/Windows-Security-policy-settings-and-auditing.md
rename to includes/licensing/windows-security-policy-settings-and-auditing.md
index ae5e26d298..462d337d74 100644
--- a/includes/licensing/security/Windows-Security-policy-settings-and-auditing.md
+++ b/includes/licensing/windows-security-policy-settings-and-auditing.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Windows Security policy settings and auditing license entitlements are granted b
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
diff --git a/includes/licensing/security/Windows-Update-for-Business.md b/includes/licensing/windows-update-for-business.md
similarity index 77%
rename from includes/licensing/security/Windows-Update-for-Business.md
rename to includes/licensing/windows-update-for-business.md
index 0b154d8618..5cfa8990d0 100644
--- a/includes/licensing/security/Windows-Update-for-Business.md
+++ b/includes/licensing/windows-update-for-business.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/21/2023
+ms.date: 04/24/2023
 ms.topic: include
 ---
 
@@ -19,4 +19,4 @@ Windows Update for Business license entitlements are granted by the following li
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows 11 licensing overview](https://learn.microsoft.com).
+For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).

From 6017c492bea8ef92b25410c66e7a370ba919bae0 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 24 Apr 2023 08:28:14 -0400
Subject: [PATCH 007/107] updates

---
 windows/whats-new/windows-licensing.md | 57 +++++++++++++++-----------
 1 file changed, 32 insertions(+), 25 deletions(-)

diff --git a/windows/whats-new/windows-licensing.md b/windows/whats-new/windows-licensing.md
index e14bbefe13..2543add9a9 100644
--- a/windows/whats-new/windows-licensing.md
+++ b/windows/whats-new/windows-licensing.md
@@ -1,39 +1,37 @@
 ---
-title: Windows 11 commercial licensing overview
-description: Learn about licensing requirements to use the features included in the Windows operating system.
+title: Windows commercial licensing overview
+description: Learn about products and use rights available through Windows commercial licensing.
 ms.prod: windows-client
 author: paolomatarazzo
 ms.author: paoloma
 manager: aaroncz
 ms.collection:
-- tier3
+- tier2
 ms.topic: conceptual
-ms.date: 03/12/2023
+ms.date: 04/24/2023
 appliesto:
 - ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 ms.technology: itpro-security
 ---
 
-# Windows 11 commercial licensing overview
+# Windows commercial licensing overview
 
-Microsoft Commercial Licensing solutions provide the most flexible and cost-effective way to give your organization access to the latest Windows Desktop technologies. Whether you want to upgrade your devices to Windows 11, gain access to exclusive offerings such as Windows 11 Enterprise edition, or use Windows with greater flexibility, there's a Commercial Licensing option that's right for your organization. 
-
-This document provides an overview of the products and use rights available through Commercial Licensing, information about the products that are eligible for upgrades, and the key choices you have for using Windows in your organization.
+This document provides an overview of the products and use rights available through commercial licensing, information about the products that are eligible for upgrades, and the key choices you have for using Windows in your organization.
 
 > [!NOTE]
-> This content is not meant to replace or override other licensing documentation, such as the Windows 11 End User License Agreement or Commercial Licensing Product Terms.
+> This content is not meant to replace or override other licensing documentation, such as the Windows 11 End User License Agreement or [Commercial Licensing Product Terms](http://www.microsoft.com/licensing/product-licensing/products.aspx).
 
-## Windows 11 editions 
+## Windows 11 editions
 
-There's an edition of Windows software designed to meet the needs of every organization, from a small, growing business to a multinational enterprise. The following table lists the editions of Windows 11 available through each Microsoft distribution channel.
+The following table lists the editions of Windows 11 available through each Microsoft distribution channel.
 
 | Full Packaged Product (Retail) | Preinstalled on device (OEM)|Commercial Licensing|
 |-|-|-|
-|Windows 11 Pro <br>Windows 11 Home|Windows 11 Pro<br>Windows 11 Home|Windows 11 Pro<br>Windows 11 Enterprise <br>Windows 11 Enterprise LTSC|
+|Windows 11 Home<br>Windows 11 Pro|Windows 11 Home<br>Windows 11 Pro|Windows 11 Pro<br>Windows 11 Enterprise <br>Windows 11 Enterprise LTSC|
 
 ## Windows desktop offerings available through Commercial Licensing
 
-The following offerings are available for purchase through Microsoft Commercial Licensing:
+The following offerings are available for purchase through [Microsoft Commercial Licensing](https://www.microsoft.com/licensing):
 
 |Product|Description|
 |-|-|
@@ -43,29 +41,38 @@ The following offerings are available for purchase through Microsoft Commercial
 |Windows 10 Enterprise LTSC |Windows 10 Enterprise LTSC is designed for PC systems that have strict change-management policies with only security and critical bug fixes. By using a Long-Term Servicing Channel edition, you can apply monthly Windows 10 security updates for specialized devices while holding back new-feature updates for an extended period of time, up to 5 years. Windows Enterprise LTSC is available in the per user or per device model depending on the Volume Licensing program through witch it is acquired|
 |Windows Virtual Desktop Access (VDA) Subscription License|The Windows VDA subscription license provides the right to access virtual Windows desktop environments from devices that aren't covered by a Commercial Licensing offer that includes VDA rights, such as thin clients. Windows VDA is available on a per device or per user basis|
 
+## Windows 11 Pro Upgrade license
+
+Windows 11 Pro is designed for small and medium businesses. Windows 11 Pro enables you to manage your devices and apps, protect your business data, facilitate remote and mobile scenarios, and take advantage of the cloud technologies for your organization.
+
+The Windows 11 Pro Upgrade license is recommended if you want to:
+
+- Upgrade a Windows 10 Pro device to Windows 11 Pro
+- Upgrade Windows 7/8/8.1 Pro devices to Windows 10 Pro  
+
 ## Windows 11 Enterprise
 
-There are two core Windows 11 Enterprise offers: **Windows 11 Enterprise E3** and **Windows 11 Enterprise E5**. Each of these can be purchased on a **per-user basis**, and are available only through **Commercial Licensing**, including the **Cloud Solution Provider** program. For more details about Windows Enterprise, see [per device check out this section of this guide](*TO ADD*)
+There are two core Windows 11 Enterprise offers: **Windows 11 Enterprise E3** and **Windows 11 Enterprise E5**. Each of these can be purchased on a **per-user basis**, and are available only through **Commercial Licensing**, including the **Cloud Solution Provider** program. For details about Windows Enterprise per device, see [per device check out this section of this guide](*TO ADD*)
 
 ### Windows 11 Enterprise E3
 
-Windows 11 Enterprise E3 is a per-user subscription, intended for organizations. It includes **Windows Enterprise edition** with cloud-powered capabilities and subscription use rights.
-Windows 11 Enterprise E3 builds on Windows 11 Pro by adding more advanced features designed to address the needs of large and mid-size organizations. Examples include advanced protection against modern security threats, the broadest range of options for operating system deployment and update, and comprehensive device and app management. Organizations with devices running Windows 11 Enterprise will can take advantage of the latest security and feature updates on an ongoing basis, while having the ability to choose the pace at which they adopt new technology.
+Windows 11 Enterprise E3 builds on Windows 11 Pro by adding more advanced features designed to address the needs of large and mid-size organizations. Examples include advanced protection against modern security threats, the broadest range of options for operating system deployment and update, and comprehensive device and app management.
 
 Windows 11 Enterprise E3 is usually licensed through Volume Licensing programs and is an upgrade from Windows Pro.
 
 ### Windows 11 Enterprise E3 OS features
 
-With Windows 11 Enterprise E3, you can take advantage of the following OS features:
+Here's an overview of the unique Windows Enterprise edition features, cloud powered capabilities, and use rights.
 
-| OS feature | Description |
+| Windows Enterprise edition OS based functionality | Description |
 |-|-|
-|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard-requirements)**|Protects against user credential harvesting and pass-the-hash attacks or pass the token attacks, enabled by default|
-|**Managed Microsoft Defender Application Guard for Microsoft Edge**| Isolates enterprise-defined untrusted sites with virtualization-based security from Windows, protecting your company while employees browse the Internet|
-|**Personal Data Encryption**|Encrypts individual's content using Windows Hello for Business to link the encryption keys to user credentials|
-|**Direct Access & Always-On VPN device tunnel**|Connect remote users to the organization network without the need for traditional VPN connections with DirectAccess or benefit from advanced security capabilities to restrict the type of traffic and which applications can use the VPN connection with Always-On VPN (device tunnel)|
-|**Application Management GPOs**|Prevents unverified apps from executing and endangering your safe zone|
-|**Windows UI customization (CSP)**|Locks down the user experience of frontline workers devices or public kiosks|
+|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard-requirements)**|Protects against user credential harvesting and pass-the-hash attacks or pass the token attacks.|
+|**[Managed Microsoft Defender Application Guard for Microsoft Edge](https://learn.microsoft.com/deployedge/microsoft-edge-security-windows-defender-application-guard)**| Isolates enterprise-defined untrusted sites with virtualization-based security from Windows, protecting your organization while users browse the Internet.|
+|**[Modern BitLocker Management](https://learn.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview)** | Allows you to eliminate on-premises tools to monitor and support BitLocker recovery scenarios. |  
+|**[Personal Data Encryption](https://learn.microsoft.com/windows/security/information-protection/personal-data-encryption/overview-pde)**|Encrypts individual's content using Windows Hello for Business to link the encryption keys to user credentials.|
+|**[Direct Access](https://learn.microsoft.com/windows-server/remote/remote-access/directaccess/directaccess)**|Connect remote users to the organization network without the need for traditional VPN connections.|
+|**[Always-On VPN device tunnel](https://learn.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Benefit from advanced security capabilities to restrict the type of traffic and which applications can use the VPN connection with Always-On VPN device tunnel.|
+|**[Windows UI customization (CSP)](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience)**|Locks down the user experience of frontline workers devices or public kiosks.|
 
 ### Windows 11 Enterprise E3 cloud services
 
@@ -73,7 +80,7 @@ With Windows 11 Enterprise E3, you can take advantage of the following cloud ser
 
 |Cloud-based service | Description |
 |-|-|
-|**Cloud-based BitLocker Management**|Allows you to eliminate on-premises tools to trigger, monitor and support recovery scenarios|
+|**Cloud-based BitLocker Management**|Allows you to eliminate on-premises tools to monitor and support recovery scenarios|
 |**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**|Enables you to *step-up* from **Windows Pro edition** to **Enterprise edition** in an instant. You can eliminate license key management or deployment of Enterprise edition images|
 |**[Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview)**|Cloud service that puts Microsoft in control of automating updates to Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams|
 |**[Windows Update For Business deployment service](/windows/deployment/update/deployment-service-overview)**|This cloud service gives you the control over the approval, scheduling, and safeguarding of quality, feature upgrades, and driver updates delivered from Windows Update|

From 9f1b5376f3e22380f6b7ddc244b8e29ce551fb45 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 24 Apr 2023 09:06:58 -0400
Subject: [PATCH 008/107] updates

---
 includes/licensing/access-control-aclsscals.md       |  2 +-
 includes/licensing/account-lockout-policy.md         |  2 +-
 includes/licensing/always-on-vpn.md                  |  2 +-
 includes/licensing/applocker.md                      |  2 +-
 includes/licensing/assigned-access-kiosk-mode.md     |  2 +-
 includes/licensing/attack-surface-reduction-asr.md   |  2 +-
 ...d-hybrid-azure-ad-join-with-single-sign-on-sso.md |  2 +-
 includes/licensing/bitlocker.md                      |  2 +-
 .../bluetooth-pairing-and-connection-protection.md   |  2 +-
 includes/licensing/common-criteria-certifications.md |  2 +-
 includes/licensing/controlled-folder-access.md       |  2 +-
 .../licensing/device-health-attestation-service.md   |  2 +-
 includes/licensing/direct-access.md                  |  2 +-
 includes/licensing/email-encryption-smime.md         |  2 +-
 includes/licensing/encrypted-hard-drive.md           |  2 +-
 includes/licensing/endpoint-analytics.md             |  2 +-
 .../enhanced-phishing-protection-with-smartscreen.md |  2 +-
 includes/licensing/exploit-protection.md             |  2 +-
 .../fast-identity-online-fido2-security-key.md       |  2 +-
 ...mation-processing-standard-fips-140-validation.md |  2 +-
 includes/licensing/federated-sign-in.md              |  2 +-
 .../licensing/hardware-enforced-stack-protection.md  |  2 +-
 .../hypervisor-protected-code-integrity-hvci.md      |  2 +-
 .../kernel-direct-memory-access-dma-protection.md    |  2 +-
 .../local-administrator-password-solution.md         |  2 +-
 .../local-security-authority-lsa-protection.md       |  2 +-
 ...-mobile-device-management-mdm-and-group-policy.md |  2 +-
 includes/licensing/measured-boot.md                  |  2 +-
 includes/licensing/microsoft-defender-antivirus.md   |  2 +-
 ...ender-application-guard-mdag-configure-via-mdm.md |  2 +-
 ...edge-enterprise-mode-and-enterprise-management.md |  2 +-
 ...pplication-guard-mdag-for-edge-standalone-mode.md |  2 +-
 ...er-application-guard-mdag-for-microsoft-office.md |  2 +-
 ...ft-defender-application-guard-mdag-public-apis.md |  2 +-
 .../licensing/microsoft-defender-for-endpoint.md     |  2 +-
 includes/licensing/microsoft-defender-smartscreen.md |  2 +-
 .../licensing/microsoft-pluton-security-processor.md |  2 +-
 .../microsoft-vulnerable-driver-blocklist.md         |  2 +-
 .../opportunistic-wireless-encryption-owe.md         |  2 +-
 includes/licensing/personal-data-encryption-pde.md   |  2 +-
 includes/licensing/privacy-resource-usage.md         |  2 +-
 .../licensing/privacy-transparency-and-controls.md   |  2 +-
 includes/licensing/remote-wipe-autopilot-reset.md    |  2 +-
 includes/licensing/secure-boot-and-trusted-boot.md   |  2 +-
 .../licensing/secured-core-configuration-lock.md     |  2 +-
 includes/licensing/secured-core-pc.md                |  2 +-
 includes/licensing/security-baselines-with-intune.md |  2 +-
 .../server-message-block-direct-smb-direct.md        |  2 +-
 .../server-message-block-smb-file-service.md         |  2 +-
 includes/licensing/smart-app-control.md              |  2 +-
 .../licensing/smart-cards-for-windows-service.md     |  2 +-
 .../licensing/tamper-protection-settings-for-mde.md  |  2 +-
 includes/licensing/transport-layer-security-tls.md   |  2 +-
 includes/licensing/trusted-platform-module-tpm-20.md |  2 +-
 includes/licensing/universal-print.md                |  2 +-
 includes/licensing/user-account-control-uac.md       |  2 +-
 includes/licensing/virtual-private-network-vpn.md    |  2 +-
 .../licensing/virtualization-based-security-vbs.md   |  2 +-
 includes/licensing/wifi-security.md                  |  2 +-
 includes/licensing/windows-autopatch.md              |  2 +-
 includes/licensing/windows-autopilot.md              |  2 +-
 includes/licensing/windows-containers.md             |  2 +-
 .../windows-defender-application-control-wdac.md     |  2 +-
 .../licensing/windows-defender-credential-guard.md   |  2 +-
 .../windows-defender-remote-credential-guard.md      |  2 +-
 includes/licensing/windows-defender-system-guard.md  |  2 +-
 ...ndows-feature-and-expedite-updates-with-intune.md |  2 +-
 includes/licensing/windows-firewall.md               |  2 +-
 ...llo-for-business-enhanced-security-sign-in-ess.md |  2 +-
 includes/licensing/windows-hello-for-business.md     |  2 +-
 includes/licensing/windows-presence-sensing.md       |  2 +-
 includes/licensing/windows-sandbox.md                |  2 +-
 .../windows-security-policy-settings-and-auditing.md |  2 +-
 includes/licensing/windows-update-for-business.md    |  2 +-
 windows/security/TOC.yml                             | 12 ++++++++++--
 .../hello-for-business/hello-overview.md             |  8 ++++----
 windows/security/introduction/chip-to-cloud.svg      |  3 ---
 .../security-features-edition-requirements.md        |  2 +-
 .../security-features-licensing-requirements.md      |  4 ++--
 79 files changed, 91 insertions(+), 86 deletions(-)
 delete mode 100644 windows/security/introduction/chip-to-cloud.svg

diff --git a/includes/licensing/access-control-aclsscals.md b/includes/licensing/access-control-aclsscals.md
index 704b5aa0dc..1e7eb6a0db 100644
--- a/includes/licensing/access-control-aclsscals.md
+++ b/includes/licensing/access-control-aclsscals.md
@@ -19,4 +19,4 @@ Access Control (ACLs/SCALS) license entitlements are granted by the following li
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/account-lockout-policy.md b/includes/licensing/account-lockout-policy.md
index bafcc9a9dd..12dcc49ff8 100644
--- a/includes/licensing/account-lockout-policy.md
+++ b/includes/licensing/account-lockout-policy.md
@@ -19,4 +19,4 @@ Account Lockout Policy license entitlements are granted by the following license
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/always-on-vpn.md b/includes/licensing/always-on-vpn.md
index 3fbcaf2e8d..2b8f7aee3b 100644
--- a/includes/licensing/always-on-vpn.md
+++ b/includes/licensing/always-on-vpn.md
@@ -19,4 +19,4 @@ Always On VPN license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/applocker.md b/includes/licensing/applocker.md
index c5dc28e7ec..be5b604415 100644
--- a/includes/licensing/applocker.md
+++ b/includes/licensing/applocker.md
@@ -19,4 +19,4 @@ AppLocker license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/assigned-access-kiosk-mode.md b/includes/licensing/assigned-access-kiosk-mode.md
index b60587b44b..5f14b61a00 100644
--- a/includes/licensing/assigned-access-kiosk-mode.md
+++ b/includes/licensing/assigned-access-kiosk-mode.md
@@ -19,4 +19,4 @@ Assigned Access (kiosk mode) license entitlements are granted by the following l
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/attack-surface-reduction-asr.md b/includes/licensing/attack-surface-reduction-asr.md
index 3cfd8467bf..0e3933d81d 100644
--- a/includes/licensing/attack-surface-reduction-asr.md
+++ b/includes/licensing/attack-surface-reduction-asr.md
@@ -19,4 +19,4 @@ Attack surface reduction (ASR) license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
index 45aae2ee7a..e13b6a640a 100644
--- a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
+++ b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
@@ -19,4 +19,4 @@ Azure AD join, Active Directory domain join, and Hybrid Azure AD join with singl
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/bitlocker.md b/includes/licensing/bitlocker.md
index f3d0d21557..9bf2d9c6d7 100644
--- a/includes/licensing/bitlocker.md
+++ b/includes/licensing/bitlocker.md
@@ -19,4 +19,4 @@ BitLocker license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/bluetooth-pairing-and-connection-protection.md b/includes/licensing/bluetooth-pairing-and-connection-protection.md
index 60df6fef19..06958f780c 100644
--- a/includes/licensing/bluetooth-pairing-and-connection-protection.md
+++ b/includes/licensing/bluetooth-pairing-and-connection-protection.md
@@ -19,4 +19,4 @@ Bluetooth pairing and connection protection license entitlements are granted by
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/common-criteria-certifications.md b/includes/licensing/common-criteria-certifications.md
index 14b48a174b..e53d1744e5 100644
--- a/includes/licensing/common-criteria-certifications.md
+++ b/includes/licensing/common-criteria-certifications.md
@@ -19,4 +19,4 @@ Common Criteria certifications license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/controlled-folder-access.md b/includes/licensing/controlled-folder-access.md
index cc49648e38..b6be3c1f48 100644
--- a/includes/licensing/controlled-folder-access.md
+++ b/includes/licensing/controlled-folder-access.md
@@ -19,4 +19,4 @@ Controlled folder access license entitlements are granted by the following licen
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/device-health-attestation-service.md b/includes/licensing/device-health-attestation-service.md
index 7bf1846bec..1c6e31f416 100644
--- a/includes/licensing/device-health-attestation-service.md
+++ b/includes/licensing/device-health-attestation-service.md
@@ -19,4 +19,4 @@ Device health attestation service license entitlements are granted by the follow
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/direct-access.md b/includes/licensing/direct-access.md
index 7e6fe07896..b8fc0e111b 100644
--- a/includes/licensing/direct-access.md
+++ b/includes/licensing/direct-access.md
@@ -19,4 +19,4 @@ Direct Access license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |No|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/email-encryption-smime.md b/includes/licensing/email-encryption-smime.md
index 4c9095ff51..28a80e6a6f 100644
--- a/includes/licensing/email-encryption-smime.md
+++ b/includes/licensing/email-encryption-smime.md
@@ -19,4 +19,4 @@ Email Encryption (S/MIME) license entitlements are granted by the following lice
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/encrypted-hard-drive.md b/includes/licensing/encrypted-hard-drive.md
index 7534d36dd9..c27a213efe 100644
--- a/includes/licensing/encrypted-hard-drive.md
+++ b/includes/licensing/encrypted-hard-drive.md
@@ -19,4 +19,4 @@ Encrypted hard drive license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/endpoint-analytics.md b/includes/licensing/endpoint-analytics.md
index dc6e851ba9..a48f4aa305 100644
--- a/includes/licensing/endpoint-analytics.md
+++ b/includes/licensing/endpoint-analytics.md
@@ -19,4 +19,4 @@ Endpoint Analytics license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
index bf0b837d8a..f2ab4fadb5 100644
--- a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
+++ b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
@@ -19,4 +19,4 @@ Enhanced phishing protection with SmartScreen license entitlements are granted b
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/exploit-protection.md b/includes/licensing/exploit-protection.md
index 1d7c765c26..6c3097eed1 100644
--- a/includes/licensing/exploit-protection.md
+++ b/includes/licensing/exploit-protection.md
@@ -19,4 +19,4 @@ Exploit protection license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/fast-identity-online-fido2-security-key.md b/includes/licensing/fast-identity-online-fido2-security-key.md
index 987af1177a..f9ab563138 100644
--- a/includes/licensing/fast-identity-online-fido2-security-key.md
+++ b/includes/licensing/fast-identity-online-fido2-security-key.md
@@ -19,4 +19,4 @@ Fast Identity Online (FIDO2) security key license entitlements are granted by th
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/federal-information-processing-standard-fips-140-validation.md b/includes/licensing/federal-information-processing-standard-fips-140-validation.md
index 05a456d4c1..6d0fe1073e 100644
--- a/includes/licensing/federal-information-processing-standard-fips-140-validation.md
+++ b/includes/licensing/federal-information-processing-standard-fips-140-validation.md
@@ -19,4 +19,4 @@ Federal Information Processing Standard (FIPS) 140 validation license entitlemen
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md
index cdad5469cb..c7fae240e9 100644
--- a/includes/licensing/federated-sign-in.md
+++ b/includes/licensing/federated-sign-in.md
@@ -19,4 +19,4 @@ Federated sign-in license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |No|No|No|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/hardware-enforced-stack-protection.md b/includes/licensing/hardware-enforced-stack-protection.md
index bbfaeed1ad..03b7d58bec 100644
--- a/includes/licensing/hardware-enforced-stack-protection.md
+++ b/includes/licensing/hardware-enforced-stack-protection.md
@@ -19,4 +19,4 @@ Hardware-enforced stack protection license entitlements are granted by the follo
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/hypervisor-protected-code-integrity-hvci.md b/includes/licensing/hypervisor-protected-code-integrity-hvci.md
index bc49edbe6b..54ba02daf3 100644
--- a/includes/licensing/hypervisor-protected-code-integrity-hvci.md
+++ b/includes/licensing/hypervisor-protected-code-integrity-hvci.md
@@ -19,4 +19,4 @@ Hypervisor-protected Code Integrity (HVCI) license entitlements are granted by t
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/kernel-direct-memory-access-dma-protection.md b/includes/licensing/kernel-direct-memory-access-dma-protection.md
index 787eb73309..144db7a0e2 100644
--- a/includes/licensing/kernel-direct-memory-access-dma-protection.md
+++ b/includes/licensing/kernel-direct-memory-access-dma-protection.md
@@ -19,4 +19,4 @@ Kernel Direct Memory Access (DMA) protection license entitlements are granted by
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/local-administrator-password-solution.md b/includes/licensing/local-administrator-password-solution.md
index d79edc2723..e3722c8252 100644
--- a/includes/licensing/local-administrator-password-solution.md
+++ b/includes/licensing/local-administrator-password-solution.md
@@ -19,4 +19,4 @@ Local Administrator Password Solution license entitlements are granted by the fo
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/local-security-authority-lsa-protection.md b/includes/licensing/local-security-authority-lsa-protection.md
index 9ed8145f05..0f79870132 100644
--- a/includes/licensing/local-security-authority-lsa-protection.md
+++ b/includes/licensing/local-security-authority-lsa-protection.md
@@ -19,4 +19,4 @@ Local Security Authority (LSA) Protection license entitlements are granted by th
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
index 8463963509..4701881ed3 100644
--- a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
+++ b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
@@ -19,4 +19,4 @@ Manage by Mobile Device Management (MDM) and group policy license entitlements a
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/measured-boot.md b/includes/licensing/measured-boot.md
index 02269cc179..94b7d51eba 100644
--- a/includes/licensing/measured-boot.md
+++ b/includes/licensing/measured-boot.md
@@ -19,4 +19,4 @@ Measured boot license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-antivirus.md b/includes/licensing/microsoft-defender-antivirus.md
index a4b9d4fa96..28524e3540 100644
--- a/includes/licensing/microsoft-defender-antivirus.md
+++ b/includes/licensing/microsoft-defender-antivirus.md
@@ -19,4 +19,4 @@ Microsoft Defender Antivirus license entitlements are granted by the following l
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
index b6ee63ae70..7e96c9d671 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
@@ -19,4 +19,4 @@ Microsoft Defender Application Guard (MDAG) configure via MDM license entitlemen
 |:---:|:---:|:---:|:---:|:---:|
 |No|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
index b86e777777..ce29877baf 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
@@ -19,4 +19,4 @@ Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterpr
 |:---:|:---:|:---:|:---:|:---:|
 |No|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
index 67b3dc3bac..610e7bb63a 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
@@ -19,4 +19,4 @@ Microsoft Defender Application Guard (MDAG) for Edge standalone mode license ent
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
index 22d7f0bc39..472914659e 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
@@ -19,4 +19,4 @@ Microsoft Defender Application Guard (MDAG) for Microsoft Office license entitle
 |:---:|:---:|:---:|:---:|:---:|
 |No|No|No|No|No|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
index afb6cfe684..a80d9499b3 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
@@ -19,4 +19,4 @@ Microsoft Defender Application Guard (MDAG) public APIs license entitlements are
 |:---:|:---:|:---:|:---:|:---:|
 |No|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-for-endpoint.md b/includes/licensing/microsoft-defender-for-endpoint.md
index 8c58751525..a1e6da35dc 100644
--- a/includes/licensing/microsoft-defender-for-endpoint.md
+++ b/includes/licensing/microsoft-defender-for-endpoint.md
@@ -19,4 +19,4 @@ Microsoft Defender for Endpoint license entitlements are granted by the followin
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|No|Yes|No|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-smartscreen.md b/includes/licensing/microsoft-defender-smartscreen.md
index bc4723b34b..ec626ac07a 100644
--- a/includes/licensing/microsoft-defender-smartscreen.md
+++ b/includes/licensing/microsoft-defender-smartscreen.md
@@ -19,4 +19,4 @@ Microsoft Defender SmartScreen license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-pluton-security-processor.md b/includes/licensing/microsoft-pluton-security-processor.md
index aac93b3784..58bc9363a0 100644
--- a/includes/licensing/microsoft-pluton-security-processor.md
+++ b/includes/licensing/microsoft-pluton-security-processor.md
@@ -19,4 +19,4 @@ Microsoft Pluton security processor license entitlements are granted by the foll
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-vulnerable-driver-blocklist.md b/includes/licensing/microsoft-vulnerable-driver-blocklist.md
index cad86c5577..2dcc3fb136 100644
--- a/includes/licensing/microsoft-vulnerable-driver-blocklist.md
+++ b/includes/licensing/microsoft-vulnerable-driver-blocklist.md
@@ -19,4 +19,4 @@ Microsoft Vulnerable Driver Blocklist license entitlements are granted by the fo
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/opportunistic-wireless-encryption-owe.md b/includes/licensing/opportunistic-wireless-encryption-owe.md
index 32b8e63c1a..b2919a0d31 100644
--- a/includes/licensing/opportunistic-wireless-encryption-owe.md
+++ b/includes/licensing/opportunistic-wireless-encryption-owe.md
@@ -19,4 +19,4 @@ Opportunistic Wireless Encryption (OWE) license entitlements are granted by the
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/personal-data-encryption-pde.md b/includes/licensing/personal-data-encryption-pde.md
index 4da66fc8c8..f8cf940fc8 100644
--- a/includes/licensing/personal-data-encryption-pde.md
+++ b/includes/licensing/personal-data-encryption-pde.md
@@ -19,4 +19,4 @@ Personal data encryption (PDE) license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |No|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/privacy-resource-usage.md b/includes/licensing/privacy-resource-usage.md
index 926b33907a..6ee4c2b844 100644
--- a/includes/licensing/privacy-resource-usage.md
+++ b/includes/licensing/privacy-resource-usage.md
@@ -19,4 +19,4 @@ Privacy Resource Usage license entitlements are granted by the following license
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/privacy-transparency-and-controls.md b/includes/licensing/privacy-transparency-and-controls.md
index 2b84a4262a..4a1ea93b6f 100644
--- a/includes/licensing/privacy-transparency-and-controls.md
+++ b/includes/licensing/privacy-transparency-and-controls.md
@@ -19,4 +19,4 @@ Privacy Transparency and Controls license entitlements are granted by the follow
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/remote-wipe-autopilot-reset.md b/includes/licensing/remote-wipe-autopilot-reset.md
index ef260da96d..7448bbca80 100644
--- a/includes/licensing/remote-wipe-autopilot-reset.md
+++ b/includes/licensing/remote-wipe-autopilot-reset.md
@@ -19,4 +19,4 @@ Remote wipe (Autopilot reset) license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/secure-boot-and-trusted-boot.md b/includes/licensing/secure-boot-and-trusted-boot.md
index 2a73f44f39..66486b3820 100644
--- a/includes/licensing/secure-boot-and-trusted-boot.md
+++ b/includes/licensing/secure-boot-and-trusted-boot.md
@@ -19,4 +19,4 @@ Secure Boot and Trusted Boot license entitlements are granted by the following l
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/secured-core-configuration-lock.md b/includes/licensing/secured-core-configuration-lock.md
index 61e443115c..1bf49404f9 100644
--- a/includes/licensing/secured-core-configuration-lock.md
+++ b/includes/licensing/secured-core-configuration-lock.md
@@ -19,4 +19,4 @@ Secured-core configuration lock license entitlements are granted by the followin
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/secured-core-pc.md b/includes/licensing/secured-core-pc.md
index b8cb91b4b8..49111cf0e9 100644
--- a/includes/licensing/secured-core-pc.md
+++ b/includes/licensing/secured-core-pc.md
@@ -19,4 +19,4 @@ Secured-core PC license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/security-baselines-with-intune.md b/includes/licensing/security-baselines-with-intune.md
index 56bf824d77..d1bbd124cd 100644
--- a/includes/licensing/security-baselines-with-intune.md
+++ b/includes/licensing/security-baselines-with-intune.md
@@ -19,4 +19,4 @@ Security baselines with Intune license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/server-message-block-direct-smb-direct.md b/includes/licensing/server-message-block-direct-smb-direct.md
index 1d9cf90830..4f550f7615 100644
--- a/includes/licensing/server-message-block-direct-smb-direct.md
+++ b/includes/licensing/server-message-block-direct-smb-direct.md
@@ -19,4 +19,4 @@ Server Message Block Direct (SMB Direct) license entitlements are granted by the
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/server-message-block-smb-file-service.md b/includes/licensing/server-message-block-smb-file-service.md
index e43140a213..949799af17 100644
--- a/includes/licensing/server-message-block-smb-file-service.md
+++ b/includes/licensing/server-message-block-smb-file-service.md
@@ -19,4 +19,4 @@ Server Message Block (SMB) file service license entitlements are granted by the
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/smart-app-control.md b/includes/licensing/smart-app-control.md
index e7936151a9..ec15bdb692 100644
--- a/includes/licensing/smart-app-control.md
+++ b/includes/licensing/smart-app-control.md
@@ -19,4 +19,4 @@ Smart App Control license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/smart-cards-for-windows-service.md b/includes/licensing/smart-cards-for-windows-service.md
index 63a55e3fe7..65d38875b0 100644
--- a/includes/licensing/smart-cards-for-windows-service.md
+++ b/includes/licensing/smart-cards-for-windows-service.md
@@ -19,4 +19,4 @@ Smart Cards for Windows Service license entitlements are granted by the followin
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/tamper-protection-settings-for-mde.md b/includes/licensing/tamper-protection-settings-for-mde.md
index 2360237f91..11a2824f53 100644
--- a/includes/licensing/tamper-protection-settings-for-mde.md
+++ b/includes/licensing/tamper-protection-settings-for-mde.md
@@ -19,4 +19,4 @@ Tamper protection settings for MDE license entitlements are granted by the follo
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/transport-layer-security-tls.md b/includes/licensing/transport-layer-security-tls.md
index fac4e27a34..dceb1635ec 100644
--- a/includes/licensing/transport-layer-security-tls.md
+++ b/includes/licensing/transport-layer-security-tls.md
@@ -19,4 +19,4 @@ Transport layer security (TLS) license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/trusted-platform-module-tpm-20.md b/includes/licensing/trusted-platform-module-tpm-20.md
index 1c2698fe69..eae4c2e538 100644
--- a/includes/licensing/trusted-platform-module-tpm-20.md
+++ b/includes/licensing/trusted-platform-module-tpm-20.md
@@ -19,4 +19,4 @@ Trusted Platform Module (TPM) 2.0 license entitlements are granted by the follow
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/universal-print.md b/includes/licensing/universal-print.md
index 91d81c256a..9a952fc23f 100644
--- a/includes/licensing/universal-print.md
+++ b/includes/licensing/universal-print.md
@@ -19,4 +19,4 @@ Universal Print license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/user-account-control-uac.md b/includes/licensing/user-account-control-uac.md
index fcebe3a04f..4e28d74263 100644
--- a/includes/licensing/user-account-control-uac.md
+++ b/includes/licensing/user-account-control-uac.md
@@ -19,4 +19,4 @@ User Account Control (UAC) license entitlements are granted by the following lic
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/virtual-private-network-vpn.md b/includes/licensing/virtual-private-network-vpn.md
index 63c5f759be..6ca8c3ddd5 100644
--- a/includes/licensing/virtual-private-network-vpn.md
+++ b/includes/licensing/virtual-private-network-vpn.md
@@ -19,4 +19,4 @@ Virtual Private Network (VPN) license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/virtualization-based-security-vbs.md b/includes/licensing/virtualization-based-security-vbs.md
index bf7877eecf..73f9b4ae28 100644
--- a/includes/licensing/virtualization-based-security-vbs.md
+++ b/includes/licensing/virtualization-based-security-vbs.md
@@ -19,4 +19,4 @@ Virtualization-based security (VBS) license entitlements are granted by the foll
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/wifi-security.md b/includes/licensing/wifi-security.md
index 60244b96fa..528d3e8873 100644
--- a/includes/licensing/wifi-security.md
+++ b/includes/licensing/wifi-security.md
@@ -19,4 +19,4 @@ WiFi Security license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-autopatch.md b/includes/licensing/windows-autopatch.md
index 0aa6b3322b..c9d890fb98 100644
--- a/includes/licensing/windows-autopatch.md
+++ b/includes/licensing/windows-autopatch.md
@@ -19,4 +19,4 @@ Windows Autopatch license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |No|Yes|Yes|No|No|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-autopilot.md b/includes/licensing/windows-autopilot.md
index 20a4f93681..d0ea1ecca1 100644
--- a/includes/licensing/windows-autopilot.md
+++ b/includes/licensing/windows-autopilot.md
@@ -19,4 +19,4 @@ Windows Autopilot license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-containers.md b/includes/licensing/windows-containers.md
index 65bf288051..e9df23b0f1 100644
--- a/includes/licensing/windows-containers.md
+++ b/includes/licensing/windows-containers.md
@@ -19,4 +19,4 @@ Windows containers license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-defender-application-control-wdac.md b/includes/licensing/windows-defender-application-control-wdac.md
index c92e8fbb39..7b029709ad 100644
--- a/includes/licensing/windows-defender-application-control-wdac.md
+++ b/includes/licensing/windows-defender-application-control-wdac.md
@@ -19,4 +19,4 @@ Windows Defender Application Control (WDAC) license entitlements are granted by
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-defender-credential-guard.md b/includes/licensing/windows-defender-credential-guard.md
index db77789d7b..ea360fa645 100644
--- a/includes/licensing/windows-defender-credential-guard.md
+++ b/includes/licensing/windows-defender-credential-guard.md
@@ -19,4 +19,4 @@ Windows Defender Credential Guard license entitlements are granted by the follow
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-defender-remote-credential-guard.md b/includes/licensing/windows-defender-remote-credential-guard.md
index d55ab4048f..fa718760d4 100644
--- a/includes/licensing/windows-defender-remote-credential-guard.md
+++ b/includes/licensing/windows-defender-remote-credential-guard.md
@@ -19,4 +19,4 @@ Windows Defender Remote Credential Guard license entitlements are granted by the
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-defender-system-guard.md b/includes/licensing/windows-defender-system-guard.md
index d6f28be164..3e6515de2c 100644
--- a/includes/licensing/windows-defender-system-guard.md
+++ b/includes/licensing/windows-defender-system-guard.md
@@ -19,4 +19,4 @@ Windows Defender System Guard license entitlements are granted by the following
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-feature-and-expedite-updates-with-intune.md b/includes/licensing/windows-feature-and-expedite-updates-with-intune.md
index f3e01d0e8e..4a0982992b 100644
--- a/includes/licensing/windows-feature-and-expedite-updates-with-intune.md
+++ b/includes/licensing/windows-feature-and-expedite-updates-with-intune.md
@@ -19,4 +19,4 @@ Windows feature and expedite updates with Intune license entitlements are grante
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-firewall.md b/includes/licensing/windows-firewall.md
index 2622f2782b..7dff38b793 100644
--- a/includes/licensing/windows-firewall.md
+++ b/includes/licensing/windows-firewall.md
@@ -19,4 +19,4 @@ Windows Firewall license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
index 8121879c76..71e43b05c6 100644
--- a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
+++ b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
@@ -19,4 +19,4 @@ Windows Hello for Business Enhanced Security Sign-in (ESS) license entitlements
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-hello-for-business.md b/includes/licensing/windows-hello-for-business.md
index dda17d2fa2..6ff15f6184 100644
--- a/includes/licensing/windows-hello-for-business.md
+++ b/includes/licensing/windows-hello-for-business.md
@@ -19,4 +19,4 @@ Windows Hello for Business license entitlements are granted by the following lic
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-presence-sensing.md b/includes/licensing/windows-presence-sensing.md
index 8989dd23d8..ce8d58277f 100644
--- a/includes/licensing/windows-presence-sensing.md
+++ b/includes/licensing/windows-presence-sensing.md
@@ -19,4 +19,4 @@ Windows presence sensing license entitlements are granted by the following licen
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-sandbox.md b/includes/licensing/windows-sandbox.md
index ab64cdb816..b08403f118 100644
--- a/includes/licensing/windows-sandbox.md
+++ b/includes/licensing/windows-sandbox.md
@@ -19,4 +19,4 @@ Windows Sandbox license entitlements are granted by the following licenses:
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-security-policy-settings-and-auditing.md b/includes/licensing/windows-security-policy-settings-and-auditing.md
index 462d337d74..4fbac14e8e 100644
--- a/includes/licensing/windows-security-policy-settings-and-auditing.md
+++ b/includes/licensing/windows-security-policy-settings-and-auditing.md
@@ -19,4 +19,4 @@ Windows Security policy settings and auditing license entitlements are granted b
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-update-for-business.md b/includes/licensing/windows-update-for-business.md
index 5cfa8990d0..7df9965759 100644
--- a/includes/licensing/windows-update-for-business.md
+++ b/includes/licensing/windows-update-for-business.md
@@ -19,4 +19,4 @@ Windows Update for Business license entitlements are granted by the following li
 |:---:|:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|Yes|
 
-For more information about Windows licensing, see [Windows licensing overview](https://learn.microsoft.com/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 4984e4e28e..1bd19e107d 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -1,9 +1,17 @@
 
 - name: Windows security
   href: index.yml
-- name: Zero Trust and Windows
-  href: zero-trust-windows-device-health.md
   expanded: true
+- name: Introduction
+  items:
+  - name: Zero Trust and Windows
+    href: zero-trust-windows-device-health.md
+  - name: Windows security overview
+    href: introduction/index.md
+  - name: Security features edition requirements
+    href: introduction/security-features-edition-requirements.md
+  - name: Security features licensing requirements
+    href: introduction/security-features-licensing-requirements.md
 - name: Hardware security
   items:
     - name: Overview
diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md
index f4c5e4f7a1..84acf6b19c 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/hello-overview.md
@@ -1,11 +1,11 @@
 ---
-title: Windows Hello for Business Overview (Windows)
-description: Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices in Windows 10 and Windows 11.
+title: Windows Hello for Business Overview
+description: Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on Windows devices.
 ms.collection: 
   - highpri
   - tier1
 ms.topic: conceptual
-ms.date: 12/31/2017
+ms.date: 04/24/2023
 ---
 # Windows Hello for Business Overview
 
@@ -65,7 +65,7 @@ Imagine that someone is looking over your shoulder as you get money from an ATM
 
 Windows Hello helps protect user identities and user credentials. Because the user doesn't enter a password (except during provisioning), it helps circumvent phishing and brute force attacks. It also helps prevent server breaches because Windows Hello credentials are an asymmetric key pair, which helps prevent replay attacks when these keys are protected by TPMs.
 
-[!INCLUDE [windows-hello-for-business](../../../../includes/licensing/security/windows-hello-for-business.md)]
+[!INCLUDE [windows-hello-for-business](../../../../includes/licensing/windows-hello-for-business.md)]
 
 ## How Windows Hello for Business works: key points
 
diff --git a/windows/security/introduction/chip-to-cloud.svg b/windows/security/introduction/chip-to-cloud.svg
deleted file mode 100644
index 62f4230955..0000000000
--- a/windows/security/introduction/chip-to-cloud.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="1595px" height="631px" viewBox="-0.5 -0.5 1595 631"><defs/><g><rect x="0" y="426" width="1590" height="200" rx="8" ry="8" fill="#000000" stroke="none" pointer-events="all" transform="translate(2,3)" opacity="0.25"/><rect x="0" y="426" width="1590" height="200" rx="8" ry="8" fill="#0c59a4" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe flex-start; width: 1442px; height: 1px; padding-top: 526px; margin-left: 150px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 20px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;"><span style="font-weight: normal;">Hardware<br style="font-size: 20px;" />(Chip)</span></div></div></div></foreignObject><text x="150" y="532" fill="#FFFFFF" font-family="Segoe UI semibold" font-size="20px" font-weight="bold">Hardware...</text></switch></g><image x="29.5" y="485.5" width="90" height="90" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMDQ4IDIwNDgiPiYjeGE7ICA8cGF0aCBmaWxsPSIjRkZGRkZGIiBkPSJNMzg0IDE3NThxLTU5LTM1LTk0LTk0SDY0cS0yNiAwLTQ1LTE5dC0xOS00NXEwLTI2IDE5LTQ1dDQ1LTE5aDE5MnYtMjU2SDY0cS0yNiAwLTQ1LTE5dC0xOS00NXEwLTI2IDE5LTQ1dDQ1LTE5aDE5MlY4OTZINjRxLTI2IDAtNDUtMTlUMCA4MzJxMC0yNiAxOS00NXQ0NS0xOWgxOTJWNTEySDY0cS0yNiAwLTQ1LTE5VDAgNDQ4cTAtMjYgMTktNDV0NDUtMTloMjI2cTM1LTU5IDk0LTk0VjY0cTAtMjYgMTktNDV0NDUtMTlxMjYgMCA0NSAxOXQxOSA0NXYxOTJoMjU2VjY0cTAtMjYgMTktNDV0NDUtMTlxMjYgMCA0NSAxOXQxOSA0NXYxOTJoMjU2VjY0cTAtMjYgMTktNDV0NDUtMTlxMjYgMCA0NSAxOXQxOSA0NXYxOTJoMjU2VjY0cTAtMjYgMTktNDV0NDUtMTlxMjYgMCA0NSAxOXQxOSA0NXYyMjZxNTkgMzUgOTQgOTRoMjI2cTI2IDAgNDUgMTl0MTkgNDVxMCAyNi0xOSA0NXQtNDUgMTloLTE5MnYyNTZoMTkycTI2IDAgNDUgMTl0MTkgNDVxMCAyNi0xOSA0NXQtNDUgMTloLTE5MnYyNTZoMTkycTI2IDAgNDUgMTl0MTkgNDVxMCAyNi0xOSA0NXQtNDUgMTloLTE5MnYyNTZoMTkycTI2IDAgNDUgMTl0MTkgNDVxMCAyNi0xOSA0NXQtNDUgMTloLTIyNnEtMzUgNTktOTQgOTR2MjI2cTAgMjYtMTkgNDV0LTQ1IDE5cS0yNiAwLTQ1LTE5dC0xOS00NXYtMTkyaC0yNTZ2MTkycTAgMjYtMTkgNDV0LTQ1IDE5cS0yNiAwLTQ1LTE5dC0xOS00NXYtMTkySDg5NnYxOTJxMCAyNi0xOSA0NXQtNDUgMTlxLTI2IDAtNDUtMTl0LTE5LTQ1di0xOTJINTEydjE5MnEwIDI2LTE5IDQ1dC00NSAxOXEtMjYgMC00NS0xOXQtMTktNDV2LTIyNnptMTE1Mi05NHEyNyAwIDUwLTEwdDQwLTI3IDI4LTQxIDEwLTUwVjUxMnEwLTI2LTEwLTQ5dC0yNy00MS00MS0yOC01MC0xMEg1MTJxLTI3IDAtNTAgMTB0LTQwIDI3LTI4IDQxLTEwIDUwdjEwMjRxMCAyNyAxMCA1MHQyNyA0MSA0MCAyNyA1MSAxMGgxMDI0ek01NTUgODMxcTAtMTQgNi0yNiAzMS02NiA4MC0xMjB0MTA5LTkzIDEzMS01OSAxNDMtMjFxMTEwIDAgMjEwIDQ1dDE3NCAxMjhWNTc2cTAtMjYgMTktNDV0NDUtMTlxMjYgMCA0NSAxOXQxOSA0NXYyNTZxMCAyNi0xOSA0NXQtNDUgMTloLTI1NnEtMjYgMC00NS0xOXQtMTktNDVxMC0yMSA4LTM0dDIzLTIwIDMxLTkgMzYtM3ExNyAwIDMyIDF0MjggMXEtNTUtNjItMTI5LTk1dC0xNTctMzNxLTExMiAwLTIwNiA2MC0yNiAxNi00NiAzM3QtMzYgMzYtMzEgNDItMjggNDhxLTkgMTctMjMgMjd0LTM1IDEwcS0yNiAwLTQ1LTE5dC0xOS00NnptLTQzIDY0MXYtMjU2cTAtMjYgMTktNDV0NDUtMTloMjU2cTI2IDAgNDUgMTl0MTkgNDVxMCAyMS04IDM0dC0yMyAyMC0zMSA5LTM2IDNxLTE3IDAtMzItMXQtMjgtMXE1NSA2MiAxMjkgOTV0MTU3IDMzcTExMCAwIDIwNS02MCAyNS0xNiA0NS0zM3QzNy0zNiAzMS00MiAyOS00OXExOS0zNiA1OC0zNiAyNiAwIDQ1IDE5dDE5IDQ1cTAgMTUtNiAyNy0zMCA2Ni03OSAxMjB0LTExMCA5My0xMzIgNTktMTQyIDIxcS0xMTEgMC0yMTEtNDR0LTE3My0xMjl2MTA5cTAgMjYtMTkgNDV0LTQ1IDE5cS0yNiAwLTQ1LTE5dC0xOS00NXoiLz4mI3hhOzwvc3ZnPg==" preserveAspectRatio="none"/><rect x="330" y="436" width="600" height="180" rx="7.2" ry="7.2" fill="#000000" stroke="none" pointer-events="all" transform="translate(2,3)" opacity="0.25"/><rect x="330" y="436" width="600" height="180" rx="7.2" ry="7.2" fill="#243a5e" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 582px; height: 1px; padding-top: 451px; margin-left: 350px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 20px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;"><font style="font-size: 18px;"><span style="color: rgb(80, 230, 255); font-weight: normal;">Hardware Root-of-Trust<br /></span><br /><font face="Segoe UI" style="font-weight: normal;">TPM 2.0<br />Microsoft Puton Security Processor</font><br /></font></div></div></div></foreignObject><text x="350" y="471" fill="#FFFFFF" font-family="Segoe UI semibold" font-size="20px" font-weight="bold">Hardware Root-of-Trust...</text></switch></g><rect x="940" y="436" width="640" height="180" rx="7.2" ry="7.2" fill="#000000" stroke="none" pointer-events="all" transform="translate(2,3)" opacity="0.25"/><rect x="940" y="436" width="640" height="180" rx="7.2" ry="7.2" fill="#243a5e" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 622px; height: 1px; padding-top: 451px; margin-left: 960px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 20px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;"><font style="font-size: 18px;"><font color="#50e6ff"><span style="font-weight: 400;">Silicon Assisted Security</span></font><br /><font face="Segoe UI" style="font-weight: normal;"><br />Secure Kernel (HVCI enabled by default)<br />Hardware Enforced Stack Protection<br />Secured-Core PCs<br /></font></font><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><font style="font-size: 18px;"><font face="Segoe UI" style="font-weight: normal;">Firmware Protection</font></font></blockquote></div></div></div></foreignObject><text x="960" y="471" fill="#FFFFFF" font-family="Segoe UI semibold" font-size="20px" font-weight="bold">Silicon Assisted Security...</text></switch></g><image x="849.5" y="530.5" width="70" height="70" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMDQ4IDIwNDgiPiYjeGE7ICA8cGF0aCBmaWxsPSIjNTBFNkZGIiBkPSJNMTc5MiAxMDI0djc2OHEwIDUzLTIwIDk5dC01NSA4Mi04MSA1NS0xMDAgMjBINTEycS01MyAwLTk5LTIwdC04Mi01NS01NS04MS0yMC0xMDB2LTc2OHEwLTUzIDIwLTk5dDU1LTgyIDgxLTU1IDEwMC0yMFY1MTJxMC0xMDYgNDAtMTk5dDEwOS0xNjNUODI0IDQwdDIwMC00MHExMDYgMCAxOTkgNDB0MTYzIDEwOSAxMTAgMTYzIDQwIDIwMHYyNTZxNTMgMCA5OSAyMHQ4MiA1NSA1NSA4MSAyMCAxMDB6TTY0MCA3NjhoNzY4VjUxMnEwLTgwLTMwLTE1MHQtODItMTIyLTEyMi04Mi0xNTAtMzBxLTgwIDAtMTUwIDMwdC0xMjIgODItODIgMTIyLTMwIDE1MHYyNTZ6bTEwMjQgMjU2cTAtMjYtMTAtNDl0LTI3LTQxLTQxLTI4LTUwLTEwSDUxMnEtMjcgMC01MCAxMHQtNDAgMjctMjggNDEtMTAgNTB2NzY4cTAgMjcgMTAgNTB0MjcgNDEgNDAgMjcgNTEgMTBoMTAyNHEyNyAwIDUwLTEwdDQwLTI3IDI4LTQxIDEwLTUwdi03Njh6bS01MTIgMzg0cTAgMjctMTAgNTB0LTI3IDQwLTQxIDI4LTUwIDEwcS0yNyAwLTUwLTEwdC00MS0yNy0yNy00MC0xMC01MXEwLTI3IDEwLTUwdDI3LTQwIDQxLTI4IDUwLTEwcTI2IDAgNDkgMTB0NDEgMjcgMjggNDEgMTAgNTB6Ii8+JiN4YTs8L3N2Zz4=" preserveAspectRatio="none"/><image x="1489.5" y="530.5" width="70" height="70" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMDQ4IDIwNDgiPiYjeGE7ICA8cGF0aCBmaWxsPSIjNTBFNkZGIiBkPSJNMTQwOCA2ODZxMC0yMS0xMy0zM3QtMzQtMTZxLTM4LTYtNzItMTJ0LTY3LTE3LTYyLTI4LTYxLTQzcS03LTYtMTYtMTV0LTE5LTE5LTIxLTE2LTE5LTdxLTkgMC0xOSA3dC0yMSAxNi0xOSAxOC0xNyAxNnEtMzIgMjYtNjIgNDJ0LTYyIDI3LTY2IDE2LTc0IDEzcS0xOSAzLTMxIDE1dC0xMyAzM3YyMjlxMCAyMDIgOTAgMzMxdDI4MiAxOTVxOCAyIDEyIDJ0MTItMnExODctNjcgMjc5LTE5NnQ5Mi0zMzBWNzk5cTAtNTYgMS0xMTN6TTEyOCA1MTJxMC01MyAyMC05OXQ1NS04MiA4MS01NSAxMDAtMjBoMTI4MHE1MyAwIDk5IDIwdDgyIDU1IDU1IDgxIDIwIDEwMHY4OTZxMCA1My0yMCA5OXQtNTUgODItODEgNTUtMTAwIDIwSDM4NHEtNTMgMC05OS0yMHQtODItNTUtNTUtODEtMjAtMTAwVjUxMnptMjU2LTEyOHEtMjcgMC01MCAxMHQtNDAgMjctMjggNDEtMTAgNTB2ODk2cTAgMjcgMTAgNTB0MjcgNDAgNDEgMjggNTAgMTBoMTI4MHEyNyAwIDUwLTEwdDQwLTI3IDI4LTQxIDEwLTUwVjUxMnEwLTI3LTEwLTUwdC0yNy00MC00MS0yOC01MC0xMEgzODR6TTAgMTg1NnEwLTI2IDE5LTQ1dDQ1LTE5aDE5MjBxMjYgMCA0NSAxOXQxOSA0NXEwIDI2LTE5IDQ1dC00NSAxOUg2NHEtMjYgMC00NS0xOXQtMTktNDV6Ii8+JiN4YTs8L3N2Zz4=" preserveAspectRatio="none"/><rect x="0" y="1" width="1590" height="420" rx="16.8" ry="16.8" fill="#000000" stroke="none" pointer-events="all" transform="translate(2,3)" opacity="0.25"/><rect x="0" y="1" width="1590" height="420" rx="16.8" ry="16.8" fill="#0c59a4" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe flex-start; width: 1442px; height: 1px; padding-top: 211px; margin-left: 150px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 20px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;"><span style="font-weight: 400;">Operating<br /></span>System</div></div></div></foreignObject><text x="150" y="217" fill="#FFFFFF" font-family="Segoe UI semibold" font-size="20px" font-weight="bold">Operating...</text></switch></g><rect x="330" y="11" width="410" height="300" rx="12" ry="12" fill="#000000" stroke="none" pointer-events="all" transform="translate(2,3)" opacity="0.25"/><rect x="330" y="11" width="410" height="300" rx="12" ry="12" fill="#243a5e" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 392px; height: 1px; padding-top: 36px; margin-left: 350px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 20px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;"><font style="font-size: 18px;"><span style="color: rgb(80, 230, 255); font-weight: normal;">Encryption and Data Protection<br /></span><br /><font face="Segoe UI" style="font-weight: normal;"><font style="">BitLocker<br />Encrypted Hard Drive<br /></font>Personal Data Encryption<br />Email Encryption</font><br /></font></div></div></div></foreignObject><text x="350" y="56" fill="#FFFFFF" font-family="Segoe UI semibold" font-size="20px" font-weight="bold">Encryption and Data Protection...</text></switch></g><rect x="330" y="321" width="1250" height="90" rx="3.6" ry="3.6" fill="#000000" stroke="none" pointer-events="all" transform="translate(2,3)" opacity="0.25"/><rect x="330" y="321" width="1250" height="90" rx="3.6" ry="3.6" fill="#243a5e" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 1232px; height: 1px; padding-top: 336px; margin-left: 350px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 20px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;"><font style="font-size: 18px;"><span style="color: rgb(80, 230, 255); font-weight: normal;">System Security</span><br /></font></div></div></div></foreignObject><text x="350" y="356" fill="#FFFFFF" font-family="Segoe UI semibold" font-size="20px" font-weight="bold">System Security&#xa;</text></switch></g><rect x="650" y="321" width="200" height="90" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 198px; height: 1px; padding-top: 338px; margin-left: 652px;"><div data-drawio-colors="color: #ffffff; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 18px; font-family: &quot;Segoe UI&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Trusted Boot<br />Cryptography<br />Certificates</div></div></div></foreignObject><text x="652" y="356" fill="#ffffff" font-family="Segoe UI" font-size="18px">Trusted Boot...</text></switch></g><rect x="850" y="321" width="210" height="90" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 208px; height: 1px; padding-top: 338px; margin-left: 852px;"><div data-drawio-colors="color: #ffffff; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 18px; font-family: &quot;Segoe UI&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Code Signing<br />Code Integrity<br />Device Health Attestation</div></div></div></foreignObject><text x="852" y="356" fill="#ffffff" font-family="Segoe UI" font-size="18px">Code Signing...</text></switch></g><rect x="1090" y="321" width="370" height="90" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 368px; height: 1px; padding-top: 338px; margin-left: 1092px;"><div data-drawio-colors="color: #ffffff; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 18px; font-family: &quot;Segoe UI&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Windows Security Policy Setting and Auditing<br />Windows Security App</div></div></div></foreignObject><text x="1092" y="356" fill="#ffffff" font-family="Segoe UI" font-size="18px">Windows Security Policy Setting and Audit...</text></switch></g><rect x="750" y="11" width="410" height="300" rx="12" ry="12" fill="#000000" stroke="none" pointer-events="all" transform="translate(2,3)" opacity="0.25"/><rect x="750" y="11" width="410" height="300" rx="12" ry="12" fill="#243a5e" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 392px; height: 1px; padding-top: 36px; margin-left: 770px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 20px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;"><font style="font-size: 18px;"><font color="#50e6ff"><span style="font-weight: 400;">Network Security<br /></span></font><br /><font face="Segoe UI" style=""><font style="font-weight: normal;">Transport Layer Security (TLS)<br />DNS Security<br /></font><span style="font-weight: normal;">Bluetooth protection</span><br /><span style="font-weight: normal;">Secured Wi-Fi<br /></span></font><font face="Segoe UI" style="font-weight: normal;">Windows Defender Firewall<br />VPN<br />SMB File Services</font><br /></font></div></div></div></foreignObject><text x="770" y="56" fill="#FFFFFF" font-family="Segoe UI semibold" font-size="20px" font-weight="bold">Network Security...</text></switch></g><rect x="1170" y="11" width="410" height="300" rx="12" ry="12" fill="#000000" stroke="none" pointer-events="all" transform="translate(2,3)" opacity="0.25"/><rect x="1170" y="11" width="410" height="300" rx="12" ry="12" fill="#243a5e" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 392px; height: 1px; padding-top: 36px; margin-left: 1190px;"><div data-drawio-colors="color: #FFFFFF; " style="box-sizing: border-box; font-size: 0px; text-align: left;"><div style="display: inline-block; font-size: 20px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;"><font style="font-size: 18px;"><span style="color: rgb(80, 230, 255); font-weight: normal;">Virus an Threat Protection<br /></span><br /><font face="Segoe UI" style=""><font style="font-weight: normal;">Microsoft Defender Antivirus<br />Local Security Authority<br /></font><span style="font-weight: normal;">Attack Surface Reduction<br />Tamper Protection<br /></span></font><font face="Segoe UI" style="font-weight: normal;">Vulnerable Driver Blocklist<br />Controlled Folder Access<br />Exploit Protection<br />Enhanced Phishing Protection<br />Microsoft Defender for Endpoint</font><br /></font></div></div></div></foreignObject><text x="1190" y="56" fill="#FFFFFF" font-family="Segoe UI semibold" font-size="20px" font-weight="bold">Virus an Threat Protection...</text></switch></g><image x="659.5" y="240.5" width="70" height="70" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMDQ4IDIwNDgiPiYjeGE7ICA8cGF0aCBmaWxsPSIjNTBFNkZGIiBkPSJNMCA5NjBWNDQ4cTAtMjIgOC0zNHQyMS0xOSAzMC05IDM0LTJoMzVxMC0yMy0xLTQ3dC0xLTQ5cTAtMzQgNC02NnQxNy02NHEzMS03MyA5NC0xMTVUMzg0IDBxNTMgMCA5OSAyMHQ4MiA1NCA1NSA4MiAyMCAxMDB2MTI4aDMycTE3IDAgMzQgMnQzMSA4IDIyIDE5IDkgMzV2NTEycTAgMjYtMTkgNDV0LTQ1IDE5SDY0cS0yNyAwLTQ1LTE4VDAgOTYwem0yNTYtNTc2aDI1NlYyNTZxMC0yNy0xMC01MHQtMjctNDAtNDEtMjgtNTAtMTBxLTI3IDAtNTAgMTB0LTQxIDI3LTI3IDQwLTEwIDUxdjEyOHptMjU2IDMyMHEwLTI2LTEwLTQ5dC0yNy00MS00MS0yOC01MC0xMHEtMjcgMC01MCAxMHQtNDAgMjctMjggNDEtMTAgNTBxMCAyNyAxMCA1MHQyNyA0MSA0MCAyNyA1MSAxMHEyNiAwIDQ5LTEwdDQxLTI3IDI4LTQxIDEwLTUwem0xMjg1LTY0cTUwIDAgOTUgMjB0ODAgNTUgNTUgODAgMjEgOTZ2MjY2cTAgNTAtMjAgOTV0LTU1IDgwLTgwIDU1LTk2IDIxSDI1MXEtNTAgMC05NS0yMHQtODAtNTUtNTUtODAtMjEtOTZ2LTVoMTI4cTAgMjcgMTAgNTB0MjcgNDEgNDAgMjcgNTEgMTBoMTUzNnEyNyAwIDUwLTEwdDQwLTI3IDI4LTQxIDEwLTUwVjg5NnEwLTI2LTEwLTQ5dC0yNy00MS00MS0yOC01MC0xMEg4OTZWNjQwaDkwMXptLTIyOSA0NDhxLTQwIDAtNjgtMjh0LTI4LTY4cTAtNDAgMjgtNjh0NjgtMjhxNDAgMCA2OCAyOHQyOCA2OHEwIDQwLTI4IDY4dC02OCAyOHoiLz4mI3hhOzwvc3ZnPg==" preserveAspectRatio="none"/><image x="1079.5" y="230.5" width="70" height="70" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMDQ4IDIwNDgiPiYjeGE7ICA8cGF0aCBmaWxsPSIjNTBFNkZGIiBkPSJNMTkyMCAzODR2NTc2cTAgMjExLTY3IDM4MHQtMTg0IDMwMi0yNzcgMjMyLTM0NSAxNzBxLTkgNC0yMyA0LTUgMC0xMS0xdC0xMi0zcS0xODUtNzAtMzQ0LTE2OXQtMjc3LTIzMy0xODUtMzAzLTY3LTM3OVYzODRxMC0yOCAxNS00MnQ0MC0yMXEyMi02IDQ2LTh0NDYtOHEzOC03IDc1LTE1dDc2LTIwcTc4LTIyIDE1MC00OXQxNDAtNTkgMTM2LTcwIDEzNi04MXE5LTUgMTctOHQxOS0zcTExIDAgMTkgM3QxNyA4cTY5IDQzIDEzNiA4MXQxMzUgNzAgMTQxIDU5IDE1MCA0OXEzOCAxMSA3NSAxOXQ3NiAxNnEyMiA1IDQ2IDd0NDYgOXEyNCA3IDM5IDIxdDE2IDQyem0tMTI4IDU1cS0yMDUtMzUtMzk5LTExMHQtMzY5LTE4OVE4NDkgMjU0IDY1NSAzMjlUMjU2IDQzOXY1MjFxMCAxODcgNTkgMzM1dDE2MiAyNjUgMjQ0IDIwMyAzMDMgMTUycTE2My02NCAzMDMtMTUxdDI0My0yMDQgMTYzLTI2NCA1OS0zMzZWNDM5em0tNzY4IDI2NXEzOSAwIDc0IDE1dDYxIDQxIDQyIDYyIDE1IDc0cTAgNTctMzAgMTA0dC04MiA3MWwzOCAyNjR2NHEwIDIgMSA0IDAgMjctMTkgNDZ0LTQ2IDE5SDk3MHEtMjcgMC00Ni0xOXQtMTktNDZ2LTRxMC0yIDEtNGwzOC0yNjRxLTUxLTI0LTgxLTcxdC0zMS0xMDRxMC0zOSAxNS03NHQ0MS02MSA2Mi00MiA3NC0xNXoiLz4mI3hhOzwvc3ZnPg==" preserveAspectRatio="none"/><image x="1489.5" y="330.5" width="70" height="70" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMDQ4IDIwNDgiPiYjeGE7ICA8cGF0aCBmaWxsPSIjNTBFNkZGIiBkPSJNMzc2IDE3OTJxLTc1IDAtMTQzLTMwdC0xMjAtODItODItMTIwLTMxLTE0NFY2MzJxMC03NSAzMC0xNDN0ODItMTIwIDEyMC04MiAxNDQtMzFoMTI5NnE3NSAwIDE0MyAzMHQxMjAgODIgODIgMTIwIDMxIDE0NHY0NXEtNjMtNjgtMTM5LTExMy0xMy00MC0zNy03M3QtNTYtNTctNzEtMzctODEtMTNIMzc5cS01MCAwLTk1IDIwdC04MCA1NS01NSA4MC0yMSA5NnY3NzhxMCA1MiAyMSA5N3Q1NiA4MCA4MSA1NCA5OCAyMGg3Njh2MTI4SDM3NnptNzItMTAyNHEtMjYgMC00NS0xOXQtMTktNDVxMC0yNiAxOS00NXQ0NS0xOWg2NDBxMjYgMCA0NSAxOXQxOSA0NXEwIDI2LTE5IDQ1dC00NSAxOUg0NDh6bTcwNCAzMTJxMC05MCAzNi0xNzB0OTgtMTQwIDE0My05NSAxNzEtMzVxOTIgMCAxNzMgMzV0MTQzIDk3IDk2IDE0MiAzNiAxNzRxMCA5Mi0zNSAxNzN0LTk3IDE0My0xNDIgOTYtMTc0IDM2cS05NSAwLTE3Ny0zNnQtMTQyLTk4LTk0LTE0NS0zNS0xNzd6bS03MDQgMzI4cS0yNiAwLTQ1LTE5dC0xOS00NXEwLTI2IDE5LTQ1dDQ1LTE5aDUxMnEyNiAwIDQ1IDE5dDE5IDQ1cTAgMjYtMTkgNDV0LTQ1IDE5SDQ0OHptODk2IDYzNXEtMjcgMC00NS0xOHQtMTktNDZ2LTM3NHE3MiA0NSAxNTMgNjh0MTY3IDIzcTg1IDAgMTY2LTIzdDE1NC02OHYzNzRxMCAyNy0xOCA0NXQtNDYgMTlxLTIzIDAtNDAtMTRsLTE3Ni0xNDFxLTE3LTE0LTQwLTE0dC00MCAxNGwtMTc2IDE0MXEtMTcgMTQtNDAgMTR6Ii8+JiN4YTs8L3N2Zz4=" preserveAspectRatio="none"/><image x="1489.5" y="230.5" width="70" height="70" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMDQ4IDIwNDgiPiYjeGE7ICA8cGF0aCBmaWxsPSIjNTBFNkZGIiBkPSJNMTMgODk2UTMgODU4IDIgODIwdC0yLTc4VjMyMHEwLTMwIDE3LTQ2dDQ3LTE4cTU5LTQgMTE3LTh0MTE3LTE2cTgyLTE3IDE1OC00OXQxNDYtODFxMzctMjcgNzEtNDR0NjgtMjggNzItMTggODMtMTJ2ODk2SDEzek0xMDI0IDBxNDIgNSA4MCAxMnQ3NSAxOCA3MCAyOCA2OSA0NHEzMyAyNiA2OSA0OXQ3NSA0MXE0MyAyMSA5MiAzM3QxMDEgMTkgMTAyIDkgOTkgM3EyOSAwIDQ2IDE3dDE4IDQ3djQyMnEwIDM5LTEgNzd0LTEyIDc3aC04ODNWMHpNODk2IDE5MjBxLTg4LTQ5LTE3OS0xMDV0LTE4MC0xMjItMTcwLTEzOC0xNDgtMTU3LTExNy0xNzctNzYtMTk3aDg3MHY4OTZ6bTEyOC04OTZoODcwcS0yNiAxMDQtNzYgMTk3dC0xMTcgMTc2LTE0OCAxNTctMTY5IDEzOS0xODAgMTIxLTE4MCAxMDZ2LTg5NnoiLz4mI3hhOzwvc3ZnPg==" preserveAspectRatio="none"/><image x="29.5" y="165.5" width="90" height="90" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMDQ4IDIwNDgiPiYjeGE7ICA8cGF0aCBmaWxsPSIjRkZGRkZGIiBkPSJNOTgxIDk4MUgyNTZWMjU2aDcyNXY3MjV6bTc5MCAwaC03MjZWMjU2aDcyNnY3MjV6bS03OTAgNzkwSDI1NnYtNzI2aDcyNXY3MjZ6bTc5MCAwaC03MjZ2LTcyNmg3MjZ2NzI2eiIvPiYjeGE7PC9zdmc+" preserveAspectRatio="none"/></g><switch><g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/><a transform="translate(0,-5)" xlink:href="https://www.diagrams.net/doc/faq/svg-export-text-problems" target="_blank"><text text-anchor="middle" font-size="10px" x="50%" y="100%">Text is not SVG - cannot display</text></a></switch></svg>
\ No newline at end of file
diff --git a/windows/security/introduction/security-features-edition-requirements.md b/windows/security/introduction/security-features-edition-requirements.md
index 41ca2cf5ee..78f752d813 100644
--- a/windows/security/introduction/security-features-edition-requirements.md
+++ b/windows/security/introduction/security-features-edition-requirements.md
@@ -16,4 +16,4 @@ ms.technology: itpro-security
 
 # Security features Windows edition requirements
 
-[!INCLUDE [_edition-requirements](../../../includes/licensing/security/_edition-requirements.md)]
\ No newline at end of file
+[!INCLUDE [_edition-requirements](../../../includes/licensing/_edition-requirements.md)]
\ No newline at end of file
diff --git a/windows/security/introduction/security-features-licensing-requirements.md b/windows/security/introduction/security-features-licensing-requirements.md
index 676b071fa0..d75b32a689 100644
--- a/windows/security/introduction/security-features-licensing-requirements.md
+++ b/windows/security/introduction/security-features-licensing-requirements.md
@@ -8,7 +8,7 @@ manager: aaroncz
 ms.collection:
 - tier3
 ms.topic: conceptual
-ms.date: 03/12/2023
+ms.date: 04/24/2023
 appliesto:
 - ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 ms.technology: itpro-security
@@ -16,4 +16,4 @@ ms.technology: itpro-security
 
 # Windows security licensing requirements
 
-[!INCLUDE [_licensing-requirements](../../../includes/licensing/security/_licensing-requirements.md)]
\ No newline at end of file
+[!INCLUDE [_licensing-requirements](../../../includes/licensing/_licensing-requirements.md)]
\ No newline at end of file

From 68119a975fa7246a899234a25a99eff3bd2baa72 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 24 Apr 2023 09:32:04 -0400
Subject: [PATCH 009/107] updates to relative links

---
 includes/licensing/_edition-requirements.md   |  2 +-
 includes/licensing/_licensing-requirements.md |  2 +-
 windows/security/introduction/index.md        |  4 +---
 windows/whats-new/windows-licensing.md        | 14 +++++++-------
 4 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md
index d250f005e9..ab8bd9523f 100644
--- a/includes/licensing/_edition-requirements.md
+++ b/includes/licensing/_edition-requirements.md
@@ -8,7 +8,7 @@ ms.topic: include
 The following table lists the security features that are available in Windows, and the Windows editions that support them:
 
 | Feature name | Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education |
-|:---:|:---:|:---:|:---:|:---:|
+|:---|:---:|:---:|:---:|:---:|
 |**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|
 |**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md
index 48a9565913..dbdbf770cb 100644
--- a/includes/licensing/_licensing-requirements.md
+++ b/includes/licensing/_licensing-requirements.md
@@ -8,7 +8,7 @@ ms.topic: include
 The following table lists the security features that are available in Windows, and the licensing requirements to use them:
 
 |Feature name|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|:---:|
+|:---|:---:|:---:|:---:|:---:|:---:|
 |**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes|
 |**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|Yes|Yes|Yes|
diff --git a/windows/security/introduction/index.md b/windows/security/introduction/index.md
index f84afefa03..913a477cf1 100644
--- a/windows/security/introduction/index.md
+++ b/windows/security/introduction/index.md
@@ -1,7 +1,7 @@
 ---
 title: Introduction to Windows security
 description: System security book.
-ms.date: 04/10/2023
+ms.date: 04/24/2023
 ms.topic: tutorial
 ms.author: paoloma
 author: paolomatarazzo
@@ -13,8 +13,6 @@ appliesto:
 
 The acceleration of digital transformation and the expansion of both remote and hybrid workplaces brings new opportunities to organizations, communities, and individuals. Our work styles have transformed. And now more than ever, employees need simple, intuitive user experiences to collaborate and stay productive, wherever work happens. But the expansion of access and ability to work anywhere has also introduced new threats and risks. According to data from the Microsoft commissioned Security Signals report, 75% of security decision-makers at the vice-president level and above feel the move to hybrid work leaves their organization more vulnerable to security threats. And [Microsoft's 2022 Work Trend Index](https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/) shows "cybersecurity issues and risks" are top concerns for business decisions makers, who worry about issues like malware, stolen credentials, devices that lack security updates, and physical attacks on lost or stolen devices.
 
-:::image type="content" source="chip-to-cloud.svg" lightbox="chip-to-cloud.svg" alt-text="chip to cloud diagram":::
-
 ## How Windows 11 enables zero-trust protection
 
 A zero-trust security model gives the right people the right access at the right time. Zero-trust security is based on three principles:
diff --git a/windows/whats-new/windows-licensing.md b/windows/whats-new/windows-licensing.md
index 2543add9a9..777660223b 100644
--- a/windows/whats-new/windows-licensing.md
+++ b/windows/whats-new/windows-licensing.md
@@ -19,7 +19,7 @@ ms.technology: itpro-security
 This document provides an overview of the products and use rights available through commercial licensing, information about the products that are eligible for upgrades, and the key choices you have for using Windows in your organization.
 
 > [!NOTE]
-> This content is not meant to replace or override other licensing documentation, such as the Windows 11 End User License Agreement or [Commercial Licensing Product Terms](http://www.microsoft.com/licensing/product-licensing/products.aspx).
+> This content is not meant to replace or override other licensing documentation, such as the Windows 11 End User License Agreement or [Commercial Licensing Product Terms](https://www.microsoft.com/licensing/product-licensing/products.aspx).
 
 ## Windows 11 editions
 
@@ -67,12 +67,12 @@ Here's an overview of the unique Windows Enterprise edition features, cloud powe
 | Windows Enterprise edition OS based functionality | Description |
 |-|-|
 |**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard-requirements)**|Protects against user credential harvesting and pass-the-hash attacks or pass the token attacks.|
-|**[Managed Microsoft Defender Application Guard for Microsoft Edge](https://learn.microsoft.com/deployedge/microsoft-edge-security-windows-defender-application-guard)**| Isolates enterprise-defined untrusted sites with virtualization-based security from Windows, protecting your organization while users browse the Internet.|
-|**[Modern BitLocker Management](https://learn.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview)** | Allows you to eliminate on-premises tools to monitor and support BitLocker recovery scenarios. |  
-|**[Personal Data Encryption](https://learn.microsoft.com/windows/security/information-protection/personal-data-encryption/overview-pde)**|Encrypts individual's content using Windows Hello for Business to link the encryption keys to user credentials.|
-|**[Direct Access](https://learn.microsoft.com/windows-server/remote/remote-access/directaccess/directaccess)**|Connect remote users to the organization network without the need for traditional VPN connections.|
-|**[Always-On VPN device tunnel](https://learn.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Benefit from advanced security capabilities to restrict the type of traffic and which applications can use the VPN connection with Always-On VPN device tunnel.|
-|**[Windows UI customization (CSP)](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience)**|Locks down the user experience of frontline workers devices or public kiosks.|
+|**[Managed Microsoft Defender Application Guard for Microsoft Edge](/deployedge/microsoft-edge-security-windows-defender-application-guard)**| Isolates enterprise-defined untrusted sites with virtualization-based security from Windows, protecting your organization while users browse the Internet.|
+|**[Modern BitLocker Management](h/windows/security/information-protection/bitlocker/bitlocker-overview)** | Allows you to eliminate on-premises tools to monitor and support BitLocker recovery scenarios. |  
+|**[Personal Data Encryption](/windows/security/information-protection/personal-data-encryption/overview-pde)**|Encrypts individual's content using Windows Hello for Business to link the encryption keys to user credentials.|
+|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|Connect remote users to the organization network without the need for traditional VPN connections.|
+|**[Always-On VPN device tunnel](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Benefit from advanced security capabilities to restrict the type of traffic and which applications can use the VPN connection with Always-On VPN device tunnel.|
+|**[Windows UI customization (CSP)](/windows/client-management/mdm/policy-csp-experience)**|Locks down the user experience of frontline workers devices or public kiosks.|
 
 ### Windows 11 Enterprise E3 cloud services
 

From 1c8bc9b4dfbd7c4195e0ae4d4fa7e14688848bd5 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 24 Apr 2023 09:43:25 -0400
Subject: [PATCH 010/107] updates

---
 includes/licensing/federated-sign-in.md | 2 +-
 windows/whats-new/TOC.yml               | 2 ++
 windows/whats-new/windows-licensing.md  | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md
index c7fae240e9..199b442cb7 100644
--- a/includes/licensing/federated-sign-in.md
+++ b/includes/licensing/federated-sign-in.md
@@ -15,7 +15,7 @@ The following table lists the Windows editions that support Federated sign-in:
 
 Federated sign-in license entitlements are granted by the following licenses:
 
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
 |No|No|No|Yes|Yes|
 
diff --git a/windows/whats-new/TOC.yml b/windows/whats-new/TOC.yml
index 0e145097a8..20df997f4f 100644
--- a/windows/whats-new/TOC.yml
+++ b/windows/whats-new/TOC.yml
@@ -1,5 +1,7 @@
 - name: What's new in Windows
   href: index.yml
+- name: Windows commercial licensing overview
+  href: windows-licensing.md
 - name: Windows 11
   expanded: true
   items:
diff --git a/windows/whats-new/windows-licensing.md b/windows/whats-new/windows-licensing.md
index 777660223b..aa5e10d6d9 100644
--- a/windows/whats-new/windows-licensing.md
+++ b/windows/whats-new/windows-licensing.md
@@ -68,7 +68,7 @@ Here's an overview of the unique Windows Enterprise edition features, cloud powe
 |-|-|
 |**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard-requirements)**|Protects against user credential harvesting and pass-the-hash attacks or pass the token attacks.|
 |**[Managed Microsoft Defender Application Guard for Microsoft Edge](/deployedge/microsoft-edge-security-windows-defender-application-guard)**| Isolates enterprise-defined untrusted sites with virtualization-based security from Windows, protecting your organization while users browse the Internet.|
-|**[Modern BitLocker Management](h/windows/security/information-protection/bitlocker/bitlocker-overview)** | Allows you to eliminate on-premises tools to monitor and support BitLocker recovery scenarios. |  
+|**[Modern BitLocker Management](/windows/security/information-protection/bitlocker/bitlocker-overview)** | Allows you to eliminate on-premises tools to monitor and support BitLocker recovery scenarios. |  
 |**[Personal Data Encryption](/windows/security/information-protection/personal-data-encryption/overview-pde)**|Encrypts individual's content using Windows Hello for Business to link the encryption keys to user credentials.|
 |**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|Connect remote users to the organization network without the need for traditional VPN connections.|
 |**[Always-On VPN device tunnel](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Benefit from advanced security capabilities to restrict the type of traffic and which applications can use the VPN connection with Always-On VPN device tunnel.|

From db6bc1b8fc9f31a81a6ad9ddc1fe0ba1563a9832 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 24 Apr 2023 18:03:48 -0400
Subject: [PATCH 011/107] licensing doc updates

---
 includes/licensing/federated-sign-in.md |  2 +-
 windows/whats-new/windows-licensing.md  | 49 ++++++++++++-------------
 2 files changed, 25 insertions(+), 26 deletions(-)

diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md
index 199b442cb7..ec70299404 100644
--- a/includes/licensing/federated-sign-in.md
+++ b/includes/licensing/federated-sign-in.md
@@ -17,6 +17,6 @@ Federated sign-in license entitlements are granted by the following licenses:
 
 |Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|No|No|Yes|Yes|
+|Yes|No|No|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/whats-new/windows-licensing.md b/windows/whats-new/windows-licensing.md
index aa5e10d6d9..de738845cb 100644
--- a/windows/whats-new/windows-licensing.md
+++ b/windows/whats-new/windows-licensing.md
@@ -16,15 +16,15 @@ ms.technology: itpro-security
 
 # Windows commercial licensing overview
 
-This document provides an overview of the products and use rights available through commercial licensing, information about the products that are eligible for upgrades, and the key choices you have for using Windows in your organization.
+This document provides an overview of the products and use rights available through Microsoft commercial licensing. Information about the products that are eligible for upgrades, and the key choices you have for using Windows in your organization are also included.
 
 > [!NOTE]
-> This content is not meant to replace or override other licensing documentation, such as the Windows 11 End User License Agreement or [Commercial Licensing Product Terms](https://www.microsoft.com/licensing/product-licensing/products.aspx).
+> The content of this article doesn't replace or override other licensing documentation, such as the Windows 11 End User License Agreement or [Commercial Licensing Product Terms](https://www.microsoft.com/licensing/product-licensing/products.aspx).
 
 ## Windows 11 editions
 
-The following table lists the editions of Windows 11 available through each Microsoft distribution channel.
-
+The following table lists the editions of Windows 11 available through each Microsoft distribution channel:
+ 
 | Full Packaged Product (Retail) | Preinstalled on device (OEM)|Commercial Licensing|
 |-|-|-|
 |Windows 11 Home<br>Windows 11 Pro|Windows 11 Home<br>Windows 11 Pro|Windows 11 Pro<br>Windows 11 Enterprise <br>Windows 11 Enterprise LTSC|
@@ -33,13 +33,13 @@ The following table lists the editions of Windows 11 available through each Micr
 
 The following offerings are available for purchase through [Microsoft Commercial Licensing](https://www.microsoft.com/licensing):
 
-|Product|Description|
-|-|-|
-|Windows 11 Pro Upgrade |Windows 11 Pro is designed for small and medium businesses and enables organizations to manage their devices and apps, protect their business data, facilitate remote and mobile scenarios, and take advantage of the cloud technologies for their organizations. Windows 11 Pro devices are a good choice for organizations that support *choose your own device (CYOD)* programs and *prosumer* customers. The Windows 11 Pro Upgrade in Commercial Licensing upgrades a device from a previous version of Windows Pro|
-|Windows 11 Enterprise E3|Windows 11 Enterprise E3 is a per user subscription available in Commercial Licensing programs, and is intended for large and medium sized organizations. It includes Windows Enterprise edition with cloud-powered capabilities and subscription use rights. Examples include advanced identity protection, the broadest range of options for operating system deployment, update control, and device management. Windows Enterprise E3 is licensed through Commercial Licensing programs and requires Windows Pro as qualifying operating systems.
-|Windows 11 Enterprise E5|Windows 11 Enterprise E5 is for organizations that want to take advantage of everything in Windows 11 Enterprise E3 with the addition of **Microsoft Defender for Endpoint Plan 2**, a service that helps enterprises detect, investigate, and respond to advanced cybersecurity attacks on their endpoints and networks. Windows 11 Enterprise E5 is available per user in Commercial Licensing programs|
-|Windows 10 Enterprise LTSC |Windows 10 Enterprise LTSC is designed for PC systems that have strict change-management policies with only security and critical bug fixes. By using a Long-Term Servicing Channel edition, you can apply monthly Windows 10 security updates for specialized devices while holding back new-feature updates for an extended period of time, up to 5 years. Windows Enterprise LTSC is available in the per user or per device model depending on the Volume Licensing program through witch it is acquired|
-|Windows Virtual Desktop Access (VDA) Subscription License|The Windows VDA subscription license provides the right to access virtual Windows desktop environments from devices that aren't covered by a Commercial Licensing offer that includes VDA rights, such as thin clients. Windows VDA is available on a per device or per user basis|
+|Product|Description|Availability|
+|-|-|-|
+|Windows 11 Pro Upgrade |Windows 11 Pro is designed for small and medium businesses. Windows 11 Pro enables organizations to manage devices and apps, protect their data, facilitate remote and mobile scenarios, while taking advantage of the cloud technologies that support their business. Windows 11 Pro devices are a good choice for organizations that support *choose your own device (CYOD)* programs and *prosumer* customers. | The Windows 11 Pro Upgrade in Commercial Licensing upgrades a device from a previous version of Windows Pro.|
+|Windows 11 Enterprise E3|Windows 11 Enterprise E3 is intended for large and medium-sized organizations. It includes Windows Enterprise edition with cloud-powered capabilities and subscription use rights. Examples include advanced identity protection, the broadest range of options for operating system deployment, update control, and device management. |Windows 11 Enterprise E3 is available **per-user** in Commercial Licensing programs. It requires Windows Pro as qualifying operating systems.|
+|Windows 11 Enterprise E5|Windows 11 Enterprise E5 is for organizations that want to take advantage of everything in Windows 11 Enterprise E3 with the addition of **Microsoft Defender for Endpoint Plan 2**, a service that helps enterprises detect, investigate, and respond to advanced cybersecurity attacks on their endpoints and networks.| Windows 11 Enterprise E5 is available **per-user** in Commercial Licensing programs. It requires Windows Pro as qualifying operating systems.|
+|Windows 10 Enterprise LTSC |Windows 10 Enterprise LTSC is designed for devices that have strict change-management policies with only security and critical bug fixes. By using a Long-Term Servicing Channel edition, you can apply monthly Windows 10 security updates for specialized devices while holding back new-feature updates for an extended period of time, up to five years. | Windows Enterprise LTSC is available in the **per-user** and **per-device** model, depending on the Volume Licensing program through which it's acquired.|
+|Windows Virtual Desktop Access (VDA) Subscription License|The Windows VDA subscription license provides the right to access virtual Windows desktop environments from devices that aren't covered by a Commercial Licensing offer that includes VDA rights, such as thin clients. |Windows VDA is available on a **per-device** and **per-user** basis.|
 
 ## Windows 11 Pro Upgrade license
 
@@ -52,7 +52,7 @@ The Windows 11 Pro Upgrade license is recommended if you want to:
 
 ## Windows 11 Enterprise
 
-There are two core Windows 11 Enterprise offers: **Windows 11 Enterprise E3** and **Windows 11 Enterprise E5**. Each of these can be purchased on a **per-user basis**, and are available only through **Commercial Licensing**, including the **Cloud Solution Provider** program. For details about Windows Enterprise per device, see [per device check out this section of this guide](*TO ADD*)
+There are two core Windows 11 Enterprise offers: **Windows 11 Enterprise E3** and **Windows 11 Enterprise E5**. These offers can be purchased on a **per-user basis**, and are only available through **Commercial Licensing**, including the **Cloud Solution Provider** program. For details about Windows Enterprise per-device, see [per device check out this section of this guide](*TO ADD*)
 
 ### Windows 11 Enterprise E3
 
@@ -60,7 +60,7 @@ Windows 11 Enterprise E3 builds on Windows 11 Pro by adding more advanced featur
 
 Windows 11 Enterprise E3 is usually licensed through Volume Licensing programs and is an upgrade from Windows Pro.
 
-### Windows 11 Enterprise E3 OS features
+### Windows 11 Enterprise E3 features
 
 Here's an overview of the unique Windows Enterprise edition features, cloud powered capabilities, and use rights.
 
@@ -100,7 +100,7 @@ With Windows 11 Enterprise E3, you can take advantage of the following licensing
 |-|-|
 |**Five Windows Instances per licensed user**|Allows your employees to simultaneously use a Windows laptop, a cloud PC and a specialized device with Windows LTSC, and more|
 |**36 months (3 years) support on annual feature releases**|Get extra time to deploy feature releases|
-|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access](/azure/virtual-desktop/prerequisites#operating-systems-and-licenses)**|Empower flexible workstyles and smarter work with the included best-in-class virtualization access rights|
+|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access](/azure/virtual-desktop/prerequisites#operating-systems-and-licenses)**|Empower flexible work styles and smarter work with the included best-in-class virtualization access rights|
 |**Windows LTSC Enterprise**|Intended for highly specialized devices that require limited changes due to regulations and certification|
 |**[Microsoft Desktop Optimization Pack (MDOP) ](/microsoft-desktop-optimization-pack)**|Help improve compatibility and management, reduce support costs, improve asset management, and improve policy control|
 
@@ -136,27 +136,26 @@ The following table lists the Windows 11 Enterprise E3 features, services and us
 
 |Feature, service or use right|Windows Pro|Windows Enterprise|
 |-|-|-|
-|**Windows Defender Credential Guard**||Yes|
-|**Managed Microsoft Defender Application Guard for Microsoft Edge**|Yes|Yes|
-|**Cloud-based BitLocker Management**|Yes|Yes|
-|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**||Yes|
-|**Direct Access**|Yes|Yes|
+|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|No|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|Yes|Yes|
+|**[Cloud-based BitLocker Management](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|
+|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|No|Yes|
+|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|Yes|Yes|
 |**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes <sup>[\[1\]](#Note1)</sup>|Yes|
-|**Application Management GPOs**||Yes|
-|**Windows UI customization (CSP to manage)**||Yes|
+|**Windows UI customization (CSP to manage)**|No|Yes|
 |**Windows Subscription Activation**|Yes|Yes|
-|**Windows Autopatch**|Yes|Yes|
+|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|Yes|Yes|
 |**[Windows Update For Business deployment service](/windows/deployment/update/deployment-service-overview)**|Yes|Yes|
 |**[Universal Print](/universal-print/)**|Yes|Yes|
 |**[Microsoft Connected Cache](/windows/deployment/do/waas-microsoft-connected-cache)**|Yes|Yes|
-|**Endpoint analytics proactive remediation**|Yes|Yes|
-|**[Organizational messages](/mem/intune/remote-actions/organizational-messages-overview)**||Yes|
+|**[Endpoint analytics proactive remediation](/mem/analytics/overview)**|Yes|Yes|
+|**[Organizational messages](/mem/intune/remote-actions/organizational-messages-overview)**|No|Yes|
 |**Feature release support period**| 24 months | 36 months|
 |**Windows feature update device readiness report** <sup>[\[2\]](#Note2)</sup>|Yes|Yes|
 |**Windows feature update compatibility risk report** <sup>[\[2\]](#Note2)</sup>|Yes|Yes|
 |**Microsoft Desktop Optimization Pack (MDOP)**|Yes|Yes|
 
-<sup><a name="Note1"></a>[1]</sup> Device Tunnel requires Enterprise edition.
+<sup><a name="Note1"></a>[1]</sup> Device Tunnel requires Enterprise edition.\
 <sup><a name="Note2"></a>[2]</sup> Intune license required.
 
 ## Next steps

From 0205e5e98d62f69573b8f54b17f3ff5321c850a5 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 25 Apr 2023 07:56:25 -0400
Subject: [PATCH 012/107] updated guidance for marketing

---
 windows/whats-new/windows-licensing.md | 113 ++++++++++++++-----------
 1 file changed, 64 insertions(+), 49 deletions(-)

diff --git a/windows/whats-new/windows-licensing.md b/windows/whats-new/windows-licensing.md
index de738845cb..6ca18ce0bc 100644
--- a/windows/whats-new/windows-licensing.md
+++ b/windows/whats-new/windows-licensing.md
@@ -16,7 +16,7 @@ ms.technology: itpro-security
 
 # Windows commercial licensing overview
 
-This document provides an overview of the products and use rights available through Microsoft commercial licensing. Information about the products that are eligible for upgrades, and the key choices you have for using Windows in your organization are also included.
+This document provides an overview of the products and use rights available through Microsoft commercial licensing, information about the products that are eligible for upgrades, and the key choices you have for using Windows in your organization.
 
 > [!NOTE]
 > The content of this article doesn't replace or override other licensing documentation, such as the Windows 11 End User License Agreement or [Commercial Licensing Product Terms](https://www.microsoft.com/licensing/product-licensing/products.aspx).
@@ -24,7 +24,7 @@ This document provides an overview of the products and use rights available thro
 ## Windows 11 editions
 
 The following table lists the editions of Windows 11 available through each Microsoft distribution channel:
- 
+
 | Full Packaged Product (Retail) | Preinstalled on device (OEM)|Commercial Licensing|
 |-|-|-|
 |Windows 11 Home<br>Windows 11 Pro|Windows 11 Home<br>Windows 11 Pro|Windows 11 Pro<br>Windows 11 Enterprise <br>Windows 11 Enterprise LTSC|
@@ -52,71 +52,73 @@ The Windows 11 Pro Upgrade license is recommended if you want to:
 
 ## Windows 11 Enterprise
 
-There are two core Windows 11 Enterprise offers: **Windows 11 Enterprise E3** and **Windows 11 Enterprise E5**. These offers can be purchased on a **per-user basis**, and are only available through **Commercial Licensing**, including the **Cloud Solution Provider** program. For details about Windows Enterprise per-device, see [per device check out this section of this guide](*TO ADD*)
+There are two core Windows 11 Enterprise offers: **Windows 11 Enterprise E3** and **Windows 11 Enterprise E5**. These offers can be purchased on a **per-user basis**, and are only available through **Commercial Licensing**, including the **Cloud Solution Provider** program.
 
 ### Windows 11 Enterprise E3
 
 Windows 11 Enterprise E3 builds on Windows 11 Pro by adding more advanced features designed to address the needs of large and mid-size organizations. Examples include advanced protection against modern security threats, the broadest range of options for operating system deployment and update, and comprehensive device and app management.
 
-Windows 11 Enterprise E3 is usually licensed through Volume Licensing programs and is an upgrade from Windows Pro.
+> [!NOTE]
+> Windows 11 Enterprise E3 is usually licensed through Volume Licensing programs and is an upgrade from Windows Pro.
 
-### Windows 11 Enterprise E3 features
+#### Windows 11 Enterprise features
 
-Here's an overview of the unique Windows Enterprise edition features, cloud powered capabilities, and use rights.
+Here's an overview of the unique Windows Enterprise edition features:
 
-| Windows Enterprise edition OS based functionality | Description |
+| OS-based feature | Description |
 |-|-|
 |**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard-requirements)**|Protects against user credential harvesting and pass-the-hash attacks or pass the token attacks.|
 |**[Managed Microsoft Defender Application Guard for Microsoft Edge](/deployedge/microsoft-edge-security-windows-defender-application-guard)**| Isolates enterprise-defined untrusted sites with virtualization-based security from Windows, protecting your organization while users browse the Internet.|
 |**[Modern BitLocker Management](/windows/security/information-protection/bitlocker/bitlocker-overview)** | Allows you to eliminate on-premises tools to monitor and support BitLocker recovery scenarios. |  
 |**[Personal Data Encryption](/windows/security/information-protection/personal-data-encryption/overview-pde)**|Encrypts individual's content using Windows Hello for Business to link the encryption keys to user credentials.|
 |**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|Connect remote users to the organization network without the need for traditional VPN connections.|
-|**[Always-On VPN device tunnel](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Benefit from advanced security capabilities to restrict the type of traffic and which applications can use the VPN connection with Always-On VPN device tunnel.|
-|**[Windows UI customization (CSP)](/windows/client-management/mdm/policy-csp-experience)**|Locks down the user experience of frontline workers devices or public kiosks.|
+|**[Always-On VPN device tunnel](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Advanced security capabilities to restrict the type of traffic and which applications can use the VPN connection.|
+|**[Windows Experience customization](/windows/client-management/mdm/policy-csp-experience)**|Settings to lock down the user experience of corporate desktops and Shell Launcher with Unified Write Filter for frontline workers devices or public kiosks.|
 
-### Windows 11 Enterprise E3 cloud services
+#### Windows 11 Enterprise cloud-based capabilities
 
-With Windows 11 Enterprise E3, you can take advantage of the following cloud services:
+Here's an overview of the unique Windows Enterprise edition cloud-based features:
 
-|Cloud-based service | Description |
+|Cloud-based feature | Description |
 |-|-|
-|**Cloud-based BitLocker Management**|Allows you to eliminate on-premises tools to monitor and support recovery scenarios|
-|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**|Enables you to *step-up* from **Windows Pro edition** to **Enterprise edition** in an instant. You can eliminate license key management or deployment of Enterprise edition images|
-|**[Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview)**|Cloud service that puts Microsoft in control of automating updates to Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams|
-|**[Windows Update For Business deployment service](/windows/deployment/update/deployment-service-overview)**|This cloud service gives you the control over the approval, scheduling, and safeguarding of quality, feature upgrades, and driver updates delivered from Windows Update|
-|**[Universal Print](/universal-print/)**|Removes the need for on-premises print servers and enables any endpoint to print to cloud registered printers|
-|Microsoft Connected Cache|A software-only solution that caches app and OS updates on the local network to save internet bandwidth in locations with limited connectivity|
-|**Endpoint analytics proactive remediation**|Helps you fix common support issues before end-users notice issues|
-|**[Organizational messages](/mem/intune/remote-actions/organizational-messages-overview)**|Keeps employees informed with organizational messages directly inserted in Windows UI surfaces|
-|**Windows release health**|Gives you essential information about monthly quality and feature updates in the Microsoft 365 admin center|
-|**[Windows feature update device readiness report](/mem/intune/protect/windows-update-compatibility-reports)**|Provides per-device information about compatibility risks that are associated with an upgrade or update to a chosen version of Windows|
-|**[Windows feature update compatibility risks reports](/mem/intune/protect/windows-update-compatibility-reports)**|Provides a summary view of the top compatibility risks, so you understand which compatibility risks impact the greatest number of devices in your organization|
+|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**|Enables you to *step-up* from **Windows Pro edition** to **Enterprise edition**. You can eliminate license key management and the deployment of Enterprise edition images.|
+|**[Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview)**|Cloud service that puts Microsoft in control of automating updates to Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams.|
+|**[Windows Update For Business deployment service](/windows/deployment/update/deployment-service-overview)**|This cloud service gives you the control over the approval, scheduling, and safeguarding of quality, feature upgrades, and driver updates delivered from Windows Update.|
+|**[Universal Print](/universal-print/)**|Removes the need for on-premises print servers and enables any endpoint to print to cloud registered printers.|
+|**[Microsoft Connected Cache](/windows/deployment/do/waas-delivery-optimization)**|A software solution that caches app and OS updates on the local network to save Internet bandwidth in locations with limited connectivity.|
+|**[Endpoint analytics proactive remediation](/mem/analytics/proactive-remediations)**|Helps you fix common support issues before end-users notice them.|
+|**[Organizational messages](/mem/intune/remote-actions/organizational-messages-overview)**|Keeps employees informed with organizational messages directly inserted in Windows UI surfaces.|
 
-### Windows 11 Enterprise E3 licensing use rights
+#### Windows 11 Enterprise licensing use rights
 
-With Windows 11 Enterprise E3, you can take advantage of the following licensing use rights:
+Here's a list of the Windows Enterprise licensing use rights:
 
 |Licensing use rights|Description|
 |-|-|
-|**Five Windows Instances per licensed user**|Allows your employees to simultaneously use a Windows laptop, a cloud PC and a specialized device with Windows LTSC, and more|
-|**36 months (3 years) support on annual feature releases**|Get extra time to deploy feature releases|
-|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access](/azure/virtual-desktop/prerequisites#operating-systems-and-licenses)**|Empower flexible work styles and smarter work with the included best-in-class virtualization access rights|
-|**Windows LTSC Enterprise**|Intended for highly specialized devices that require limited changes due to regulations and certification|
-|**[Microsoft Desktop Optimization Pack (MDOP) ](/microsoft-desktop-optimization-pack)**|Help improve compatibility and management, reduce support costs, improve asset management, and improve policy control|
+|**[Five Windows instances per licensed user](https://www.microsoft.com/licensing/terms/productoffering/WindowsDesktopOperatingSystem/EAEAS)**|Allows your employees to simultaneously use a Windows laptop, a cloud PC and a specialized device with Windows LTSC, and more.|
+|**[36 months (3 years) support on annual feature releases](/windows/release-health/supported-versions-windows-client#enterprise-and-iot-enterprise-ltsbltsc-editions)**|Get extra time to deploy feature releases.|
+|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access](/azure/virtual-desktop/prerequisites#operating-systems-and-licenses)**|Empower flexible work styles and smarter work with the included virtualization access rights.|
+|**[Windows release health in the Microsoft 365 admin center](https://aka.ms/WindowsReleaseHealthinM365)**|Gives you essential information about monthly quality and feature updates in the Microsoft 365 admin center.|
+|**[Windows feature update device readiness report](/mem/intune/protect/windows-update-compatibility-reports)**|Provides per-device information about compatibility risks that are associated with an upgrade or update to a chosen version of Windows.|
+|**[Windows feature update compatibility risks reports](/mem/intune/protect/windows-update-compatibility-reports)**|Provides a summary view of the top compatibility risks, so you understand which compatibility risks impact the greatest number of devices in your organization.|
+|**[Windows LTSC Enterprise](windows/whats-new/ltsc/)**|Intended for highly specialized devices that require limited changes due to regulations and certification|
+|**[Microsoft Desktop Optimization Pack (MDOP) ](/microsoft-desktop-optimization-pack)**|Help improve compatibility and management, reduce support costs, improve asset management, and improve policy control.|
 
-Learn more about [Windows 11 Enterprise E3]()
+Learn more about [Windows 11 Enterprise E3](https://windows.com/enterprise).
 
 ### Windows 11 Enterprise E5
 
-Windows 11 Enterprise E5 is for organizations that want to take advantage of everything in Windows 11 Enterprise E3 with the addition of **Microsoft Defender for Endpoint Plan 2**, a cloud service that helps enterprises detect, investigate, and respond to advanced cybersecurity attacks on their endpoints and networks. Windows 11 Enterprise E5 is available per user in Commercial Licensing programs.
+Windows 11 Enterprise E5 is for organizations that want to take advantage of everything in Windows 11 Enterprise E3 with the addition of **Microsoft Defender for Endpoint Plan 2**, a cloud service that helps enterprises detect, investigate, and respond to advanced cybersecurity attacks on their endpoints and networks.
 
-Learn more about [Windows 11 Enterprise E5]()
+Building on the existing security defenses in Windows 11, Microsoft Defender for Device provides a post-breach layer of protection to the Windows 11 security stack. With a combination of client technology built into Windows 11 and a robust cloud service, it can help detect threats that have made it past other defenses, provide enterprises with information to investigate the breach across endpoints, and offer response recommendations.
+
+> [!NOTE]
+> Windows 11 Enterprise E5 is available per user in Commercial Licensing programs.
 
 ### Windows Enterprise E3 in Microsoft 365 F3
 
-Windows Enterprise E3 in Microsoft 365 F3 is only sold as part of the full F3 suite, and has all the OS features, and most of the cloud services and use rights included with regular Windows Enterprise E3.
-
-Windows Enterprise E3 in Microsoft 365 F3 doesn't include the following use rights that are included in the regular E3 user subscription license:
+Windows Enterprise E3 subscription license in Microsoft 365 F3 has all the OS features, and most of the cloud services and use rights, included with regular Windows Enterprise E3.
+Windows Enterprise E3 in Microsoft 365 F3 does not include some use rights previously included in Software Assurance benefits that come with the regular E3 user subscription license. F3 does not come with:
 
 - Microsoft Desktop Optimization Pack (MDOP)
 - Windows LTSC Enterprise
@@ -134,30 +136,43 @@ In these cases, you want the PC to be configured, secured, monitored, and update
 
 The following table lists the Windows 11 Enterprise E3 features, services and use rights and their applicability to Windows Pro and Enterprise editions:
 
-|Feature, service or use right|Windows Pro|Windows Enterprise|
+| OS-based feature |Windows Pro|Windows Enterprise|
 |-|-|-|
 |**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|No|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|Yes|Yes|
-|**[Cloud-based BitLocker Management](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Microsoft Edge](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|Yes|Yes|
+|**[Modern BitLocker Management](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|
 |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|No|Yes|
 |**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|Yes|Yes|
-|**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes <sup>[\[1\]](#Note1)</sup>|Yes|
-|**Windows UI customization (CSP to manage)**|No|Yes|
-|**Windows Subscription Activation**|Yes|Yes|
+|**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|
+|**[Windows Experience customization](/windows/client-management/mdm/policy-csp-experience)**|No|Yes|
+
+| Cloud-based feature |Windows Pro|Windows Enterprise|
+|-|-|-|
+|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**|Yes|Yes|
 |**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|Yes|Yes|
 |**[Windows Update For Business deployment service](/windows/deployment/update/deployment-service-overview)**|Yes|Yes|
 |**[Universal Print](/universal-print/)**|Yes|Yes|
 |**[Microsoft Connected Cache](/windows/deployment/do/waas-microsoft-connected-cache)**|Yes|Yes|
 |**[Endpoint analytics proactive remediation](/mem/analytics/overview)**|Yes|Yes|
 |**[Organizational messages](/mem/intune/remote-actions/organizational-messages-overview)**|No|Yes|
-|**Feature release support period**| 24 months | 36 months|
-|**Windows feature update device readiness report** <sup>[\[2\]](#Note2)</sup>|Yes|Yes|
-|**Windows feature update compatibility risk report** <sup>[\[2\]](#Note2)</sup>|Yes|Yes|
-|**Microsoft Desktop Optimization Pack (MDOP)**|Yes|Yes|
 
-<sup><a name="Note1"></a>[1]</sup> Device Tunnel requires Enterprise edition.\
-<sup><a name="Note2"></a>[2]</sup> Intune license required.
+|Licensing use rights|Windows Pro|Windows Enterprise|
+|-|-|-|
+|**[Five Windows instances per licensed user](https://www.microsoft.com/licensing/terms/productoffering/WindowsDesktopOperatingSystem/EAEAS)**|n/a|n/a|
+|**[36 months (3 years) support on annual feature releases](/windows/release-health/supported-versions-windows-client#enterprise-and-iot-enterprise-ltsbltsc-editions)**|No|Yes|
+|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access](/azure/virtual-desktop/prerequisites#operating-systems-and-licenses)**|n/a|n/a|
+|**[Windows release health in the Microsoft 365 admin center](https://aka.ms/WindowsReleaseHealthinM365)**|n/a|n/a|
+|**[Windows feature update device readiness report](/mem/intune/protect/windows-update-compatibility-reports)**|Yes|Yes|
+|**[Windows feature update compatibility risks reports](/mem/intune/protect/windows-update-compatibility-reports)**|Yes|Yes|
+|**[Windows LTSC Enterprise](windows/whats-new/ltsc/)**|n/a|n/a|
+|**[Microsoft Desktop Optimization Pack (MDOP) ](/microsoft-desktop-optimization-pack)**|Yes|Yes|
 
 ## Next steps
 
-To learn more about Windows 11 Enterprise E3 and E5, see [Windows 11 Enterprise E3 and E5](/windows/deployment/windows-11-enterprise-e3-e5).
\ No newline at end of file
+To learn more about Windows 11 Enterprise E3 and E5 licensing, download the [Windows 11 licensing guide](https://aka.ms/WindowsLicensingGuide). The guide provides additional information to complement the information in this article, including:
+
+- Description of qualifying operating systems
+- Availability of Windows desktop operating system products in licensing programs
+- Deciding between per-device and per-user licensing
+- Windows 11 downgrade rights
+- Volume license activation methods

From a1b6031f68daa528eacce9176861c28d2374a2b6 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 25 Apr 2023 07:58:55 -0400
Subject: [PATCH 013/107] updated guidance for marketing

---
 windows/whats-new/windows-licensing.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/whats-new/windows-licensing.md b/windows/whats-new/windows-licensing.md
index 6ca18ce0bc..c051375040 100644
--- a/windows/whats-new/windows-licensing.md
+++ b/windows/whats-new/windows-licensing.md
@@ -14,9 +14,9 @@ appliesto:
 ms.technology: itpro-security
 ---
 
-# Windows commercial licensing overview
+# Windows Commercial Licensing overview
 
-This document provides an overview of the products and use rights available through Microsoft commercial licensing, information about the products that are eligible for upgrades, and the key choices you have for using Windows in your organization.
+This document provides an overview of the products and use rights available through Microsoft Commercial Licensing, information about the products that are eligible for upgrades, and the key choices you have for using Windows in your organization.
 
 > [!NOTE]
 > The content of this article doesn't replace or override other licensing documentation, such as the Windows 11 End User License Agreement or [Commercial Licensing Product Terms](https://www.microsoft.com/licensing/product-licensing/products.aspx).
@@ -176,3 +176,5 @@ To learn more about Windows 11 Enterprise E3 and E5 licensing, download the [Win
 - Deciding between per-device and per-user licensing
 - Windows 11 downgrade rights
 - Volume license activation methods
+- How to acquire licenses through Commercial Licensing
+

From c1cc14a073f11231b5150a2763132c5141c3c6e6 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 25 Apr 2023 10:14:57 -0400
Subject: [PATCH 014/107] TOC updates

---
 windows/whats-new/TOC.yml              | 4 ++--
 windows/whats-new/index.yml            | 2 ++
 windows/whats-new/windows-licensing.md | 4 ++--
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/windows/whats-new/TOC.yml b/windows/whats-new/TOC.yml
index 20df997f4f..b3ff701a34 100644
--- a/windows/whats-new/TOC.yml
+++ b/windows/whats-new/TOC.yml
@@ -1,7 +1,5 @@
 - name: What's new in Windows
   href: index.yml
-- name: Windows commercial licensing overview
-  href: windows-licensing.md
 - name: Windows 11
   expanded: true
   items:
@@ -26,6 +24,8 @@
       href: whats-new-windows-10-version-21H1.md
     - name: What's new in Windows 10, version 20H2
       href: whats-new-windows-10-version-20H2.md
+- name: Windows commercial licensing overview
+  href: windows-licensing.md
 - name: Deprecated and removed Windows features
   expanded: false
   items:
diff --git a/windows/whats-new/index.yml b/windows/whats-new/index.yml
index c988c8ebb4..f11b6dbc0c 100644
--- a/windows/whats-new/index.yml
+++ b/windows/whats-new/index.yml
@@ -32,6 +32,8 @@ landingContent:
             url: windows-11-plan.md
           - text: Prepare for Windows 11
             url: windows-11-prepare.md
+          - text: Windows commercial licensing overview
+            url: windows-licensing.md
 
   - title: Windows 10
     linkLists:
diff --git a/windows/whats-new/windows-licensing.md b/windows/whats-new/windows-licensing.md
index c051375040..e9a0732e66 100644
--- a/windows/whats-new/windows-licensing.md
+++ b/windows/whats-new/windows-licensing.md
@@ -101,7 +101,7 @@ Here's a list of the Windows Enterprise licensing use rights:
 |**[Windows release health in the Microsoft 365 admin center](https://aka.ms/WindowsReleaseHealthinM365)**|Gives you essential information about monthly quality and feature updates in the Microsoft 365 admin center.|
 |**[Windows feature update device readiness report](/mem/intune/protect/windows-update-compatibility-reports)**|Provides per-device information about compatibility risks that are associated with an upgrade or update to a chosen version of Windows.|
 |**[Windows feature update compatibility risks reports](/mem/intune/protect/windows-update-compatibility-reports)**|Provides a summary view of the top compatibility risks, so you understand which compatibility risks impact the greatest number of devices in your organization.|
-|**[Windows LTSC Enterprise](windows/whats-new/ltsc/)**|Intended for highly specialized devices that require limited changes due to regulations and certification|
+|**[Windows LTSC Enterprise](/windows/whats-new/ltsc/)**|Intended for highly specialized devices that require limited changes due to regulations and certification|
 |**[Microsoft Desktop Optimization Pack (MDOP) ](/microsoft-desktop-optimization-pack)**|Help improve compatibility and management, reduce support costs, improve asset management, and improve policy control.|
 
 Learn more about [Windows 11 Enterprise E3](https://windows.com/enterprise).
@@ -164,7 +164,7 @@ The following table lists the Windows 11 Enterprise E3 features, services and us
 |**[Windows release health in the Microsoft 365 admin center](https://aka.ms/WindowsReleaseHealthinM365)**|n/a|n/a|
 |**[Windows feature update device readiness report](/mem/intune/protect/windows-update-compatibility-reports)**|Yes|Yes|
 |**[Windows feature update compatibility risks reports](/mem/intune/protect/windows-update-compatibility-reports)**|Yes|Yes|
-|**[Windows LTSC Enterprise](windows/whats-new/ltsc/)**|n/a|n/a|
+|**[Windows LTSC Enterprise](/windows/whats-new/ltsc/)**|n/a|n/a|
 |**[Microsoft Desktop Optimization Pack (MDOP) ](/microsoft-desktop-optimization-pack)**|Yes|Yes|
 
 ## Next steps

From d349f7962ca2017467bf83953ccc9c35ffab732b Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 25 Apr 2023 11:14:36 -0400
Subject: [PATCH 015/107] updates

---
 windows/whats-new/windows-licensing.md | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/windows/whats-new/windows-licensing.md b/windows/whats-new/windows-licensing.md
index e9a0732e66..5081043db0 100644
--- a/windows/whats-new/windows-licensing.md
+++ b/windows/whats-new/windows-licensing.md
@@ -63,7 +63,7 @@ Windows 11 Enterprise E3 builds on Windows 11 Pro by adding more advanced featur
 
 #### Windows 11 Enterprise features
 
-Here's an overview of the unique Windows Enterprise edition features:
+The following table describes the unique Windows Enterprise edition features:
 
 | OS-based feature | Description |
 |-|-|
@@ -77,7 +77,7 @@ Here's an overview of the unique Windows Enterprise edition features:
 
 #### Windows 11 Enterprise cloud-based capabilities
 
-Here's an overview of the unique Windows Enterprise edition cloud-based features:
+The following table describes the unique Windows Enterprise cloud-based features:
 
 |Cloud-based feature | Description |
 |-|-|
@@ -91,7 +91,7 @@ Here's an overview of the unique Windows Enterprise edition cloud-based features
 
 #### Windows 11 Enterprise licensing use rights
 
-Here's a list of the Windows Enterprise licensing use rights:
+The following table describes the Windows Enterprise licensing use rights:
 
 |Licensing use rights|Description|
 |-|-|
@@ -134,7 +134,7 @@ In most cases, the Windows Pro edition comes pre-installed on a business-class d
 
 In these cases, you want the PC to be configured, secured, monitored, and updated with the enterprise management and security tools that come with the Windows Enterprise user subscription. Your Windows Enterprise E3 subscriptions does not block these scenarios.
 
-The following table lists the Windows 11 Enterprise E3 features, services and use rights and their applicability to Windows Pro and Enterprise editions:
+The following table lists the Windows 11 Enterprise features and their applicability to Windows Pro and Enterprise editions:
 
 | OS-based feature |Windows Pro|Windows Enterprise|
 |-|-|-|
@@ -146,6 +146,8 @@ The following table lists the Windows 11 Enterprise E3 features, services and us
 |**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|
 |**[Windows Experience customization](/windows/client-management/mdm/policy-csp-experience)**|No|Yes|
 
+The following table lists the Windows 11 Enterprise cloud-based features and their applicability to Windows Pro and Enterprise editions:
+
 | Cloud-based feature |Windows Pro|Windows Enterprise|
 |-|-|-|
 |**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**|Yes|Yes|
@@ -156,6 +158,8 @@ The following table lists the Windows 11 Enterprise E3 features, services and us
 |**[Endpoint analytics proactive remediation](/mem/analytics/overview)**|Yes|Yes|
 |**[Organizational messages](/mem/intune/remote-actions/organizational-messages-overview)**|No|Yes|
 
+The following table lists the Windows 11 Enterprise E3 licensing use rights and their applicability to Windows Pro and Enterprise editions:
+
 |Licensing use rights|Windows Pro|Windows Enterprise|
 |-|-|-|
 |**[Five Windows instances per licensed user](https://www.microsoft.com/licensing/terms/productoffering/WindowsDesktopOperatingSystem/EAEAS)**|n/a|n/a|
@@ -177,4 +181,3 @@ To learn more about Windows 11 Enterprise E3 and E5 licensing, download the [Win
 - Windows 11 downgrade rights
 - Volume license activation methods
 - How to acquire licenses through Commercial Licensing
-

From 4170bb09584922762af2a26608a204c2b9fe2afb Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 25 Apr 2023 11:39:54 -0400
Subject: [PATCH 016/107] upload new include files

---
 includes/licensing/_edition-requirements.md   | 10 +++------
 includes/licensing/_licensing-requirements.md | 10 +++------
 .../licensing/access-control-aclsscals.md     |  2 +-
 includes/licensing/account-lockout-policy.md  |  2 +-
 ...-vpn.md => always-on-vpn-device-tunnel.md} | 10 ++++-----
 includes/licensing/applocker.md               | 22 -------------------
 .../licensing/assigned-access-kiosk-mode.md   |  2 +-
 .../licensing/attack-surface-reduction-asr.md |  2 +-
 ...d-azure-ad-join-with-single-sign-on-sso.md |  2 +-
 includes/licensing/bitlocker.md               |  2 +-
 ...tooth-pairing-and-connection-protection.md |  2 +-
 .../common-criteria-certifications.md         |  2 +-
 .../licensing/controlled-folder-access.md     |  2 +-
 .../device-health-attestation-service.md      |  2 +-
 includes/licensing/direct-access.md           |  2 +-
 includes/licensing/email-encryption-smime.md  |  2 +-
 includes/licensing/encrypted-hard-drive.md    |  2 +-
 includes/licensing/endpoint-analytics.md      | 22 -------------------
 ...ed-phishing-protection-with-smartscreen.md |  2 +-
 includes/licensing/exploit-protection.md      |  2 +-
 ...fast-identity-online-fido2-security-key.md |  2 +-
 ...processing-standard-fips-140-validation.md |  2 +-
 includes/licensing/federated-sign-in.md       |  2 +-
 .../hardware-enforced-stack-protection.md     |  2 +-
 ...ypervisor-protected-code-integrity-hvci.md |  2 +-
 ...nel-direct-memory-access-dma-protection.md |  2 +-
 .../local-administrator-password-solution.md  |  2 +-
 ...local-security-authority-lsa-protection.md |  2 +-
 ...-device-management-mdm-and-group-policy.md |  2 +-
 includes/licensing/measured-boot.md           |  2 +-
 .../licensing/microsoft-defender-antivirus.md |  2 +-
 ...pplication-guard-mdag-configure-via-mdm.md |  2 +-
 ...terprise-mode-and-enterprise-management.md |  2 +-
 ...ion-guard-mdag-for-edge-standalone-mode.md |  2 +-
 ...ication-guard-mdag-for-microsoft-office.md |  2 +-
 ...nder-application-guard-mdag-public-apis.md |  2 +-
 .../microsoft-defender-for-endpoint.md        |  2 +-
 .../microsoft-defender-smartscreen.md         |  2 +-
 .../microsoft-pluton-security-processor.md    |  2 +-
 .../microsoft-vulnerable-driver-blocklist.md  |  2 +-
 .../opportunistic-wireless-encryption-owe.md  |  2 +-
 .../licensing/personal-data-encryption-pde.md |  2 +-
 includes/licensing/privacy-resource-usage.md  |  2 +-
 .../privacy-transparency-and-controls.md      |  2 +-
 .../licensing/remote-wipe-autopilot-reset.md  |  2 +-
 .../licensing/secure-boot-and-trusted-boot.md |  2 +-
 .../secured-core-configuration-lock.md        |  2 +-
 includes/licensing/secured-core-pc.md         |  2 +-
 .../security-baselines-with-intune.md         |  2 +-
 .../server-message-block-direct-smb-direct.md |  2 +-
 .../server-message-block-smb-file-service.md  |  2 +-
 includes/licensing/smart-app-control.md       |  2 +-
 .../smart-cards-for-windows-service.md        |  2 +-
 .../tamper-protection-settings-for-mde.md     |  2 +-
 .../licensing/transport-layer-security-tls.md |  2 +-
 .../trusted-platform-module-tpm-20.md         |  2 +-
 includes/licensing/universal-print.md         |  2 +-
 .../licensing/user-account-control-uac.md     |  2 +-
 .../licensing/virtual-private-network-vpn.md  |  2 +-
 .../virtualization-based-security-vbs.md      |  2 +-
 includes/licensing/wifi-security.md           |  2 +-
 includes/licensing/windows-autopatch.md       |  2 +-
 includes/licensing/windows-autopilot.md       |  2 +-
 includes/licensing/windows-containers.md      |  2 +-
 ...ndows-defender-application-control-wdac.md |  2 +-
 .../windows-defender-credential-guard.md      |  6 ++---
 ...indows-defender-remote-credential-guard.md |  2 +-
 .../windows-defender-system-guard.md          |  2 +-
 ...eature-and-expedite-updates-with-intune.md | 22 -------------------
 includes/licensing/windows-firewall.md        |  2 +-
 ...-business-enhanced-security-sign-in-ess.md |  2 +-
 .../licensing/windows-hello-for-business.md   |  2 +-
 .../licensing/windows-presence-sensing.md     |  2 +-
 includes/licensing/windows-sandbox.md         |  2 +-
 ...s-security-policy-settings-and-auditing.md |  2 +-
 .../licensing/windows-update-for-business.md  | 22 -------------------
 76 files changed, 82 insertions(+), 178 deletions(-)
 rename includes/licensing/{always-on-vpn.md => always-on-vpn-device-tunnel.md} (76%)
 delete mode 100644 includes/licensing/applocker.md
 delete mode 100644 includes/licensing/endpoint-analytics.md
 delete mode 100644 includes/licensing/windows-feature-and-expedite-updates-with-intune.md
 delete mode 100644 includes/licensing/windows-update-for-business.md

diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md
index ab8bd9523f..44babf0f4d 100644
--- a/includes/licensing/_edition-requirements.md
+++ b/includes/licensing/_edition-requirements.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
@@ -11,8 +11,7 @@ The following table lists the security features that are available in Windows, a
 |:---|:---:|:---:|:---:|:---:|
 |**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|
-|**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|Yes|Yes|
-|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|Yes|Yes|Yes|Yes|
+|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|No|Yes|No|Yes|
 |**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|
 |**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|
 |**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|
@@ -24,7 +23,6 @@ The following table lists the security features that are available in Windows, a
 |**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|No|Yes|No|Yes|
 |**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|
 |**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|
-|**[Endpoint Analytics](/mem/analytics/overview)**|Yes|Yes|Yes|Yes|
 |**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|
 |**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|
 |**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|
@@ -72,14 +70,12 @@ The following table lists the security features that are available in Windows, a
 |**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|
 |**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|
 |**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
-|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|Yes|Yes|Yes|Yes|
+|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|No|Yes|No|Yes|
 |**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|
 |**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|
-|**[Windows feature and expedite updates with Intune](/mem/intune/protect/windows-10-feature-updates)**|Yes|Yes|Yes|Yes|
 |**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|
 |**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|
 |**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|
 |**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|
-|**[Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb)**|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md
index dbdbf770cb..540d341e79 100644
--- a/includes/licensing/_licensing-requirements.md
+++ b/includes/licensing/_licensing-requirements.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
@@ -11,8 +11,7 @@ The following table lists the security features that are available in Windows, a
 |:---|:---:|:---:|:---:|:---:|:---:|
 |**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes|
-|**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|Yes|Yes|Yes|
-|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|No|Yes|Yes|Yes|Yes|
 |**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes|
 |**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes|
 |**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes|
@@ -24,7 +23,6 @@ The following table lists the security features that are available in Windows, a
 |**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|No|Yes|Yes|Yes|Yes|
 |**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|Yes|
 |**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|Yes|
-|**[Endpoint Analytics](/mem/analytics/overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|Yes|
 |**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes|
 |**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|Yes|
@@ -72,14 +70,12 @@ The following table lists the security features that are available in Windows, a
 |**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|No|Yes|Yes|Yes|Yes|
 |**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows feature and expedite updates with Intune](/mem/intune/protect/windows-10-feature-updates)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb)**|Yes|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/access-control-aclsscals.md b/includes/licensing/access-control-aclsscals.md
index 1e7eb6a0db..028929c987 100644
--- a/includes/licensing/access-control-aclsscals.md
+++ b/includes/licensing/access-control-aclsscals.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/account-lockout-policy.md b/includes/licensing/account-lockout-policy.md
index 12dcc49ff8..9d28314c22 100644
--- a/includes/licensing/account-lockout-policy.md
+++ b/includes/licensing/account-lockout-policy.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/always-on-vpn.md b/includes/licensing/always-on-vpn-device-tunnel.md
similarity index 76%
rename from includes/licensing/always-on-vpn.md
rename to includes/licensing/always-on-vpn-device-tunnel.md
index 2b8f7aee3b..165e3355ce 100644
--- a/includes/licensing/always-on-vpn.md
+++ b/includes/licensing/always-on-vpn-device-tunnel.md
@@ -1,22 +1,22 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Always On VPN:
+The following table lists the Windows editions that support Always On VPN (device tunnel):
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
+|No|Yes|No|Yes|
 
-Always On VPN license entitlements are granted by the following licenses:
+Always On VPN (device tunnel) license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/applocker.md b/includes/licensing/applocker.md
deleted file mode 100644
index be5b604415..0000000000
--- a/includes/licensing/applocker.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/24/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support AppLocker:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-AppLocker license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/assigned-access-kiosk-mode.md b/includes/licensing/assigned-access-kiosk-mode.md
index 5f14b61a00..0aacfd0d54 100644
--- a/includes/licensing/assigned-access-kiosk-mode.md
+++ b/includes/licensing/assigned-access-kiosk-mode.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/attack-surface-reduction-asr.md b/includes/licensing/attack-surface-reduction-asr.md
index 0e3933d81d..bdfa84be11 100644
--- a/includes/licensing/attack-surface-reduction-asr.md
+++ b/includes/licensing/attack-surface-reduction-asr.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
index e13b6a640a..a2348b9f96 100644
--- a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
+++ b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/bitlocker.md b/includes/licensing/bitlocker.md
index 9bf2d9c6d7..e1d0482a14 100644
--- a/includes/licensing/bitlocker.md
+++ b/includes/licensing/bitlocker.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/bluetooth-pairing-and-connection-protection.md b/includes/licensing/bluetooth-pairing-and-connection-protection.md
index 06958f780c..ea7d847692 100644
--- a/includes/licensing/bluetooth-pairing-and-connection-protection.md
+++ b/includes/licensing/bluetooth-pairing-and-connection-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/common-criteria-certifications.md b/includes/licensing/common-criteria-certifications.md
index e53d1744e5..67da2eaa80 100644
--- a/includes/licensing/common-criteria-certifications.md
+++ b/includes/licensing/common-criteria-certifications.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/controlled-folder-access.md b/includes/licensing/controlled-folder-access.md
index b6be3c1f48..6e8429962d 100644
--- a/includes/licensing/controlled-folder-access.md
+++ b/includes/licensing/controlled-folder-access.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/device-health-attestation-service.md b/includes/licensing/device-health-attestation-service.md
index 1c6e31f416..180599b676 100644
--- a/includes/licensing/device-health-attestation-service.md
+++ b/includes/licensing/device-health-attestation-service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/direct-access.md b/includes/licensing/direct-access.md
index b8fc0e111b..32f1858423 100644
--- a/includes/licensing/direct-access.md
+++ b/includes/licensing/direct-access.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/email-encryption-smime.md b/includes/licensing/email-encryption-smime.md
index 28a80e6a6f..1e613f7ea7 100644
--- a/includes/licensing/email-encryption-smime.md
+++ b/includes/licensing/email-encryption-smime.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/encrypted-hard-drive.md b/includes/licensing/encrypted-hard-drive.md
index c27a213efe..7f8eabb4fc 100644
--- a/includes/licensing/encrypted-hard-drive.md
+++ b/includes/licensing/encrypted-hard-drive.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/endpoint-analytics.md b/includes/licensing/endpoint-analytics.md
deleted file mode 100644
index a48f4aa305..0000000000
--- a/includes/licensing/endpoint-analytics.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/24/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Endpoint Analytics:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Endpoint Analytics license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
index f2ab4fadb5..c050417d86 100644
--- a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
+++ b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/exploit-protection.md b/includes/licensing/exploit-protection.md
index 6c3097eed1..ee0105c7aa 100644
--- a/includes/licensing/exploit-protection.md
+++ b/includes/licensing/exploit-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/fast-identity-online-fido2-security-key.md b/includes/licensing/fast-identity-online-fido2-security-key.md
index f9ab563138..1fac120af3 100644
--- a/includes/licensing/fast-identity-online-fido2-security-key.md
+++ b/includes/licensing/fast-identity-online-fido2-security-key.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/federal-information-processing-standard-fips-140-validation.md b/includes/licensing/federal-information-processing-standard-fips-140-validation.md
index 6d0fe1073e..4f43d3d758 100644
--- a/includes/licensing/federal-information-processing-standard-fips-140-validation.md
+++ b/includes/licensing/federal-information-processing-standard-fips-140-validation.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md
index ec70299404..c1d9f41946 100644
--- a/includes/licensing/federated-sign-in.md
+++ b/includes/licensing/federated-sign-in.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/hardware-enforced-stack-protection.md b/includes/licensing/hardware-enforced-stack-protection.md
index 03b7d58bec..7d197bf299 100644
--- a/includes/licensing/hardware-enforced-stack-protection.md
+++ b/includes/licensing/hardware-enforced-stack-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/hypervisor-protected-code-integrity-hvci.md b/includes/licensing/hypervisor-protected-code-integrity-hvci.md
index 54ba02daf3..659a1e1a0f 100644
--- a/includes/licensing/hypervisor-protected-code-integrity-hvci.md
+++ b/includes/licensing/hypervisor-protected-code-integrity-hvci.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/kernel-direct-memory-access-dma-protection.md b/includes/licensing/kernel-direct-memory-access-dma-protection.md
index 144db7a0e2..c07f32a3f1 100644
--- a/includes/licensing/kernel-direct-memory-access-dma-protection.md
+++ b/includes/licensing/kernel-direct-memory-access-dma-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/local-administrator-password-solution.md b/includes/licensing/local-administrator-password-solution.md
index e3722c8252..a7f5eb6aba 100644
--- a/includes/licensing/local-administrator-password-solution.md
+++ b/includes/licensing/local-administrator-password-solution.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/local-security-authority-lsa-protection.md b/includes/licensing/local-security-authority-lsa-protection.md
index 0f79870132..f6b948f1a1 100644
--- a/includes/licensing/local-security-authority-lsa-protection.md
+++ b/includes/licensing/local-security-authority-lsa-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
index 4701881ed3..d0c8d30dd4 100644
--- a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
+++ b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/measured-boot.md b/includes/licensing/measured-boot.md
index 94b7d51eba..873dd51db8 100644
--- a/includes/licensing/measured-boot.md
+++ b/includes/licensing/measured-boot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-antivirus.md b/includes/licensing/microsoft-defender-antivirus.md
index 28524e3540..08df5e0218 100644
--- a/includes/licensing/microsoft-defender-antivirus.md
+++ b/includes/licensing/microsoft-defender-antivirus.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
index 7e96c9d671..e754997c7a 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
index ce29877baf..9dc9d2c111 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
index 610e7bb63a..fe5677e4eb 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
index 472914659e..3cbb70aa69 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
index a80d9499b3..eeaf93367e 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-for-endpoint.md b/includes/licensing/microsoft-defender-for-endpoint.md
index a1e6da35dc..312be13a46 100644
--- a/includes/licensing/microsoft-defender-for-endpoint.md
+++ b/includes/licensing/microsoft-defender-for-endpoint.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-smartscreen.md b/includes/licensing/microsoft-defender-smartscreen.md
index ec626ac07a..ff95861177 100644
--- a/includes/licensing/microsoft-defender-smartscreen.md
+++ b/includes/licensing/microsoft-defender-smartscreen.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-pluton-security-processor.md b/includes/licensing/microsoft-pluton-security-processor.md
index 58bc9363a0..d0f93bcb7c 100644
--- a/includes/licensing/microsoft-pluton-security-processor.md
+++ b/includes/licensing/microsoft-pluton-security-processor.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-vulnerable-driver-blocklist.md b/includes/licensing/microsoft-vulnerable-driver-blocklist.md
index 2dcc3fb136..98dd69ad55 100644
--- a/includes/licensing/microsoft-vulnerable-driver-blocklist.md
+++ b/includes/licensing/microsoft-vulnerable-driver-blocklist.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/opportunistic-wireless-encryption-owe.md b/includes/licensing/opportunistic-wireless-encryption-owe.md
index b2919a0d31..953cb81211 100644
--- a/includes/licensing/opportunistic-wireless-encryption-owe.md
+++ b/includes/licensing/opportunistic-wireless-encryption-owe.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/personal-data-encryption-pde.md b/includes/licensing/personal-data-encryption-pde.md
index f8cf940fc8..5626b57d96 100644
--- a/includes/licensing/personal-data-encryption-pde.md
+++ b/includes/licensing/personal-data-encryption-pde.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/privacy-resource-usage.md b/includes/licensing/privacy-resource-usage.md
index 6ee4c2b844..2bea08f5e1 100644
--- a/includes/licensing/privacy-resource-usage.md
+++ b/includes/licensing/privacy-resource-usage.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/privacy-transparency-and-controls.md b/includes/licensing/privacy-transparency-and-controls.md
index 4a1ea93b6f..2fec75d8c4 100644
--- a/includes/licensing/privacy-transparency-and-controls.md
+++ b/includes/licensing/privacy-transparency-and-controls.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/remote-wipe-autopilot-reset.md b/includes/licensing/remote-wipe-autopilot-reset.md
index 7448bbca80..c68c8ad2ed 100644
--- a/includes/licensing/remote-wipe-autopilot-reset.md
+++ b/includes/licensing/remote-wipe-autopilot-reset.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/secure-boot-and-trusted-boot.md b/includes/licensing/secure-boot-and-trusted-boot.md
index 66486b3820..53b48d99cc 100644
--- a/includes/licensing/secure-boot-and-trusted-boot.md
+++ b/includes/licensing/secure-boot-and-trusted-boot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/secured-core-configuration-lock.md b/includes/licensing/secured-core-configuration-lock.md
index 1bf49404f9..dddf8843a4 100644
--- a/includes/licensing/secured-core-configuration-lock.md
+++ b/includes/licensing/secured-core-configuration-lock.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/secured-core-pc.md b/includes/licensing/secured-core-pc.md
index 49111cf0e9..8fca64cb2c 100644
--- a/includes/licensing/secured-core-pc.md
+++ b/includes/licensing/secured-core-pc.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/security-baselines-with-intune.md b/includes/licensing/security-baselines-with-intune.md
index d1bbd124cd..43b5f384ab 100644
--- a/includes/licensing/security-baselines-with-intune.md
+++ b/includes/licensing/security-baselines-with-intune.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/server-message-block-direct-smb-direct.md b/includes/licensing/server-message-block-direct-smb-direct.md
index 4f550f7615..1b76968707 100644
--- a/includes/licensing/server-message-block-direct-smb-direct.md
+++ b/includes/licensing/server-message-block-direct-smb-direct.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/server-message-block-smb-file-service.md b/includes/licensing/server-message-block-smb-file-service.md
index 949799af17..f39db20a54 100644
--- a/includes/licensing/server-message-block-smb-file-service.md
+++ b/includes/licensing/server-message-block-smb-file-service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/smart-app-control.md b/includes/licensing/smart-app-control.md
index ec15bdb692..cfb6c198a6 100644
--- a/includes/licensing/smart-app-control.md
+++ b/includes/licensing/smart-app-control.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/smart-cards-for-windows-service.md b/includes/licensing/smart-cards-for-windows-service.md
index 65d38875b0..b7a9d46f11 100644
--- a/includes/licensing/smart-cards-for-windows-service.md
+++ b/includes/licensing/smart-cards-for-windows-service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/tamper-protection-settings-for-mde.md b/includes/licensing/tamper-protection-settings-for-mde.md
index 11a2824f53..06a01236ec 100644
--- a/includes/licensing/tamper-protection-settings-for-mde.md
+++ b/includes/licensing/tamper-protection-settings-for-mde.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/transport-layer-security-tls.md b/includes/licensing/transport-layer-security-tls.md
index dceb1635ec..d0f2b933b2 100644
--- a/includes/licensing/transport-layer-security-tls.md
+++ b/includes/licensing/transport-layer-security-tls.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/trusted-platform-module-tpm-20.md b/includes/licensing/trusted-platform-module-tpm-20.md
index eae4c2e538..4b5197dd74 100644
--- a/includes/licensing/trusted-platform-module-tpm-20.md
+++ b/includes/licensing/trusted-platform-module-tpm-20.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/universal-print.md b/includes/licensing/universal-print.md
index 9a952fc23f..46f0afd2c6 100644
--- a/includes/licensing/universal-print.md
+++ b/includes/licensing/universal-print.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/user-account-control-uac.md b/includes/licensing/user-account-control-uac.md
index 4e28d74263..dca8cb0915 100644
--- a/includes/licensing/user-account-control-uac.md
+++ b/includes/licensing/user-account-control-uac.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/virtual-private-network-vpn.md b/includes/licensing/virtual-private-network-vpn.md
index 6ca8c3ddd5..61de672ee8 100644
--- a/includes/licensing/virtual-private-network-vpn.md
+++ b/includes/licensing/virtual-private-network-vpn.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/virtualization-based-security-vbs.md b/includes/licensing/virtualization-based-security-vbs.md
index 73f9b4ae28..de05ea5d8e 100644
--- a/includes/licensing/virtualization-based-security-vbs.md
+++ b/includes/licensing/virtualization-based-security-vbs.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/wifi-security.md b/includes/licensing/wifi-security.md
index 528d3e8873..9507a7618a 100644
--- a/includes/licensing/wifi-security.md
+++ b/includes/licensing/wifi-security.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-autopatch.md b/includes/licensing/windows-autopatch.md
index c9d890fb98..f67e2b5216 100644
--- a/includes/licensing/windows-autopatch.md
+++ b/includes/licensing/windows-autopatch.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-autopilot.md b/includes/licensing/windows-autopilot.md
index d0ea1ecca1..9c57cdb899 100644
--- a/includes/licensing/windows-autopilot.md
+++ b/includes/licensing/windows-autopilot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-containers.md b/includes/licensing/windows-containers.md
index e9df23b0f1..0e4df6dcb8 100644
--- a/includes/licensing/windows-containers.md
+++ b/includes/licensing/windows-containers.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-defender-application-control-wdac.md b/includes/licensing/windows-defender-application-control-wdac.md
index 7b029709ad..3f81db1b61 100644
--- a/includes/licensing/windows-defender-application-control-wdac.md
+++ b/includes/licensing/windows-defender-application-control-wdac.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-defender-credential-guard.md b/includes/licensing/windows-defender-credential-guard.md
index ea360fa645..d55e33af47 100644
--- a/includes/licensing/windows-defender-credential-guard.md
+++ b/includes/licensing/windows-defender-credential-guard.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Windows Defender Cre
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
+|No|Yes|No|Yes|
 
 Windows Defender Credential Guard license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-defender-remote-credential-guard.md b/includes/licensing/windows-defender-remote-credential-guard.md
index fa718760d4..51feb6043b 100644
--- a/includes/licensing/windows-defender-remote-credential-guard.md
+++ b/includes/licensing/windows-defender-remote-credential-guard.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-defender-system-guard.md b/includes/licensing/windows-defender-system-guard.md
index 3e6515de2c..b4f7577506 100644
--- a/includes/licensing/windows-defender-system-guard.md
+++ b/includes/licensing/windows-defender-system-guard.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-feature-and-expedite-updates-with-intune.md b/includes/licensing/windows-feature-and-expedite-updates-with-intune.md
deleted file mode 100644
index 4a0982992b..0000000000
--- a/includes/licensing/windows-feature-and-expedite-updates-with-intune.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/24/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows feature and expedite updates with Intune:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows feature and expedite updates with Intune license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-firewall.md b/includes/licensing/windows-firewall.md
index 7dff38b793..12b7254fb9 100644
--- a/includes/licensing/windows-firewall.md
+++ b/includes/licensing/windows-firewall.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
index 71e43b05c6..0b8095a9f8 100644
--- a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
+++ b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-hello-for-business.md b/includes/licensing/windows-hello-for-business.md
index 6ff15f6184..cb8ec101ad 100644
--- a/includes/licensing/windows-hello-for-business.md
+++ b/includes/licensing/windows-hello-for-business.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-presence-sensing.md b/includes/licensing/windows-presence-sensing.md
index ce8d58277f..25eda4a8de 100644
--- a/includes/licensing/windows-presence-sensing.md
+++ b/includes/licensing/windows-presence-sensing.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-sandbox.md b/includes/licensing/windows-sandbox.md
index b08403f118..1b23c6f198 100644
--- a/includes/licensing/windows-sandbox.md
+++ b/includes/licensing/windows-sandbox.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-security-policy-settings-and-auditing.md b/includes/licensing/windows-security-policy-settings-and-auditing.md
index 4fbac14e8e..0fabeddb20 100644
--- a/includes/licensing/windows-security-policy-settings-and-auditing.md
+++ b/includes/licensing/windows-security-policy-settings-and-auditing.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/24/2023
+ms.date: 04/25/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-update-for-business.md b/includes/licensing/windows-update-for-business.md
deleted file mode 100644
index 7df9965759..0000000000
--- a/includes/licensing/windows-update-for-business.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/24/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows Update for Business:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows Update for Business license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

From f5d01400445851410d5665b868ae03caa57ea194 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 25 Apr 2023 13:15:49 -0400
Subject: [PATCH 017/107] format update

---
 includes/licensing/_edition-requirements.md   | 20 ++++++++---------
 includes/licensing/_licensing-requirements.md | 22 +++++++++----------
 .../licensing/always-on-vpn-device-tunnel.md  |  4 ++--
 includes/licensing/direct-access.md           |  4 ++--
 includes/licensing/federated-sign-in.md       |  4 ++--
 ...pplication-guard-mdag-configure-via-mdm.md |  4 ++--
 ...terprise-mode-and-enterprise-management.md |  4 ++--
 ...ication-guard-mdag-for-microsoft-office.md |  4 ++--
 ...nder-application-guard-mdag-public-apis.md |  4 ++--
 .../microsoft-defender-for-endpoint.md        |  2 +-
 .../licensing/personal-data-encryption-pde.md |  4 ++--
 includes/licensing/windows-autopatch.md       |  4 ++--
 .../windows-defender-credential-guard.md      |  4 ++--
 13 files changed, 42 insertions(+), 42 deletions(-)

diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md
index 44babf0f4d..60fe9f1bd2 100644
--- a/includes/licensing/_edition-requirements.md
+++ b/includes/licensing/_edition-requirements.md
@@ -11,7 +11,7 @@ The following table lists the security features that are available in Windows, a
 |:---|:---:|:---:|:---:|:---:|
 |**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|
-|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|No|Yes|No|Yes|
+|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|❌|Yes|
 |**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|
 |**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|
 |**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|
@@ -20,14 +20,14 @@ The following table lists the security features that are available in Windows, a
 |**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|
 |**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|
 |**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|
-|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|No|Yes|No|Yes|
+|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|❌|Yes|
 |**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|
 |**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|
 |**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|
 |**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|
 |**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|
 |**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|
-|**[Federated sign-in](/education/windows/federated-sign-in)**|No|No|Yes|Yes|
+|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|Yes|Yes|
 |**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|
 |**[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)**|Yes|Yes|Yes|Yes|
 |**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|
@@ -36,17 +36,17 @@ The following table lists the security features that are available in Windows, a
 |**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|
 |**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|No|Yes|No|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|No|Yes|No|Yes|
+|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|❌|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|❌|Yes|
 |**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|No|Yes|No|Yes|
-|**Microsoft Defender Application Guard (MDAG) public APIs**|No|Yes|No|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|Yes|❌|Yes|
+|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|❌|Yes|
 |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules%23microsoft-vulnerable-driver-blocklist)**|Yes|Yes|Yes|Yes|
 |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|
-|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|No|Yes|No|Yes|
+|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes|
 |**Privacy Resource Usage**|Yes|Yes|Yes|Yes|
 |**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|
 |**[Remote wipe (Autopilot reset)](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|
@@ -66,11 +66,11 @@ The following table lists the security features that are available in Windows, a
 |**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|
 |**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|
 |**WiFi Security**|Yes|Yes|Yes|Yes|
-|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|No|Yes|No|Yes|
+|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|❌|Yes|
 |**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|
 |**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|
 |**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
-|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|No|Yes|No|Yes|
+|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|❌|Yes|
 |**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|
 |**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|
 |**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md
index 540d341e79..f4993ac7f8 100644
--- a/includes/licensing/_licensing-requirements.md
+++ b/includes/licensing/_licensing-requirements.md
@@ -11,7 +11,7 @@ The following table lists the security features that are available in Windows, a
 |:---|:---:|:---:|:---:|:---:|:---:|
 |**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes|
-|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|No|Yes|Yes|Yes|Yes|
+|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|Yes|Yes|Yes|
 |**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes|
 |**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes|
 |**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes|
@@ -20,14 +20,14 @@ The following table lists the security features that are available in Windows, a
 |**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|Yes|
 |**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|Yes|
 |**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|Yes|
-|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|No|Yes|Yes|Yes|Yes|
+|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|Yes|Yes|Yes|
 |**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|Yes|
 |**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|Yes|
 |**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|Yes|
 |**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes|
 |**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|Yes|
 |**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes|
-|**[Federated sign-in](/education/windows/federated-sign-in)**|No|No|No|Yes|Yes|
+|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|❌|Yes|Yes|
 |**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes|
 |**[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)**|Yes|Yes|Yes|Yes|Yes|
 |**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes|
@@ -36,17 +36,17 @@ The following table lists the security features that are available in Windows, a
 |**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|No|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|No|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|No|No|No|No|No|
-|**Microsoft Defender Application Guard (MDAG) public APIs**|No|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|No|Yes|No|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|❌|❌|❌|❌|
+|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|❌|Yes|❌|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules%23microsoft-vulnerable-driver-blocklist)**|Yes|Yes|Yes|Yes|Yes|
 |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes|
-|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|No|Yes|Yes|Yes|Yes|
+|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes|
 |**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes|
 |**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|Yes|
 |**[Remote wipe (Autopilot reset)](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes|
@@ -66,11 +66,11 @@ The following table lists the security features that are available in Windows, a
 |**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes|
 |**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes|
 |**WiFi Security**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|No|Yes|Yes|No|No|
+|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|❌|
 |**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|No|Yes|Yes|Yes|Yes|
+|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|Yes|Yes|Yes|
 |**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/always-on-vpn-device-tunnel.md b/includes/licensing/always-on-vpn-device-tunnel.md
index 165e3355ce..6336201fd4 100644
--- a/includes/licensing/always-on-vpn-device-tunnel.md
+++ b/includes/licensing/always-on-vpn-device-tunnel.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Always On VPN (devic
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
+|❌|Yes|❌|Yes|
 
 Always On VPN (device tunnel) license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
+|❌|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/direct-access.md b/includes/licensing/direct-access.md
index 32f1858423..ad70e4321c 100644
--- a/includes/licensing/direct-access.md
+++ b/includes/licensing/direct-access.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Direct Access:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
+|❌|Yes|❌|Yes|
 
 Direct Access license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
+|❌|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md
index c1d9f41946..ef41008133 100644
--- a/includes/licensing/federated-sign-in.md
+++ b/includes/licensing/federated-sign-in.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Federated sign-in:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|No|No|Yes|Yes|
+|❌|No|Yes|Yes|
 
 Federated sign-in license entitlements are granted by the following licenses:
 
 |Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|No|No|Yes|Yes|
+|Yes|❌|No|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
index e754997c7a..436c958aa9 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Microsoft Defender A
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
+|❌|Yes|❌|Yes|
 
 Microsoft Defender Application Guard (MDAG) configure via MDM license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
+|❌|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
index 9dc9d2c111..e1996f0eef 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Microsoft Defender A
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
+|❌|Yes|❌|Yes|
 
 Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
+|❌|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
index 3cbb70aa69..ea16496e09 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Microsoft Defender A
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
+|❌|Yes|❌|Yes|
 
 Microsoft Defender Application Guard (MDAG) for Microsoft Office license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|No|No|No|No|
+|❌|No|❌|No|❌|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
index eeaf93367e..3759b415b9 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Microsoft Defender A
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
+|❌|Yes|❌|Yes|
 
 Microsoft Defender Application Guard (MDAG) public APIs license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
+|❌|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-for-endpoint.md b/includes/licensing/microsoft-defender-for-endpoint.md
index 312be13a46..4f80436cf4 100644
--- a/includes/licensing/microsoft-defender-for-endpoint.md
+++ b/includes/licensing/microsoft-defender-for-endpoint.md
@@ -17,6 +17,6 @@ Microsoft Defender for Endpoint license entitlements are granted by the followin
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|No|Yes|No|Yes|
+|Yes|❌|Yes|❌|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/personal-data-encryption-pde.md b/includes/licensing/personal-data-encryption-pde.md
index 5626b57d96..ce50e8b2d6 100644
--- a/includes/licensing/personal-data-encryption-pde.md
+++ b/includes/licensing/personal-data-encryption-pde.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Personal data encryp
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
+|❌|Yes|❌|Yes|
 
 Personal data encryption (PDE) license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
+|❌|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-autopatch.md b/includes/licensing/windows-autopatch.md
index f67e2b5216..b036c82c49 100644
--- a/includes/licensing/windows-autopatch.md
+++ b/includes/licensing/windows-autopatch.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Windows Autopatch:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
+|❌|Yes|❌|Yes|
 
 Windows Autopatch license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|No|No|
+|❌|Yes|Yes|❌|No|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-defender-credential-guard.md b/includes/licensing/windows-defender-credential-guard.md
index d55e33af47..5a03742498 100644
--- a/includes/licensing/windows-defender-credential-guard.md
+++ b/includes/licensing/windows-defender-credential-guard.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Windows Defender Cre
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
+|❌|Yes|❌|Yes|
 
 Windows Defender Credential Guard license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
+|❌|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

From 3e949d6b054ef9eb6b0348fcaf83926e28636f76 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 25 Apr 2023 13:20:07 -0400
Subject: [PATCH 018/107] format update

---
 includes/licensing/federated-sign-in.md                       | 4 ++--
 ...ft-defender-application-guard-mdag-for-microsoft-office.md | 2 +-
 includes/licensing/windows-autopatch.md                       | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md
index ef41008133..15103a6ab6 100644
--- a/includes/licensing/federated-sign-in.md
+++ b/includes/licensing/federated-sign-in.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Federated sign-in:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|❌|No|Yes|Yes|
+|❌|❌|Yes|Yes|
 
 Federated sign-in license entitlements are granted by the following licenses:
 
 |Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|❌|No|Yes|Yes|
+|Yes|❌|❌|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
index ea16496e09..e038536107 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
@@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) for Microsoft Office license entitle
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|❌|No|❌|No|❌|
+|❌|❌|❌|❌|❌|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-autopatch.md b/includes/licensing/windows-autopatch.md
index b036c82c49..8a00190c02 100644
--- a/includes/licensing/windows-autopatch.md
+++ b/includes/licensing/windows-autopatch.md
@@ -17,6 +17,6 @@ Windows Autopatch license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|❌|Yes|Yes|❌|No|
+|❌|Yes|Yes|❌|❌|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

From b37c379f72b8d1d62f48fed26b52ebfba9b45a3e Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 25 Apr 2023 15:08:22 -0400
Subject: [PATCH 019/107] updated tables

---
 includes/licensing/_edition-requirements.md                 | 2 +-
 includes/licensing/_licensing-requirements.md               | 6 +++---
 includes/licensing/always-on-vpn-device-tunnel.md           | 4 ++--
 includes/licensing/direct-access.md                         | 4 ++--
 includes/licensing/federated-sign-in.md                     | 6 +++---
 ...oft-defender-application-guard-mdag-configure-via-mdm.md | 4 ++--
 ...ag-for-edge-enterprise-mode-and-enterprise-management.md | 4 ++--
 ...-defender-application-guard-mdag-for-microsoft-office.md | 4 ++--
 ...microsoft-defender-application-guard-mdag-public-apis.md | 4 ++--
 includes/licensing/microsoft-defender-for-endpoint.md       | 2 +-
 includes/licensing/personal-data-encryption-pde.md          | 4 ++--
 includes/licensing/windows-autopatch.md                     | 4 ++--
 includes/licensing/windows-defender-credential-guard.md     | 4 ++--
 13 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md
index 60fe9f1bd2..5f6391baad 100644
--- a/includes/licensing/_edition-requirements.md
+++ b/includes/licensing/_edition-requirements.md
@@ -27,7 +27,7 @@ The following table lists the security features that are available in Windows, a
 |**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|
 |**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|
 |**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|
-|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|Yes|Yes|
+|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|No|Yes|Yes|
 |**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|
 |**[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)**|Yes|Yes|Yes|Yes|
 |**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md
index f4993ac7f8..2d3f2f34d8 100644
--- a/includes/licensing/_licensing-requirements.md
+++ b/includes/licensing/_licensing-requirements.md
@@ -27,7 +27,7 @@ The following table lists the security features that are available in Windows, a
 |**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes|
 |**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|Yes|
 |**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes|
-|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|❌|Yes|Yes|
+|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|No|❌|Yes|Yes|
 |**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes|
 |**[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)**|Yes|Yes|Yes|Yes|Yes|
 |**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes|
@@ -39,7 +39,7 @@ The following table lists the security features that are available in Windows, a
 |**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|❌|❌|❌|❌|
+|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|No|❌|No|❌|
 |**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|❌|Yes|❌|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes|
@@ -66,7 +66,7 @@ The following table lists the security features that are available in Windows, a
 |**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes|
 |**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes|
 |**WiFi Security**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|❌|
+|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|No|
 |**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/always-on-vpn-device-tunnel.md b/includes/licensing/always-on-vpn-device-tunnel.md
index 6336201fd4..165e3355ce 100644
--- a/includes/licensing/always-on-vpn-device-tunnel.md
+++ b/includes/licensing/always-on-vpn-device-tunnel.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Always On VPN (devic
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|❌|Yes|❌|Yes|
+|No|Yes|No|Yes|
 
 Always On VPN (device tunnel) license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|❌|Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/direct-access.md b/includes/licensing/direct-access.md
index ad70e4321c..32f1858423 100644
--- a/includes/licensing/direct-access.md
+++ b/includes/licensing/direct-access.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Direct Access:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|❌|Yes|❌|Yes|
+|No|Yes|No|Yes|
 
 Direct Access license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|❌|Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md
index 15103a6ab6..080274363c 100644
--- a/includes/licensing/federated-sign-in.md
+++ b/includes/licensing/federated-sign-in.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Federated sign-in:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|❌|❌|Yes|Yes|
+|No|No|Yes|Yes|
 
 Federated sign-in license entitlements are granted by the following licenses:
 
-|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|❌|❌|Yes|Yes|
+|No|No|No|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
index 436c958aa9..e754997c7a 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Microsoft Defender A
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|❌|Yes|❌|Yes|
+|No|Yes|No|Yes|
 
 Microsoft Defender Application Guard (MDAG) configure via MDM license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|❌|Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
index e1996f0eef..9dc9d2c111 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Microsoft Defender A
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|❌|Yes|❌|Yes|
+|No|Yes|No|Yes|
 
 Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|❌|Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
index e038536107..3cbb70aa69 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Microsoft Defender A
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|❌|Yes|❌|Yes|
+|No|Yes|No|Yes|
 
 Microsoft Defender Application Guard (MDAG) for Microsoft Office license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|❌|❌|❌|❌|❌|
+|No|No|No|No|No|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
index 3759b415b9..eeaf93367e 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Microsoft Defender A
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|❌|Yes|❌|Yes|
+|No|Yes|No|Yes|
 
 Microsoft Defender Application Guard (MDAG) public APIs license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|❌|Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-for-endpoint.md b/includes/licensing/microsoft-defender-for-endpoint.md
index 4f80436cf4..312be13a46 100644
--- a/includes/licensing/microsoft-defender-for-endpoint.md
+++ b/includes/licensing/microsoft-defender-for-endpoint.md
@@ -17,6 +17,6 @@ Microsoft Defender for Endpoint license entitlements are granted by the followin
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|❌|Yes|❌|Yes|
+|Yes|No|Yes|No|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/personal-data-encryption-pde.md b/includes/licensing/personal-data-encryption-pde.md
index ce50e8b2d6..5626b57d96 100644
--- a/includes/licensing/personal-data-encryption-pde.md
+++ b/includes/licensing/personal-data-encryption-pde.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Personal data encryp
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|❌|Yes|❌|Yes|
+|No|Yes|No|Yes|
 
 Personal data encryption (PDE) license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|❌|Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-autopatch.md b/includes/licensing/windows-autopatch.md
index 8a00190c02..f67e2b5216 100644
--- a/includes/licensing/windows-autopatch.md
+++ b/includes/licensing/windows-autopatch.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Windows Autopatch:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|❌|Yes|❌|Yes|
+|No|Yes|No|Yes|
 
 Windows Autopatch license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|❌|Yes|Yes|❌|❌|
+|No|Yes|Yes|No|No|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-defender-credential-guard.md b/includes/licensing/windows-defender-credential-guard.md
index 5a03742498..d55e33af47 100644
--- a/includes/licensing/windows-defender-credential-guard.md
+++ b/includes/licensing/windows-defender-credential-guard.md
@@ -11,12 +11,12 @@ The following table lists the Windows editions that support Windows Defender Cre
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
-|❌|Yes|❌|Yes|
+|No|Yes|No|Yes|
 
 Windows Defender Credential Guard license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|❌|Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

From 368cadb75f48b908fe2e5013e385af50bd7db9e9 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 25 Apr 2023 18:07:47 -0400
Subject: [PATCH 020/107] updates

---
 windows/security/TOC.yml                      |  99 +----------------
 .../additional-mitigations.md                 |   1 -
 windows/security/identity-protection/toc.yml  | 102 ++++++++++++++++++
 3 files changed, 103 insertions(+), 99 deletions(-)
 create mode 100644 windows/security/identity-protection/toc.yml

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 1bd19e107d..73cbaf7b9b 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -327,104 +327,7 @@
     - name: Windows Credential Theft Mitigation Guide Abstract
       href: identity-protection\windows-credential-theft-mitigation-guide-abstract.md
 - name: User security and secured identity
-  items:
-    - name: Overview
-      href: identity.md
-    - name: Windows credential theft mitigation guide
-      href: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
-    - name: Passwordless
-      items:
-      - name: Windows Hello for Business ⇒
-        href: identity-protection/hello-for-business/index.yml
-      - name: FIDO 2 security keys
-        href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=/windows/security/context/context
-    - name: Local Administrator Password Solution (LAPS)
-      href: /windows-server/identity/laps/laps-overview?context=/windows/security/context/context
-    - name: Enterprise Certificate Pinning
-      href: identity-protection/enterprise-certificate-pinning.md
-    - name: Credential Guard
-      items:
-        - name: Protect derived domain credentials with Credential Guard
-          href: identity-protection/credential-guard/credential-guard.md
-        - name: How Credential Guard works
-          href: identity-protection/credential-guard/credential-guard-how-it-works.md
-        - name: Requirements
-          href: identity-protection/credential-guard/credential-guard-requirements.md
-        - name: Manage Credential Guard
-          href: identity-protection/credential-guard/credential-guard-manage.md
-        - name: Credential Guard protection limits
-          href: identity-protection/credential-guard/credential-guard-protection-limits.md
-        - name: Considerations when using Credential Guard
-          href: identity-protection/credential-guard/credential-guard-considerations.md
-        - name: Additional mitigations
-          href: identity-protection/credential-guard/additional-mitigations.md
-        - name: Known issues
-          href: identity-protection/credential-guard/credential-guard-known-issues.md
-    - name: Remote Credential Guard
-      href: identity-protection/remote-credential-guard.md
-    - name: Configuring LSA Protection
-      href: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json
-    - name: Technical support policy for lost or forgotten passwords
-      href: identity-protection/password-support-policy.md
-    - name: Access Control
-      items:
-        - name: Overview
-          href: identity-protection/access-control/access-control.md
-        - name: Local Accounts
-          href: identity-protection/access-control/local-accounts.md
-    - name: User Account Control (UAC)
-      items:
-        - name: Overview
-          href: identity-protection/user-account-control/user-account-control-overview.md
-        - name: How User Account Control works
-          href: identity-protection/user-account-control/how-user-account-control-works.md
-        - name: User Account Control security policy settings
-          href: identity-protection/user-account-control/user-account-control-security-policy-settings.md
-        - name: User Account Control Group Policy and registry key settings
-          href: identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
-    - name: Smart Cards
-      href: identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
-      items:
-        - name: How Smart Card Sign-in Works in Windows
-          href: identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
-          items:
-            - name: Smart Card Architecture
-              href: identity-protection/smart-cards/smart-card-architecture.md
-            - name: Certificate Requirements and Enumeration
-              href: identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
-            - name: Smart Card and Remote Desktop Services
-              href: identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
-            - name: Smart Cards for Windows Service
-              href: identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
-            - name: Certificate Propagation Service
-              href: identity-protection/smart-cards/smart-card-certificate-propagation-service.md
-            - name: Smart Card Removal Policy Service
-              href: identity-protection/smart-cards/smart-card-removal-policy-service.md
-        - name: Smart Card Tools and Settings
-          href: identity-protection/smart-cards/smart-card-tools-and-settings.md
-          items:
-            - name: Smart Cards Debugging Information
-              href: identity-protection/smart-cards/smart-card-debugging-information.md
-            - name: Smart Card Group Policy and Registry Settings
-              href: identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
-            - name: Smart Card Events
-              href: identity-protection/smart-cards/smart-card-events.md
-        - name: Virtual smart cards
-          href: identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
-          items:
-            - name: Understand and evaluate virtual smart cards
-              href: identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
-              items:
-                - name: Get started with virtual smart cards
-                  href: identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
-                - name: Use virtual smart cards
-                  href: identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
-                - name: Deploy virtual smart cards
-                  href: identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
-                - name: Evaluate virtual smart card security
-                  href: identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
-            - name: Tpmvscmgr
-              href: identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
+  href: identity-protection/toc.yml
 - name: Cloud services
   items:
     - name: Overview
diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md
index ca9c7acd52..32967fd8b7 100644
--- a/windows/security/identity-protection/credential-guard/additional-mitigations.md
+++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md
@@ -18,7 +18,6 @@ Credential theft attacks allow the attacker to steal secrets from one device and
 Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring, its TGT is used to protect the user's proof of possession which can mitigate offline dictionary attacks. Kerberos armoring also provides the additional benefit of signed KDC errors this mitigates tampering which can result in things such as downgrade attacks. 
 
 **To enable Kerberos armoring for restricting domain users to specific domain-joined devices**
-
 - Users need to be in domains that are running Windows Server 2012 R2 or higher
 - All the domain controllers in these domains must be configured to support Kerberos armoring. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**.
 - All the devices with Windows Defender Credential Guard that the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -&gt; **Administrative Templates** -&gt; **System** -&gt; **Kerberos**.
diff --git a/windows/security/identity-protection/toc.yml b/windows/security/identity-protection/toc.yml
new file mode 100644
index 0000000000..316d992db0
--- /dev/null
+++ b/windows/security/identity-protection/toc.yml
@@ -0,0 +1,102 @@
+items:
+  - name: Overview
+    href: ../identity.md
+  - name: Windows credential theft mitigation guide
+    href: ../windows-credential-theft-mitigation-guide-abstract.md
+  - name: Passwordless
+    items:
+    - name: Windows Hello for Business ⇒
+      href: hello-for-business/index.yml
+    - name: FIDO 2 security keys ⇒
+      href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key
+  - name: Local Administrator Password Solution (LAPS)
+    items:
+      - name: Windows LAPS licensing and requirements
+        href: ../../../includes/licensing/windows-defender-credential-guard.md
+      - name: Windows LAPS overview
+        href: /windows-server/identity/laps/laps-overview
+  - name: Enterprise Certificate Pinning
+    href: enterprise-certificate-pinning.md
+  - name: Credential Guard
+    items:
+      - name: Protect derived domain credentials with Credential Guard
+        href: credential-guard/credential-guard.md
+      - name: How Credential Guard works
+        href: credential-guard/credential-guard-how-it-works.md
+      - name: Requirements
+        href: credential-guard/credential-guard-requirements.md
+      - name: Manage Credential Guard
+        href: credential-guard/credential-guard-manage.md
+      - name: Credential Guard protection limits
+        href: credential-guard/credential-guard-protection-limits.md
+      - name: Considerations when using Credential Guard
+        href: credential-guard/credential-guard-considerations.md
+      - name: Additional mitigations
+        href: credential-guard/additional-mitigations.md
+      - name: Known issues
+        href: credential-guard/credential-guard-known-issues.md
+  - name: Remote Credential Guard
+    href: remote-credential-guard.md
+  - name: Configuring LSA Protection
+    href: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json
+  - name: Technical support policy for lost or forgotten passwords
+    href: password-support-policy.md
+  - name: Access Control
+    items:
+      - name: Overview
+        href: access-control/access-control.md
+      - name: Local Accounts
+        href: access-control/local-accounts.md
+  - name: User Account Control (UAC)
+    items:
+      - name: Overview
+        href: user-account-control/user-account-control-overview.md
+      - name: How User Account Control works
+        href: user-account-control/how-user-account-control-works.md
+      - name: User Account Control security policy settings
+        href: user-account-control/user-account-control-security-policy-settings.md
+      - name: User Account Control Group Policy and registry key settings
+        href: user-account-control/user-account-control-group-policy-and-registry-key-settings.md
+  - name: Smart Cards
+    href: smart-cards/smart-card-windows-smart-card-technical-reference.md
+    items:
+      - name: How Smart Card Sign-in Works in Windows
+        href: smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
+        items:
+          - name: Smart Card Architecture
+            href: smart-cards/smart-card-architecture.md
+          - name: Certificate Requirements and Enumeration
+            href: smart-cards/smart-card-certificate-requirements-and-enumeration.md
+          - name: Smart Card and Remote Desktop Services
+            href: smart-cards/smart-card-and-remote-desktop-services.md
+          - name: Smart Cards for Windows Service
+            href: smart-cards/smart-card-smart-cards-for-windows-service.md
+          - name: Certificate Propagation Service
+            href: smart-cards/smart-card-certificate-propagation-service.md
+          - name: Smart Card Removal Policy Service
+            href: smart-cards/smart-card-removal-policy-service.md
+      - name: Smart Card Tools and Settings
+        href: smart-cards/smart-card-tools-and-settings.md
+        items:
+          - name: Smart Cards Debugging Information
+            href: smart-cards/smart-card-debugging-information.md
+          - name: Smart Card Group Policy and Registry Settings
+            href: smart-cards/smart-card-group-policy-and-registry-settings.md
+          - name: Smart Card Events
+            href: smart-cards/smart-card-events.md
+      - name: Virtual smart cards
+        href: virtual-smart-cards/virtual-smart-card-overview.md
+        items:
+          - name: Understand and evaluate virtual smart cards
+            href: virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
+            items:
+              - name: Get started with virtual smart cards
+                href: virtual-smart-cards/virtual-smart-card-get-started.md
+              - name: Use virtual smart cards
+                href: virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
+              - name: Deploy virtual smart cards
+                href: virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
+              - name: Evaluate virtual smart card security
+                href: virtual-smart-cards/virtual-smart-card-evaluate-security.md
+          - name: Tpmvscmgr
+            href: virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
\ No newline at end of file

From 7ec6016d2f415164cac1887dc7f0938fd2e031d2 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 25 Apr 2023 18:25:14 -0400
Subject: [PATCH 021/107] updates

---
 windows/security/identity-protection/toc.yml  | 26 +++---
 .../licensing/_edition-requirements.md        | 81 +++++++++++++++++++
 .../licensing/_licensing-requirements.md      | 81 +++++++++++++++++++
 .../licensing/access-control-aclsscals.md     | 22 +++++
 .../licensing/account-lockout-policy.md       | 22 +++++
 .../licensing/always-on-vpn-device-tunnel.md  | 22 +++++
 .../licensing/assigned-access-kiosk-mode.md   | 22 +++++
 .../licensing/attack-surface-reduction-asr.md | 22 +++++
 ...d-azure-ad-join-with-single-sign-on-sso.md | 22 +++++
 windows/security/licensing/bitlocker.md       | 22 +++++
 ...tooth-pairing-and-connection-protection.md | 22 +++++
 .../common-criteria-certifications.md         | 22 +++++
 .../licensing/controlled-folder-access.md     | 22 +++++
 .../device-health-attestation-service.md      | 22 +++++
 windows/security/licensing/direct-access.md   | 22 +++++
 .../licensing/email-encryption-smime.md       | 22 +++++
 .../licensing/encrypted-hard-drive.md         | 22 +++++
 ...ed-phishing-protection-with-smartscreen.md | 22 +++++
 .../security/licensing/exploit-protection.md  | 22 +++++
 ...fast-identity-online-fido2-security-key.md | 22 +++++
 ...processing-standard-fips-140-validation.md | 22 +++++
 .../security/licensing/federated-sign-in.md   | 22 +++++
 .../hardware-enforced-stack-protection.md     | 22 +++++
 ...ypervisor-protected-code-integrity-hvci.md | 22 +++++
 ...nel-direct-memory-access-dma-protection.md | 22 +++++
 .../local-administrator-password-solution.md  | 22 +++++
 ...local-security-authority-lsa-protection.md | 22 +++++
 ...-device-management-mdm-and-group-policy.md | 22 +++++
 windows/security/licensing/measured-boot.md   | 22 +++++
 .../licensing/microsoft-defender-antivirus.md | 22 +++++
 ...pplication-guard-mdag-configure-via-mdm.md | 22 +++++
 ...terprise-mode-and-enterprise-management.md | 22 +++++
 ...ion-guard-mdag-for-edge-standalone-mode.md | 22 +++++
 ...ication-guard-mdag-for-microsoft-office.md | 22 +++++
 ...nder-application-guard-mdag-public-apis.md | 22 +++++
 .../microsoft-defender-for-endpoint.md        | 22 +++++
 .../microsoft-defender-smartscreen.md         | 22 +++++
 .../microsoft-pluton-security-processor.md    | 22 +++++
 .../microsoft-vulnerable-driver-blocklist.md  | 22 +++++
 .../opportunistic-wireless-encryption-owe.md  | 22 +++++
 .../licensing/personal-data-encryption-pde.md | 22 +++++
 .../licensing/privacy-resource-usage.md       | 22 +++++
 .../privacy-transparency-and-controls.md      | 22 +++++
 .../licensing/remote-wipe-autopilot-reset.md  | 22 +++++
 .../licensing/secure-boot-and-trusted-boot.md | 22 +++++
 .../secured-core-configuration-lock.md        | 22 +++++
 windows/security/licensing/secured-core-pc.md | 22 +++++
 .../security-baselines-with-intune.md         | 22 +++++
 .../server-message-block-direct-smb-direct.md | 22 +++++
 .../server-message-block-smb-file-service.md  | 22 +++++
 .../security/licensing/smart-app-control.md   | 22 +++++
 .../smart-cards-for-windows-service.md        | 22 +++++
 .../tamper-protection-settings-for-mde.md     | 22 +++++
 .../licensing/transport-layer-security-tls.md | 22 +++++
 .../trusted-platform-module-tpm-20.md         | 22 +++++
 windows/security/licensing/universal-print.md | 22 +++++
 .../licensing/user-account-control-uac.md     | 22 +++++
 .../licensing/virtual-private-network-vpn.md  | 22 +++++
 .../virtualization-based-security-vbs.md      | 22 +++++
 windows/security/licensing/wifi-security.md   | 22 +++++
 .../security/licensing/windows-autopatch.md   | 22 +++++
 .../security/licensing/windows-autopilot.md   | 22 +++++
 .../security/licensing/windows-containers.md  | 22 +++++
 ...ndows-defender-application-control-wdac.md | 22 +++++
 .../windows-defender-credential-guard.md      | 22 +++++
 ...indows-defender-remote-credential-guard.md | 22 +++++
 .../windows-defender-system-guard.md          | 22 +++++
 .../security/licensing/windows-firewall.md    | 22 +++++
 ...-business-enhanced-security-sign-in-ess.md | 22 +++++
 .../licensing/windows-hello-for-business.md   | 22 +++++
 .../licensing/windows-presence-sensing.md     | 22 +++++
 windows/security/licensing/windows-sandbox.md | 22 +++++
 ...s-security-policy-settings-and-auditing.md | 22 +++++
 73 files changed, 1719 insertions(+), 9 deletions(-)
 create mode 100644 windows/security/licensing/_edition-requirements.md
 create mode 100644 windows/security/licensing/_licensing-requirements.md
 create mode 100644 windows/security/licensing/access-control-aclsscals.md
 create mode 100644 windows/security/licensing/account-lockout-policy.md
 create mode 100644 windows/security/licensing/always-on-vpn-device-tunnel.md
 create mode 100644 windows/security/licensing/assigned-access-kiosk-mode.md
 create mode 100644 windows/security/licensing/attack-surface-reduction-asr.md
 create mode 100644 windows/security/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
 create mode 100644 windows/security/licensing/bitlocker.md
 create mode 100644 windows/security/licensing/bluetooth-pairing-and-connection-protection.md
 create mode 100644 windows/security/licensing/common-criteria-certifications.md
 create mode 100644 windows/security/licensing/controlled-folder-access.md
 create mode 100644 windows/security/licensing/device-health-attestation-service.md
 create mode 100644 windows/security/licensing/direct-access.md
 create mode 100644 windows/security/licensing/email-encryption-smime.md
 create mode 100644 windows/security/licensing/encrypted-hard-drive.md
 create mode 100644 windows/security/licensing/enhanced-phishing-protection-with-smartscreen.md
 create mode 100644 windows/security/licensing/exploit-protection.md
 create mode 100644 windows/security/licensing/fast-identity-online-fido2-security-key.md
 create mode 100644 windows/security/licensing/federal-information-processing-standard-fips-140-validation.md
 create mode 100644 windows/security/licensing/federated-sign-in.md
 create mode 100644 windows/security/licensing/hardware-enforced-stack-protection.md
 create mode 100644 windows/security/licensing/hypervisor-protected-code-integrity-hvci.md
 create mode 100644 windows/security/licensing/kernel-direct-memory-access-dma-protection.md
 create mode 100644 windows/security/licensing/local-administrator-password-solution.md
 create mode 100644 windows/security/licensing/local-security-authority-lsa-protection.md
 create mode 100644 windows/security/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
 create mode 100644 windows/security/licensing/measured-boot.md
 create mode 100644 windows/security/licensing/microsoft-defender-antivirus.md
 create mode 100644 windows/security/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
 create mode 100644 windows/security/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
 create mode 100644 windows/security/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
 create mode 100644 windows/security/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
 create mode 100644 windows/security/licensing/microsoft-defender-application-guard-mdag-public-apis.md
 create mode 100644 windows/security/licensing/microsoft-defender-for-endpoint.md
 create mode 100644 windows/security/licensing/microsoft-defender-smartscreen.md
 create mode 100644 windows/security/licensing/microsoft-pluton-security-processor.md
 create mode 100644 windows/security/licensing/microsoft-vulnerable-driver-blocklist.md
 create mode 100644 windows/security/licensing/opportunistic-wireless-encryption-owe.md
 create mode 100644 windows/security/licensing/personal-data-encryption-pde.md
 create mode 100644 windows/security/licensing/privacy-resource-usage.md
 create mode 100644 windows/security/licensing/privacy-transparency-and-controls.md
 create mode 100644 windows/security/licensing/remote-wipe-autopilot-reset.md
 create mode 100644 windows/security/licensing/secure-boot-and-trusted-boot.md
 create mode 100644 windows/security/licensing/secured-core-configuration-lock.md
 create mode 100644 windows/security/licensing/secured-core-pc.md
 create mode 100644 windows/security/licensing/security-baselines-with-intune.md
 create mode 100644 windows/security/licensing/server-message-block-direct-smb-direct.md
 create mode 100644 windows/security/licensing/server-message-block-smb-file-service.md
 create mode 100644 windows/security/licensing/smart-app-control.md
 create mode 100644 windows/security/licensing/smart-cards-for-windows-service.md
 create mode 100644 windows/security/licensing/tamper-protection-settings-for-mde.md
 create mode 100644 windows/security/licensing/transport-layer-security-tls.md
 create mode 100644 windows/security/licensing/trusted-platform-module-tpm-20.md
 create mode 100644 windows/security/licensing/universal-print.md
 create mode 100644 windows/security/licensing/user-account-control-uac.md
 create mode 100644 windows/security/licensing/virtual-private-network-vpn.md
 create mode 100644 windows/security/licensing/virtualization-based-security-vbs.md
 create mode 100644 windows/security/licensing/wifi-security.md
 create mode 100644 windows/security/licensing/windows-autopatch.md
 create mode 100644 windows/security/licensing/windows-autopilot.md
 create mode 100644 windows/security/licensing/windows-containers.md
 create mode 100644 windows/security/licensing/windows-defender-application-control-wdac.md
 create mode 100644 windows/security/licensing/windows-defender-credential-guard.md
 create mode 100644 windows/security/licensing/windows-defender-remote-credential-guard.md
 create mode 100644 windows/security/licensing/windows-defender-system-guard.md
 create mode 100644 windows/security/licensing/windows-firewall.md
 create mode 100644 windows/security/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
 create mode 100644 windows/security/licensing/windows-hello-for-business.md
 create mode 100644 windows/security/licensing/windows-presence-sensing.md
 create mode 100644 windows/security/licensing/windows-sandbox.md
 create mode 100644 windows/security/licensing/windows-security-policy-settings-and-auditing.md

diff --git a/windows/security/identity-protection/toc.yml b/windows/security/identity-protection/toc.yml
index 316d992db0..dfcb41d432 100644
--- a/windows/security/identity-protection/toc.yml
+++ b/windows/security/identity-protection/toc.yml
@@ -2,18 +2,26 @@ items:
   - name: Overview
     href: ../identity.md
   - name: Windows credential theft mitigation guide
-    href: ../windows-credential-theft-mitigation-guide-abstract.md
-  - name: Passwordless
+    href: windows-credential-theft-mitigation-guide-abstract.md
+  - name: Passwordless sign-in
     items:
-    - name: Windows Hello for Business ⇒
-      href: hello-for-business/index.yml
-    - name: FIDO 2 security keys ⇒
-      href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key
+    - name: Windows Hello for Business
+      items:
+        - name: Windows edition and licensing requirements
+          href: ../licensing/windows-hello-for-business.md
+        - name: Windows Hello for Business overview ⇒
+          href: hello-for-business/index.yml
+    - name: FIDO 2 security keys
+      items:
+        - name: Windows edition and licensing requirements
+          href: ../licensing/fast-identity-online-fido2-security-key.md
+        - name: FIDO 2 security keys overview ⇒
+          href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key
   - name: Local Administrator Password Solution (LAPS)
     items:
-      - name: Windows LAPS licensing and requirements
-        href: ../../../includes/licensing/windows-defender-credential-guard.md
-      - name: Windows LAPS overview
+      - name: Windows edition and licensing requirements
+        href: ../licensing/local-administrator-password-solution.md
+      - name: Windows LAPS overview ⇒
         href: /windows-server/identity/laps/laps-overview
   - name: Enterprise Certificate Pinning
     href: enterprise-certificate-pinning.md
diff --git a/windows/security/licensing/_edition-requirements.md b/windows/security/licensing/_edition-requirements.md
new file mode 100644
index 0000000000..5f6391baad
--- /dev/null
+++ b/windows/security/licensing/_edition-requirements.md
@@ -0,0 +1,81 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+The following table lists the security features that are available in Windows, and the Windows editions that support them:
+
+| Feature name | Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education |
+|:---|:---:|:---:|:---:|:---:|
+|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
+|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|
+|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|❌|Yes|
+|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|
+|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|
+|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|
+|**[BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|
+|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|
+|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|
+|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|
+|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|
+|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|❌|Yes|
+|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|
+|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|
+|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|
+|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|
+|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|
+|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|
+|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|No|Yes|Yes|
+|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|
+|**[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)**|Yes|Yes|Yes|Yes|
+|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|
+|**Local Administrator Password Solution**|Yes|Yes|Yes|Yes|
+|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=%2Fwindows%2Fsecurity%2Ftoc.json&bc=%2Fwindows%2Fsecurity%2Fbreadcrumb%2Ftoc.json)**|Yes|Yes|Yes|Yes|
+|**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|
+|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|❌|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|❌|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|Yes|❌|Yes|
+|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|❌|Yes|
+|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules%23microsoft-vulnerable-driver-blocklist)**|Yes|Yes|Yes|Yes|
+|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|
+|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes|
+|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|
+|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|
+|**[Remote wipe (Autopilot reset)](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|
+|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|
+|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|
+|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|
+|**[Security baselines with Intune](/mem/intune/protect/security-baselines)**|Yes|Yes|Yes|Yes|
+|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|
+|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|
+|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
+|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|
+|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|
+|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|
+|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|
+|**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes|
+|**[User Account Control (UAC)](/indows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|
+|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|
+|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|
+|**WiFi Security**|Yes|Yes|Yes|Yes|
+|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|❌|Yes|
+|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|
+|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|
+|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
+|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|❌|Yes|
+|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|
+|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|
+|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|
+|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|
+|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|
+|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|
diff --git a/windows/security/licensing/_licensing-requirements.md b/windows/security/licensing/_licensing-requirements.md
new file mode 100644
index 0000000000..2d3f2f34d8
--- /dev/null
+++ b/windows/security/licensing/_licensing-requirements.md
@@ -0,0 +1,81 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+The following table lists the security features that are available in Windows, and the licensing requirements to use them:
+
+|Feature name|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---|:---:|:---:|:---:|:---:|:---:|
+|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
+|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes|
+|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|Yes|Yes|Yes|
+|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes|
+|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes|
+|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes|
+|**[BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|Yes|
+|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|Yes|
+|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|Yes|
+|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|Yes|
+|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|Yes|Yes|Yes|
+|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|Yes|
+|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|Yes|
+|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|Yes|
+|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes|
+|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|Yes|
+|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes|
+|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|No|❌|Yes|Yes|
+|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes|
+|**[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)**|Yes|Yes|Yes|Yes|Yes|
+|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes|
+|**Local Administrator Password Solution**|Yes|Yes|Yes|Yes|Yes|
+|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=%2Fwindows%2Fsecurity%2Ftoc.json&bc=%2Fwindows%2Fsecurity%2Fbreadcrumb%2Ftoc.json)**|Yes|Yes|Yes|Yes|Yes|
+|**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|No|❌|No|❌|
+|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|❌|Yes|❌|Yes|
+|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules%23microsoft-vulnerable-driver-blocklist)**|Yes|Yes|Yes|Yes|Yes|
+|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes|
+|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes|
+|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes|
+|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|Yes|
+|**[Remote wipe (Autopilot reset)](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes|
+|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|Yes|
+|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|Yes|
+|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes|
+|**[Security baselines with Intune](/mem/intune/protect/security-baselines)**|Yes|Yes|Yes|Yes|Yes|
+|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|Yes|
+|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
+|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|Yes|
+|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes|
+|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes|Yes|
+|**[User Account Control (UAC)](/indows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes|
+|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes|
+|**WiFi Security**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|No|
+|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|Yes|Yes|Yes|
+|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes|
diff --git a/windows/security/licensing/access-control-aclsscals.md b/windows/security/licensing/access-control-aclsscals.md
new file mode 100644
index 0000000000..028929c987
--- /dev/null
+++ b/windows/security/licensing/access-control-aclsscals.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Access Control (ACLs/SCALS):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Access Control (ACLs/SCALS) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/account-lockout-policy.md b/windows/security/licensing/account-lockout-policy.md
new file mode 100644
index 0000000000..9d28314c22
--- /dev/null
+++ b/windows/security/licensing/account-lockout-policy.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Account Lockout Policy:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Account Lockout Policy license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/always-on-vpn-device-tunnel.md b/windows/security/licensing/always-on-vpn-device-tunnel.md
new file mode 100644
index 0000000000..165e3355ce
--- /dev/null
+++ b/windows/security/licensing/always-on-vpn-device-tunnel.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Always On VPN (device tunnel):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Always On VPN (device tunnel) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/assigned-access-kiosk-mode.md b/windows/security/licensing/assigned-access-kiosk-mode.md
new file mode 100644
index 0000000000..0aacfd0d54
--- /dev/null
+++ b/windows/security/licensing/assigned-access-kiosk-mode.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Assigned Access (kiosk mode):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Assigned Access (kiosk mode) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/attack-surface-reduction-asr.md b/windows/security/licensing/attack-surface-reduction-asr.md
new file mode 100644
index 0000000000..bdfa84be11
--- /dev/null
+++ b/windows/security/licensing/attack-surface-reduction-asr.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Attack surface reduction (ASR):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Attack surface reduction (ASR) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md b/windows/security/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
new file mode 100644
index 0000000000..a2348b9f96
--- /dev/null
+++ b/windows/security/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/bitlocker.md b/windows/security/licensing/bitlocker.md
new file mode 100644
index 0000000000..e1d0482a14
--- /dev/null
+++ b/windows/security/licensing/bitlocker.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support BitLocker:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+BitLocker license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/bluetooth-pairing-and-connection-protection.md b/windows/security/licensing/bluetooth-pairing-and-connection-protection.md
new file mode 100644
index 0000000000..ea7d847692
--- /dev/null
+++ b/windows/security/licensing/bluetooth-pairing-and-connection-protection.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Bluetooth pairing and connection protection:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Bluetooth pairing and connection protection license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/common-criteria-certifications.md b/windows/security/licensing/common-criteria-certifications.md
new file mode 100644
index 0000000000..67da2eaa80
--- /dev/null
+++ b/windows/security/licensing/common-criteria-certifications.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Common Criteria certifications:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Common Criteria certifications license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/controlled-folder-access.md b/windows/security/licensing/controlled-folder-access.md
new file mode 100644
index 0000000000..6e8429962d
--- /dev/null
+++ b/windows/security/licensing/controlled-folder-access.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Controlled folder access:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Controlled folder access license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/device-health-attestation-service.md b/windows/security/licensing/device-health-attestation-service.md
new file mode 100644
index 0000000000..180599b676
--- /dev/null
+++ b/windows/security/licensing/device-health-attestation-service.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Device health attestation service:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Device health attestation service license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/direct-access.md b/windows/security/licensing/direct-access.md
new file mode 100644
index 0000000000..32f1858423
--- /dev/null
+++ b/windows/security/licensing/direct-access.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Direct Access:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Direct Access license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/email-encryption-smime.md b/windows/security/licensing/email-encryption-smime.md
new file mode 100644
index 0000000000..1e613f7ea7
--- /dev/null
+++ b/windows/security/licensing/email-encryption-smime.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Email Encryption (S/MIME):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Email Encryption (S/MIME) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/encrypted-hard-drive.md b/windows/security/licensing/encrypted-hard-drive.md
new file mode 100644
index 0000000000..7f8eabb4fc
--- /dev/null
+++ b/windows/security/licensing/encrypted-hard-drive.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Encrypted hard drive:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Encrypted hard drive license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/enhanced-phishing-protection-with-smartscreen.md b/windows/security/licensing/enhanced-phishing-protection-with-smartscreen.md
new file mode 100644
index 0000000000..c050417d86
--- /dev/null
+++ b/windows/security/licensing/enhanced-phishing-protection-with-smartscreen.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Enhanced phishing protection with SmartScreen:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Enhanced phishing protection with SmartScreen license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/exploit-protection.md b/windows/security/licensing/exploit-protection.md
new file mode 100644
index 0000000000..ee0105c7aa
--- /dev/null
+++ b/windows/security/licensing/exploit-protection.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Exploit protection:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Exploit protection license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/fast-identity-online-fido2-security-key.md b/windows/security/licensing/fast-identity-online-fido2-security-key.md
new file mode 100644
index 0000000000..1fac120af3
--- /dev/null
+++ b/windows/security/licensing/fast-identity-online-fido2-security-key.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Fast Identity Online (FIDO2) security key:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Fast Identity Online (FIDO2) security key license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/federal-information-processing-standard-fips-140-validation.md b/windows/security/licensing/federal-information-processing-standard-fips-140-validation.md
new file mode 100644
index 0000000000..4f43d3d758
--- /dev/null
+++ b/windows/security/licensing/federal-information-processing-standard-fips-140-validation.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Federal Information Processing Standard (FIPS) 140 validation:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Federal Information Processing Standard (FIPS) 140 validation license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/federated-sign-in.md b/windows/security/licensing/federated-sign-in.md
new file mode 100644
index 0000000000..080274363c
--- /dev/null
+++ b/windows/security/licensing/federated-sign-in.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Federated sign-in:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|No|Yes|Yes|
+
+Federated sign-in license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|No|No|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/hardware-enforced-stack-protection.md b/windows/security/licensing/hardware-enforced-stack-protection.md
new file mode 100644
index 0000000000..7d197bf299
--- /dev/null
+++ b/windows/security/licensing/hardware-enforced-stack-protection.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Hardware-enforced stack protection:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Hardware-enforced stack protection license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/hypervisor-protected-code-integrity-hvci.md b/windows/security/licensing/hypervisor-protected-code-integrity-hvci.md
new file mode 100644
index 0000000000..659a1e1a0f
--- /dev/null
+++ b/windows/security/licensing/hypervisor-protected-code-integrity-hvci.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Hypervisor-protected Code Integrity (HVCI):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Hypervisor-protected Code Integrity (HVCI) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/kernel-direct-memory-access-dma-protection.md b/windows/security/licensing/kernel-direct-memory-access-dma-protection.md
new file mode 100644
index 0000000000..c07f32a3f1
--- /dev/null
+++ b/windows/security/licensing/kernel-direct-memory-access-dma-protection.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Kernel Direct Memory Access (DMA) protection:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Kernel Direct Memory Access (DMA) protection license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/local-administrator-password-solution.md b/windows/security/licensing/local-administrator-password-solution.md
new file mode 100644
index 0000000000..a7f5eb6aba
--- /dev/null
+++ b/windows/security/licensing/local-administrator-password-solution.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Local Administrator Password Solution:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Local Administrator Password Solution license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/local-security-authority-lsa-protection.md b/windows/security/licensing/local-security-authority-lsa-protection.md
new file mode 100644
index 0000000000..f6b948f1a1
--- /dev/null
+++ b/windows/security/licensing/local-security-authority-lsa-protection.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Local Security Authority (LSA) Protection:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Local Security Authority (LSA) Protection license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md b/windows/security/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
new file mode 100644
index 0000000000..d0c8d30dd4
--- /dev/null
+++ b/windows/security/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Manage by Mobile Device Management (MDM) and group policy:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Manage by Mobile Device Management (MDM) and group policy license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/measured-boot.md b/windows/security/licensing/measured-boot.md
new file mode 100644
index 0000000000..873dd51db8
--- /dev/null
+++ b/windows/security/licensing/measured-boot.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Measured boot:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Measured boot license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-defender-antivirus.md b/windows/security/licensing/microsoft-defender-antivirus.md
new file mode 100644
index 0000000000..08df5e0218
--- /dev/null
+++ b/windows/security/licensing/microsoft-defender-antivirus.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Antivirus:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Defender Antivirus license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md b/windows/security/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
new file mode 100644
index 0000000000..e754997c7a
--- /dev/null
+++ b/windows/security/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) configure via MDM:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Microsoft Defender Application Guard (MDAG) configure via MDM license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md b/windows/security/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
new file mode 100644
index 0000000000..9dc9d2c111
--- /dev/null
+++ b/windows/security/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md b/windows/security/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
new file mode 100644
index 0000000000..fe5677e4eb
--- /dev/null
+++ b/windows/security/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) for Edge standalone mode:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Defender Application Guard (MDAG) for Edge standalone mode license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md b/windows/security/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
new file mode 100644
index 0000000000..3cbb70aa69
--- /dev/null
+++ b/windows/security/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) for Microsoft Office:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Microsoft Defender Application Guard (MDAG) for Microsoft Office license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|No|No|No|No|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-defender-application-guard-mdag-public-apis.md b/windows/security/licensing/microsoft-defender-application-guard-mdag-public-apis.md
new file mode 100644
index 0000000000..eeaf93367e
--- /dev/null
+++ b/windows/security/licensing/microsoft-defender-application-guard-mdag-public-apis.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) public APIs:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Microsoft Defender Application Guard (MDAG) public APIs license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-defender-for-endpoint.md b/windows/security/licensing/microsoft-defender-for-endpoint.md
new file mode 100644
index 0000000000..312be13a46
--- /dev/null
+++ b/windows/security/licensing/microsoft-defender-for-endpoint.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender for Endpoint:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Defender for Endpoint license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|No|Yes|No|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-defender-smartscreen.md b/windows/security/licensing/microsoft-defender-smartscreen.md
new file mode 100644
index 0000000000..ff95861177
--- /dev/null
+++ b/windows/security/licensing/microsoft-defender-smartscreen.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender SmartScreen:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Defender SmartScreen license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-pluton-security-processor.md b/windows/security/licensing/microsoft-pluton-security-processor.md
new file mode 100644
index 0000000000..d0f93bcb7c
--- /dev/null
+++ b/windows/security/licensing/microsoft-pluton-security-processor.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Pluton security processor:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Pluton security processor license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-vulnerable-driver-blocklist.md b/windows/security/licensing/microsoft-vulnerable-driver-blocklist.md
new file mode 100644
index 0000000000..98dd69ad55
--- /dev/null
+++ b/windows/security/licensing/microsoft-vulnerable-driver-blocklist.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Vulnerable Driver Blocklist:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Vulnerable Driver Blocklist license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/opportunistic-wireless-encryption-owe.md b/windows/security/licensing/opportunistic-wireless-encryption-owe.md
new file mode 100644
index 0000000000..953cb81211
--- /dev/null
+++ b/windows/security/licensing/opportunistic-wireless-encryption-owe.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Opportunistic Wireless Encryption (OWE):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Opportunistic Wireless Encryption (OWE) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/personal-data-encryption-pde.md b/windows/security/licensing/personal-data-encryption-pde.md
new file mode 100644
index 0000000000..5626b57d96
--- /dev/null
+++ b/windows/security/licensing/personal-data-encryption-pde.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Personal data encryption (PDE):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Personal data encryption (PDE) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/privacy-resource-usage.md b/windows/security/licensing/privacy-resource-usage.md
new file mode 100644
index 0000000000..2bea08f5e1
--- /dev/null
+++ b/windows/security/licensing/privacy-resource-usage.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Privacy Resource Usage:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Privacy Resource Usage license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/privacy-transparency-and-controls.md b/windows/security/licensing/privacy-transparency-and-controls.md
new file mode 100644
index 0000000000..2fec75d8c4
--- /dev/null
+++ b/windows/security/licensing/privacy-transparency-and-controls.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Privacy Transparency and Controls:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Privacy Transparency and Controls license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/remote-wipe-autopilot-reset.md b/windows/security/licensing/remote-wipe-autopilot-reset.md
new file mode 100644
index 0000000000..c68c8ad2ed
--- /dev/null
+++ b/windows/security/licensing/remote-wipe-autopilot-reset.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Remote wipe (Autopilot reset):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Remote wipe (Autopilot reset) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/secure-boot-and-trusted-boot.md b/windows/security/licensing/secure-boot-and-trusted-boot.md
new file mode 100644
index 0000000000..53b48d99cc
--- /dev/null
+++ b/windows/security/licensing/secure-boot-and-trusted-boot.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Secure Boot and Trusted Boot:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Secure Boot and Trusted Boot license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/secured-core-configuration-lock.md b/windows/security/licensing/secured-core-configuration-lock.md
new file mode 100644
index 0000000000..dddf8843a4
--- /dev/null
+++ b/windows/security/licensing/secured-core-configuration-lock.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Secured-core configuration lock:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Secured-core configuration lock license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/secured-core-pc.md b/windows/security/licensing/secured-core-pc.md
new file mode 100644
index 0000000000..8fca64cb2c
--- /dev/null
+++ b/windows/security/licensing/secured-core-pc.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Secured-core PC:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Secured-core PC license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/security-baselines-with-intune.md b/windows/security/licensing/security-baselines-with-intune.md
new file mode 100644
index 0000000000..43b5f384ab
--- /dev/null
+++ b/windows/security/licensing/security-baselines-with-intune.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Security baselines with Intune:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Security baselines with Intune license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/server-message-block-direct-smb-direct.md b/windows/security/licensing/server-message-block-direct-smb-direct.md
new file mode 100644
index 0000000000..1b76968707
--- /dev/null
+++ b/windows/security/licensing/server-message-block-direct-smb-direct.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Server Message Block Direct (SMB Direct):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Server Message Block Direct (SMB Direct) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/server-message-block-smb-file-service.md b/windows/security/licensing/server-message-block-smb-file-service.md
new file mode 100644
index 0000000000..f39db20a54
--- /dev/null
+++ b/windows/security/licensing/server-message-block-smb-file-service.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Server Message Block (SMB) file service:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Server Message Block (SMB) file service license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/smart-app-control.md b/windows/security/licensing/smart-app-control.md
new file mode 100644
index 0000000000..cfb6c198a6
--- /dev/null
+++ b/windows/security/licensing/smart-app-control.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Smart App Control:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Smart App Control license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/smart-cards-for-windows-service.md b/windows/security/licensing/smart-cards-for-windows-service.md
new file mode 100644
index 0000000000..b7a9d46f11
--- /dev/null
+++ b/windows/security/licensing/smart-cards-for-windows-service.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Smart Cards for Windows Service:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Smart Cards for Windows Service license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/tamper-protection-settings-for-mde.md b/windows/security/licensing/tamper-protection-settings-for-mde.md
new file mode 100644
index 0000000000..06a01236ec
--- /dev/null
+++ b/windows/security/licensing/tamper-protection-settings-for-mde.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Tamper protection settings for MDE:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Tamper protection settings for MDE license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/transport-layer-security-tls.md b/windows/security/licensing/transport-layer-security-tls.md
new file mode 100644
index 0000000000..d0f2b933b2
--- /dev/null
+++ b/windows/security/licensing/transport-layer-security-tls.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Transport layer security (TLS):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Transport layer security (TLS) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/trusted-platform-module-tpm-20.md b/windows/security/licensing/trusted-platform-module-tpm-20.md
new file mode 100644
index 0000000000..4b5197dd74
--- /dev/null
+++ b/windows/security/licensing/trusted-platform-module-tpm-20.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Trusted Platform Module (TPM) 2.0:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Trusted Platform Module (TPM) 2.0 license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/universal-print.md b/windows/security/licensing/universal-print.md
new file mode 100644
index 0000000000..46f0afd2c6
--- /dev/null
+++ b/windows/security/licensing/universal-print.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Universal Print:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Universal Print license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/user-account-control-uac.md b/windows/security/licensing/user-account-control-uac.md
new file mode 100644
index 0000000000..dca8cb0915
--- /dev/null
+++ b/windows/security/licensing/user-account-control-uac.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support User Account Control (UAC):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+User Account Control (UAC) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/virtual-private-network-vpn.md b/windows/security/licensing/virtual-private-network-vpn.md
new file mode 100644
index 0000000000..61de672ee8
--- /dev/null
+++ b/windows/security/licensing/virtual-private-network-vpn.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Virtual Private Network (VPN):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Virtual Private Network (VPN) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/virtualization-based-security-vbs.md b/windows/security/licensing/virtualization-based-security-vbs.md
new file mode 100644
index 0000000000..de05ea5d8e
--- /dev/null
+++ b/windows/security/licensing/virtualization-based-security-vbs.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Virtualization-based security (VBS):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Virtualization-based security (VBS) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/wifi-security.md b/windows/security/licensing/wifi-security.md
new file mode 100644
index 0000000000..9507a7618a
--- /dev/null
+++ b/windows/security/licensing/wifi-security.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support WiFi Security:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+WiFi Security license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-autopatch.md b/windows/security/licensing/windows-autopatch.md
new file mode 100644
index 0000000000..f67e2b5216
--- /dev/null
+++ b/windows/security/licensing/windows-autopatch.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Autopatch:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Windows Autopatch license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|No|No|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-autopilot.md b/windows/security/licensing/windows-autopilot.md
new file mode 100644
index 0000000000..9c57cdb899
--- /dev/null
+++ b/windows/security/licensing/windows-autopilot.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Autopilot:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Autopilot license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-containers.md b/windows/security/licensing/windows-containers.md
new file mode 100644
index 0000000000..0e4df6dcb8
--- /dev/null
+++ b/windows/security/licensing/windows-containers.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows containers:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows containers license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-defender-application-control-wdac.md b/windows/security/licensing/windows-defender-application-control-wdac.md
new file mode 100644
index 0000000000..3f81db1b61
--- /dev/null
+++ b/windows/security/licensing/windows-defender-application-control-wdac.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Defender Application Control (WDAC):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Defender Application Control (WDAC) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-defender-credential-guard.md b/windows/security/licensing/windows-defender-credential-guard.md
new file mode 100644
index 0000000000..d55e33af47
--- /dev/null
+++ b/windows/security/licensing/windows-defender-credential-guard.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Defender Credential Guard:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Windows Defender Credential Guard license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-defender-remote-credential-guard.md b/windows/security/licensing/windows-defender-remote-credential-guard.md
new file mode 100644
index 0000000000..51feb6043b
--- /dev/null
+++ b/windows/security/licensing/windows-defender-remote-credential-guard.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Defender Remote Credential Guard:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Defender Remote Credential Guard license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-defender-system-guard.md b/windows/security/licensing/windows-defender-system-guard.md
new file mode 100644
index 0000000000..b4f7577506
--- /dev/null
+++ b/windows/security/licensing/windows-defender-system-guard.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Defender System Guard:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Defender System Guard license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-firewall.md b/windows/security/licensing/windows-firewall.md
new file mode 100644
index 0000000000..12b7254fb9
--- /dev/null
+++ b/windows/security/licensing/windows-firewall.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Firewall:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Firewall license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md b/windows/security/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
new file mode 100644
index 0000000000..0b8095a9f8
--- /dev/null
+++ b/windows/security/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Hello for Business Enhanced Security Sign-in (ESS):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Hello for Business Enhanced Security Sign-in (ESS) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-hello-for-business.md b/windows/security/licensing/windows-hello-for-business.md
new file mode 100644
index 0000000000..cb8ec101ad
--- /dev/null
+++ b/windows/security/licensing/windows-hello-for-business.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Hello for Business:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Hello for Business license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-presence-sensing.md b/windows/security/licensing/windows-presence-sensing.md
new file mode 100644
index 0000000000..25eda4a8de
--- /dev/null
+++ b/windows/security/licensing/windows-presence-sensing.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows presence sensing:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows presence sensing license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-sandbox.md b/windows/security/licensing/windows-sandbox.md
new file mode 100644
index 0000000000..1b23c6f198
--- /dev/null
+++ b/windows/security/licensing/windows-sandbox.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Sandbox:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Sandbox license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-security-policy-settings-and-auditing.md b/windows/security/licensing/windows-security-policy-settings-and-auditing.md
new file mode 100644
index 0000000000..0fabeddb20
--- /dev/null
+++ b/windows/security/licensing/windows-security-policy-settings-and-auditing.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/25/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Security policy settings and auditing:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Security policy settings and auditing license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

From d2a2129b2e1db90d239b14904de29584ddc786a3 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Wed, 26 Apr 2023 15:42:40 -0400
Subject: [PATCH 022/107] reverted mockup changes

---
 ...ur-arch-diagram.png => ur-arch-diagram.png | Bin
 .../hello-for-business/hello-overview.md      |   2 +
 windows/security/identity-protection/toc.yml  |  24 ++----
 .../licensing/_edition-requirements.md        |  81 ------------------
 .../licensing/_licensing-requirements.md      |  81 ------------------
 .../licensing/access-control-aclsscals.md     |  22 -----
 .../licensing/account-lockout-policy.md       |  22 -----
 .../licensing/always-on-vpn-device-tunnel.md  |  22 -----
 .../licensing/assigned-access-kiosk-mode.md   |  22 -----
 .../licensing/attack-surface-reduction-asr.md |  22 -----
 ...d-azure-ad-join-with-single-sign-on-sso.md |  22 -----
 windows/security/licensing/bitlocker.md       |  22 -----
 ...tooth-pairing-and-connection-protection.md |  22 -----
 .../common-criteria-certifications.md         |  22 -----
 .../licensing/controlled-folder-access.md     |  22 -----
 .../device-health-attestation-service.md      |  22 -----
 windows/security/licensing/direct-access.md   |  22 -----
 .../licensing/email-encryption-smime.md       |  22 -----
 .../licensing/encrypted-hard-drive.md         |  22 -----
 ...ed-phishing-protection-with-smartscreen.md |  22 -----
 .../security/licensing/exploit-protection.md  |  22 -----
 ...fast-identity-online-fido2-security-key.md |  22 -----
 ...processing-standard-fips-140-validation.md |  22 -----
 .../security/licensing/federated-sign-in.md   |  22 -----
 .../hardware-enforced-stack-protection.md     |  22 -----
 ...ypervisor-protected-code-integrity-hvci.md |  22 -----
 ...nel-direct-memory-access-dma-protection.md |  22 -----
 .../local-administrator-password-solution.md  |  22 -----
 ...local-security-authority-lsa-protection.md |  22 -----
 ...-device-management-mdm-and-group-policy.md |  22 -----
 windows/security/licensing/measured-boot.md   |  22 -----
 .../licensing/microsoft-defender-antivirus.md |  22 -----
 ...pplication-guard-mdag-configure-via-mdm.md |  22 -----
 ...terprise-mode-and-enterprise-management.md |  22 -----
 ...ion-guard-mdag-for-edge-standalone-mode.md |  22 -----
 ...ication-guard-mdag-for-microsoft-office.md |  22 -----
 ...nder-application-guard-mdag-public-apis.md |  22 -----
 .../microsoft-defender-for-endpoint.md        |  22 -----
 .../microsoft-defender-smartscreen.md         |  22 -----
 .../microsoft-pluton-security-processor.md    |  22 -----
 .../microsoft-vulnerable-driver-blocklist.md  |  22 -----
 .../opportunistic-wireless-encryption-owe.md  |  22 -----
 .../licensing/personal-data-encryption-pde.md |  22 -----
 .../licensing/privacy-resource-usage.md       |  22 -----
 .../privacy-transparency-and-controls.md      |  22 -----
 .../licensing/remote-wipe-autopilot-reset.md  |  22 -----
 .../licensing/secure-boot-and-trusted-boot.md |  22 -----
 .../secured-core-configuration-lock.md        |  22 -----
 windows/security/licensing/secured-core-pc.md |  22 -----
 .../security-baselines-with-intune.md         |  22 -----
 .../server-message-block-direct-smb-direct.md |  22 -----
 .../server-message-block-smb-file-service.md  |  22 -----
 .../security/licensing/smart-app-control.md   |  22 -----
 .../smart-cards-for-windows-service.md        |  22 -----
 .../tamper-protection-settings-for-mde.md     |  22 -----
 .../licensing/transport-layer-security-tls.md |  22 -----
 .../trusted-platform-module-tpm-20.md         |  22 -----
 windows/security/licensing/universal-print.md |  22 -----
 .../licensing/user-account-control-uac.md     |  22 -----
 .../licensing/virtual-private-network-vpn.md  |  22 -----
 .../virtualization-based-security-vbs.md      |  22 -----
 windows/security/licensing/wifi-security.md   |  22 -----
 .../security/licensing/windows-autopatch.md   |  22 -----
 .../security/licensing/windows-autopilot.md   |  22 -----
 .../security/licensing/windows-containers.md  |  22 -----
 ...ndows-defender-application-control-wdac.md |  22 -----
 .../windows-defender-credential-guard.md      |  22 -----
 ...indows-defender-remote-credential-guard.md |  22 -----
 .../windows-defender-system-guard.md          |  22 -----
 .../security/licensing/windows-firewall.md    |  22 -----
 ...-business-enhanced-security-sign-in-ess.md |  22 -----
 .../licensing/windows-hello-for-business.md   |  22 -----
 .../licensing/windows-presence-sensing.md     |  22 -----
 windows/security/licensing/windows-sandbox.md |  22 -----
 ...s-security-policy-settings-and-auditing.md |  22 -----
 75 files changed, 8 insertions(+), 1720 deletions(-)
 rename windows/deployment/images/ur-arch-diagram.png => ur-arch-diagram.png (100%)
 delete mode 100644 windows/security/licensing/_edition-requirements.md
 delete mode 100644 windows/security/licensing/_licensing-requirements.md
 delete mode 100644 windows/security/licensing/access-control-aclsscals.md
 delete mode 100644 windows/security/licensing/account-lockout-policy.md
 delete mode 100644 windows/security/licensing/always-on-vpn-device-tunnel.md
 delete mode 100644 windows/security/licensing/assigned-access-kiosk-mode.md
 delete mode 100644 windows/security/licensing/attack-surface-reduction-asr.md
 delete mode 100644 windows/security/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
 delete mode 100644 windows/security/licensing/bitlocker.md
 delete mode 100644 windows/security/licensing/bluetooth-pairing-and-connection-protection.md
 delete mode 100644 windows/security/licensing/common-criteria-certifications.md
 delete mode 100644 windows/security/licensing/controlled-folder-access.md
 delete mode 100644 windows/security/licensing/device-health-attestation-service.md
 delete mode 100644 windows/security/licensing/direct-access.md
 delete mode 100644 windows/security/licensing/email-encryption-smime.md
 delete mode 100644 windows/security/licensing/encrypted-hard-drive.md
 delete mode 100644 windows/security/licensing/enhanced-phishing-protection-with-smartscreen.md
 delete mode 100644 windows/security/licensing/exploit-protection.md
 delete mode 100644 windows/security/licensing/fast-identity-online-fido2-security-key.md
 delete mode 100644 windows/security/licensing/federal-information-processing-standard-fips-140-validation.md
 delete mode 100644 windows/security/licensing/federated-sign-in.md
 delete mode 100644 windows/security/licensing/hardware-enforced-stack-protection.md
 delete mode 100644 windows/security/licensing/hypervisor-protected-code-integrity-hvci.md
 delete mode 100644 windows/security/licensing/kernel-direct-memory-access-dma-protection.md
 delete mode 100644 windows/security/licensing/local-administrator-password-solution.md
 delete mode 100644 windows/security/licensing/local-security-authority-lsa-protection.md
 delete mode 100644 windows/security/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
 delete mode 100644 windows/security/licensing/measured-boot.md
 delete mode 100644 windows/security/licensing/microsoft-defender-antivirus.md
 delete mode 100644 windows/security/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
 delete mode 100644 windows/security/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
 delete mode 100644 windows/security/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
 delete mode 100644 windows/security/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
 delete mode 100644 windows/security/licensing/microsoft-defender-application-guard-mdag-public-apis.md
 delete mode 100644 windows/security/licensing/microsoft-defender-for-endpoint.md
 delete mode 100644 windows/security/licensing/microsoft-defender-smartscreen.md
 delete mode 100644 windows/security/licensing/microsoft-pluton-security-processor.md
 delete mode 100644 windows/security/licensing/microsoft-vulnerable-driver-blocklist.md
 delete mode 100644 windows/security/licensing/opportunistic-wireless-encryption-owe.md
 delete mode 100644 windows/security/licensing/personal-data-encryption-pde.md
 delete mode 100644 windows/security/licensing/privacy-resource-usage.md
 delete mode 100644 windows/security/licensing/privacy-transparency-and-controls.md
 delete mode 100644 windows/security/licensing/remote-wipe-autopilot-reset.md
 delete mode 100644 windows/security/licensing/secure-boot-and-trusted-boot.md
 delete mode 100644 windows/security/licensing/secured-core-configuration-lock.md
 delete mode 100644 windows/security/licensing/secured-core-pc.md
 delete mode 100644 windows/security/licensing/security-baselines-with-intune.md
 delete mode 100644 windows/security/licensing/server-message-block-direct-smb-direct.md
 delete mode 100644 windows/security/licensing/server-message-block-smb-file-service.md
 delete mode 100644 windows/security/licensing/smart-app-control.md
 delete mode 100644 windows/security/licensing/smart-cards-for-windows-service.md
 delete mode 100644 windows/security/licensing/tamper-protection-settings-for-mde.md
 delete mode 100644 windows/security/licensing/transport-layer-security-tls.md
 delete mode 100644 windows/security/licensing/trusted-platform-module-tpm-20.md
 delete mode 100644 windows/security/licensing/universal-print.md
 delete mode 100644 windows/security/licensing/user-account-control-uac.md
 delete mode 100644 windows/security/licensing/virtual-private-network-vpn.md
 delete mode 100644 windows/security/licensing/virtualization-based-security-vbs.md
 delete mode 100644 windows/security/licensing/wifi-security.md
 delete mode 100644 windows/security/licensing/windows-autopatch.md
 delete mode 100644 windows/security/licensing/windows-autopilot.md
 delete mode 100644 windows/security/licensing/windows-containers.md
 delete mode 100644 windows/security/licensing/windows-defender-application-control-wdac.md
 delete mode 100644 windows/security/licensing/windows-defender-credential-guard.md
 delete mode 100644 windows/security/licensing/windows-defender-remote-credential-guard.md
 delete mode 100644 windows/security/licensing/windows-defender-system-guard.md
 delete mode 100644 windows/security/licensing/windows-firewall.md
 delete mode 100644 windows/security/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
 delete mode 100644 windows/security/licensing/windows-hello-for-business.md
 delete mode 100644 windows/security/licensing/windows-presence-sensing.md
 delete mode 100644 windows/security/licensing/windows-sandbox.md
 delete mode 100644 windows/security/licensing/windows-security-policy-settings-and-auditing.md

diff --git a/windows/deployment/images/ur-arch-diagram.png b/ur-arch-diagram.png
similarity index 100%
rename from windows/deployment/images/ur-arch-diagram.png
rename to ur-arch-diagram.png
diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md
index 84acf6b19c..7ed1ecc9b5 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/hello-overview.md
@@ -48,6 +48,8 @@ Windows stores biometric data that is used to implement Windows Hello securely o
 
 - *Windows Hello for Business*, which is configured by group policy or mobile device management (MDM) policy, always uses key-based or certificate-based authentication. This behavior makes it more secure than *Windows Hello convenience PIN*.
 
+[!INCLUDE [windows-hello-for-business](../../../../includes/licensing/windows-hello-for-business.md)]
+
 ## Benefits of Windows Hello
 
 Reports of identity theft and large-scale hacking are frequent headlines. Nobody wants to be notified that their user name and password have been exposed.
diff --git a/windows/security/identity-protection/toc.yml b/windows/security/identity-protection/toc.yml
index dfcb41d432..edc7841f47 100644
--- a/windows/security/identity-protection/toc.yml
+++ b/windows/security/identity-protection/toc.yml
@@ -5,24 +5,12 @@ items:
     href: windows-credential-theft-mitigation-guide-abstract.md
   - name: Passwordless sign-in
     items:
-    - name: Windows Hello for Business
-      items:
-        - name: Windows edition and licensing requirements
-          href: ../licensing/windows-hello-for-business.md
-        - name: Windows Hello for Business overview ⇒
-          href: hello-for-business/index.yml
-    - name: FIDO 2 security keys
-      items:
-        - name: Windows edition and licensing requirements
-          href: ../licensing/fast-identity-online-fido2-security-key.md
-        - name: FIDO 2 security keys overview ⇒
-          href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key
-  - name: Local Administrator Password Solution (LAPS)
-    items:
-      - name: Windows edition and licensing requirements
-        href: ../licensing/local-administrator-password-solution.md
-      - name: Windows LAPS overview ⇒
-        href: /windows-server/identity/laps/laps-overview
+    - name: Windows Hello for Business ⇒
+      href: hello-for-business/index.yml
+    - name: FIDO 2 security keys ⇒
+      href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key
+  - name: Windows LAPS (Local Administrator Password Solution) ⇒
+    href: /windows-server/identity/laps/laps-overview
   - name: Enterprise Certificate Pinning
     href: enterprise-certificate-pinning.md
   - name: Credential Guard
diff --git a/windows/security/licensing/_edition-requirements.md b/windows/security/licensing/_edition-requirements.md
deleted file mode 100644
index 5f6391baad..0000000000
--- a/windows/security/licensing/_edition-requirements.md
+++ /dev/null
@@ -1,81 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-The following table lists the security features that are available in Windows, and the Windows editions that support them:
-
-| Feature name | Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education |
-|:---|:---:|:---:|:---:|:---:|
-|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
-|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|
-|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|❌|Yes|
-|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|
-|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|
-|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|
-|**[BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|
-|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|
-|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|
-|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|
-|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|
-|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|❌|Yes|
-|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|
-|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|
-|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|
-|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|
-|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|
-|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|
-|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|No|Yes|Yes|
-|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|
-|**[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)**|Yes|Yes|Yes|Yes|
-|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|
-|**Local Administrator Password Solution**|Yes|Yes|Yes|Yes|
-|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=%2Fwindows%2Fsecurity%2Ftoc.json&bc=%2Fwindows%2Fsecurity%2Fbreadcrumb%2Ftoc.json)**|Yes|Yes|Yes|Yes|
-|**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|
-|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|❌|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|❌|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|Yes|❌|Yes|
-|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|❌|Yes|
-|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules%23microsoft-vulnerable-driver-blocklist)**|Yes|Yes|Yes|Yes|
-|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|
-|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes|
-|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|
-|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|
-|**[Remote wipe (Autopilot reset)](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|
-|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|
-|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|
-|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|
-|**[Security baselines with Intune](/mem/intune/protect/security-baselines)**|Yes|Yes|Yes|Yes|
-|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|
-|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|
-|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
-|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|
-|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|
-|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|
-|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|
-|**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes|
-|**[User Account Control (UAC)](/indows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|
-|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|
-|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|
-|**WiFi Security**|Yes|Yes|Yes|Yes|
-|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|❌|Yes|
-|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|
-|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|
-|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
-|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|❌|Yes|
-|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|
-|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|
-|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|
-|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|
-|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|
-|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|
-|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|
-|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|
diff --git a/windows/security/licensing/_licensing-requirements.md b/windows/security/licensing/_licensing-requirements.md
deleted file mode 100644
index 2d3f2f34d8..0000000000
--- a/windows/security/licensing/_licensing-requirements.md
+++ /dev/null
@@ -1,81 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-The following table lists the security features that are available in Windows, and the licensing requirements to use them:
-
-|Feature name|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---|:---:|:---:|:---:|:---:|:---:|
-|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
-|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes|
-|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|Yes|Yes|Yes|
-|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes|
-|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes|
-|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes|
-|**[BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|Yes|
-|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|Yes|
-|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|Yes|
-|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|Yes|
-|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|Yes|Yes|Yes|
-|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|Yes|
-|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|Yes|
-|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|Yes|
-|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes|
-|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|Yes|
-|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes|
-|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|No|❌|Yes|Yes|
-|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes|
-|**[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)**|Yes|Yes|Yes|Yes|Yes|
-|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes|
-|**Local Administrator Password Solution**|Yes|Yes|Yes|Yes|Yes|
-|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=%2Fwindows%2Fsecurity%2Ftoc.json&bc=%2Fwindows%2Fsecurity%2Fbreadcrumb%2Ftoc.json)**|Yes|Yes|Yes|Yes|Yes|
-|**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|No|❌|No|❌|
-|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|❌|Yes|❌|Yes|
-|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules%23microsoft-vulnerable-driver-blocklist)**|Yes|Yes|Yes|Yes|Yes|
-|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes|
-|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes|
-|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes|
-|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|Yes|
-|**[Remote wipe (Autopilot reset)](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes|
-|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|Yes|
-|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|Yes|
-|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes|
-|**[Security baselines with Intune](/mem/intune/protect/security-baselines)**|Yes|Yes|Yes|Yes|Yes|
-|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|Yes|
-|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
-|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|Yes|
-|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes|
-|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes|Yes|
-|**[User Account Control (UAC)](/indows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes|
-|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes|
-|**WiFi Security**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|No|
-|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|Yes|Yes|Yes|
-|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes|
diff --git a/windows/security/licensing/access-control-aclsscals.md b/windows/security/licensing/access-control-aclsscals.md
deleted file mode 100644
index 028929c987..0000000000
--- a/windows/security/licensing/access-control-aclsscals.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Access Control (ACLs/SCALS):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Access Control (ACLs/SCALS) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/account-lockout-policy.md b/windows/security/licensing/account-lockout-policy.md
deleted file mode 100644
index 9d28314c22..0000000000
--- a/windows/security/licensing/account-lockout-policy.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Account Lockout Policy:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Account Lockout Policy license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/always-on-vpn-device-tunnel.md b/windows/security/licensing/always-on-vpn-device-tunnel.md
deleted file mode 100644
index 165e3355ce..0000000000
--- a/windows/security/licensing/always-on-vpn-device-tunnel.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Always On VPN (device tunnel):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
-
-Always On VPN (device tunnel) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/assigned-access-kiosk-mode.md b/windows/security/licensing/assigned-access-kiosk-mode.md
deleted file mode 100644
index 0aacfd0d54..0000000000
--- a/windows/security/licensing/assigned-access-kiosk-mode.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Assigned Access (kiosk mode):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Assigned Access (kiosk mode) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/attack-surface-reduction-asr.md b/windows/security/licensing/attack-surface-reduction-asr.md
deleted file mode 100644
index bdfa84be11..0000000000
--- a/windows/security/licensing/attack-surface-reduction-asr.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Attack surface reduction (ASR):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Attack surface reduction (ASR) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md b/windows/security/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
deleted file mode 100644
index a2348b9f96..0000000000
--- a/windows/security/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/bitlocker.md b/windows/security/licensing/bitlocker.md
deleted file mode 100644
index e1d0482a14..0000000000
--- a/windows/security/licensing/bitlocker.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support BitLocker:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-BitLocker license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/bluetooth-pairing-and-connection-protection.md b/windows/security/licensing/bluetooth-pairing-and-connection-protection.md
deleted file mode 100644
index ea7d847692..0000000000
--- a/windows/security/licensing/bluetooth-pairing-and-connection-protection.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Bluetooth pairing and connection protection:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Bluetooth pairing and connection protection license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/common-criteria-certifications.md b/windows/security/licensing/common-criteria-certifications.md
deleted file mode 100644
index 67da2eaa80..0000000000
--- a/windows/security/licensing/common-criteria-certifications.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Common Criteria certifications:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Common Criteria certifications license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/controlled-folder-access.md b/windows/security/licensing/controlled-folder-access.md
deleted file mode 100644
index 6e8429962d..0000000000
--- a/windows/security/licensing/controlled-folder-access.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Controlled folder access:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Controlled folder access license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/device-health-attestation-service.md b/windows/security/licensing/device-health-attestation-service.md
deleted file mode 100644
index 180599b676..0000000000
--- a/windows/security/licensing/device-health-attestation-service.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Device health attestation service:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Device health attestation service license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/direct-access.md b/windows/security/licensing/direct-access.md
deleted file mode 100644
index 32f1858423..0000000000
--- a/windows/security/licensing/direct-access.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Direct Access:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
-
-Direct Access license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/email-encryption-smime.md b/windows/security/licensing/email-encryption-smime.md
deleted file mode 100644
index 1e613f7ea7..0000000000
--- a/windows/security/licensing/email-encryption-smime.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Email Encryption (S/MIME):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Email Encryption (S/MIME) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/encrypted-hard-drive.md b/windows/security/licensing/encrypted-hard-drive.md
deleted file mode 100644
index 7f8eabb4fc..0000000000
--- a/windows/security/licensing/encrypted-hard-drive.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Encrypted hard drive:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Encrypted hard drive license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/enhanced-phishing-protection-with-smartscreen.md b/windows/security/licensing/enhanced-phishing-protection-with-smartscreen.md
deleted file mode 100644
index c050417d86..0000000000
--- a/windows/security/licensing/enhanced-phishing-protection-with-smartscreen.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Enhanced phishing protection with SmartScreen:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Enhanced phishing protection with SmartScreen license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/exploit-protection.md b/windows/security/licensing/exploit-protection.md
deleted file mode 100644
index ee0105c7aa..0000000000
--- a/windows/security/licensing/exploit-protection.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Exploit protection:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Exploit protection license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/fast-identity-online-fido2-security-key.md b/windows/security/licensing/fast-identity-online-fido2-security-key.md
deleted file mode 100644
index 1fac120af3..0000000000
--- a/windows/security/licensing/fast-identity-online-fido2-security-key.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Fast Identity Online (FIDO2) security key:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Fast Identity Online (FIDO2) security key license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/federal-information-processing-standard-fips-140-validation.md b/windows/security/licensing/federal-information-processing-standard-fips-140-validation.md
deleted file mode 100644
index 4f43d3d758..0000000000
--- a/windows/security/licensing/federal-information-processing-standard-fips-140-validation.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Federal Information Processing Standard (FIPS) 140 validation:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Federal Information Processing Standard (FIPS) 140 validation license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/federated-sign-in.md b/windows/security/licensing/federated-sign-in.md
deleted file mode 100644
index 080274363c..0000000000
--- a/windows/security/licensing/federated-sign-in.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Federated sign-in:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|No|No|Yes|Yes|
-
-Federated sign-in license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|No|No|No|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/hardware-enforced-stack-protection.md b/windows/security/licensing/hardware-enforced-stack-protection.md
deleted file mode 100644
index 7d197bf299..0000000000
--- a/windows/security/licensing/hardware-enforced-stack-protection.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Hardware-enforced stack protection:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Hardware-enforced stack protection license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/hypervisor-protected-code-integrity-hvci.md b/windows/security/licensing/hypervisor-protected-code-integrity-hvci.md
deleted file mode 100644
index 659a1e1a0f..0000000000
--- a/windows/security/licensing/hypervisor-protected-code-integrity-hvci.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Hypervisor-protected Code Integrity (HVCI):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Hypervisor-protected Code Integrity (HVCI) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/kernel-direct-memory-access-dma-protection.md b/windows/security/licensing/kernel-direct-memory-access-dma-protection.md
deleted file mode 100644
index c07f32a3f1..0000000000
--- a/windows/security/licensing/kernel-direct-memory-access-dma-protection.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Kernel Direct Memory Access (DMA) protection:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Kernel Direct Memory Access (DMA) protection license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/local-administrator-password-solution.md b/windows/security/licensing/local-administrator-password-solution.md
deleted file mode 100644
index a7f5eb6aba..0000000000
--- a/windows/security/licensing/local-administrator-password-solution.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Local Administrator Password Solution:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Local Administrator Password Solution license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/local-security-authority-lsa-protection.md b/windows/security/licensing/local-security-authority-lsa-protection.md
deleted file mode 100644
index f6b948f1a1..0000000000
--- a/windows/security/licensing/local-security-authority-lsa-protection.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Local Security Authority (LSA) Protection:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Local Security Authority (LSA) Protection license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md b/windows/security/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
deleted file mode 100644
index d0c8d30dd4..0000000000
--- a/windows/security/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Manage by Mobile Device Management (MDM) and group policy:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Manage by Mobile Device Management (MDM) and group policy license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/measured-boot.md b/windows/security/licensing/measured-boot.md
deleted file mode 100644
index 873dd51db8..0000000000
--- a/windows/security/licensing/measured-boot.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Measured boot:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Measured boot license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-defender-antivirus.md b/windows/security/licensing/microsoft-defender-antivirus.md
deleted file mode 100644
index 08df5e0218..0000000000
--- a/windows/security/licensing/microsoft-defender-antivirus.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Microsoft Defender Antivirus:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Microsoft Defender Antivirus license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md b/windows/security/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
deleted file mode 100644
index e754997c7a..0000000000
--- a/windows/security/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) configure via MDM:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
-
-Microsoft Defender Application Guard (MDAG) configure via MDM license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md b/windows/security/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
deleted file mode 100644
index 9dc9d2c111..0000000000
--- a/windows/security/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
-
-Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md b/windows/security/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
deleted file mode 100644
index fe5677e4eb..0000000000
--- a/windows/security/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) for Edge standalone mode:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Microsoft Defender Application Guard (MDAG) for Edge standalone mode license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md b/windows/security/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
deleted file mode 100644
index 3cbb70aa69..0000000000
--- a/windows/security/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) for Microsoft Office:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
-
-Microsoft Defender Application Guard (MDAG) for Microsoft Office license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|No|No|No|No|No|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-defender-application-guard-mdag-public-apis.md b/windows/security/licensing/microsoft-defender-application-guard-mdag-public-apis.md
deleted file mode 100644
index eeaf93367e..0000000000
--- a/windows/security/licensing/microsoft-defender-application-guard-mdag-public-apis.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) public APIs:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
-
-Microsoft Defender Application Guard (MDAG) public APIs license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-defender-for-endpoint.md b/windows/security/licensing/microsoft-defender-for-endpoint.md
deleted file mode 100644
index 312be13a46..0000000000
--- a/windows/security/licensing/microsoft-defender-for-endpoint.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Microsoft Defender for Endpoint:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Microsoft Defender for Endpoint license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|No|Yes|No|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-defender-smartscreen.md b/windows/security/licensing/microsoft-defender-smartscreen.md
deleted file mode 100644
index ff95861177..0000000000
--- a/windows/security/licensing/microsoft-defender-smartscreen.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Microsoft Defender SmartScreen:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Microsoft Defender SmartScreen license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-pluton-security-processor.md b/windows/security/licensing/microsoft-pluton-security-processor.md
deleted file mode 100644
index d0f93bcb7c..0000000000
--- a/windows/security/licensing/microsoft-pluton-security-processor.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Microsoft Pluton security processor:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Microsoft Pluton security processor license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/microsoft-vulnerable-driver-blocklist.md b/windows/security/licensing/microsoft-vulnerable-driver-blocklist.md
deleted file mode 100644
index 98dd69ad55..0000000000
--- a/windows/security/licensing/microsoft-vulnerable-driver-blocklist.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Microsoft Vulnerable Driver Blocklist:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Microsoft Vulnerable Driver Blocklist license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/opportunistic-wireless-encryption-owe.md b/windows/security/licensing/opportunistic-wireless-encryption-owe.md
deleted file mode 100644
index 953cb81211..0000000000
--- a/windows/security/licensing/opportunistic-wireless-encryption-owe.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Opportunistic Wireless Encryption (OWE):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Opportunistic Wireless Encryption (OWE) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/personal-data-encryption-pde.md b/windows/security/licensing/personal-data-encryption-pde.md
deleted file mode 100644
index 5626b57d96..0000000000
--- a/windows/security/licensing/personal-data-encryption-pde.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Personal data encryption (PDE):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
-
-Personal data encryption (PDE) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/privacy-resource-usage.md b/windows/security/licensing/privacy-resource-usage.md
deleted file mode 100644
index 2bea08f5e1..0000000000
--- a/windows/security/licensing/privacy-resource-usage.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Privacy Resource Usage:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Privacy Resource Usage license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/privacy-transparency-and-controls.md b/windows/security/licensing/privacy-transparency-and-controls.md
deleted file mode 100644
index 2fec75d8c4..0000000000
--- a/windows/security/licensing/privacy-transparency-and-controls.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Privacy Transparency and Controls:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Privacy Transparency and Controls license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/remote-wipe-autopilot-reset.md b/windows/security/licensing/remote-wipe-autopilot-reset.md
deleted file mode 100644
index c68c8ad2ed..0000000000
--- a/windows/security/licensing/remote-wipe-autopilot-reset.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Remote wipe (Autopilot reset):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Remote wipe (Autopilot reset) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/secure-boot-and-trusted-boot.md b/windows/security/licensing/secure-boot-and-trusted-boot.md
deleted file mode 100644
index 53b48d99cc..0000000000
--- a/windows/security/licensing/secure-boot-and-trusted-boot.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Secure Boot and Trusted Boot:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Secure Boot and Trusted Boot license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/secured-core-configuration-lock.md b/windows/security/licensing/secured-core-configuration-lock.md
deleted file mode 100644
index dddf8843a4..0000000000
--- a/windows/security/licensing/secured-core-configuration-lock.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Secured-core configuration lock:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Secured-core configuration lock license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/secured-core-pc.md b/windows/security/licensing/secured-core-pc.md
deleted file mode 100644
index 8fca64cb2c..0000000000
--- a/windows/security/licensing/secured-core-pc.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Secured-core PC:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Secured-core PC license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/security-baselines-with-intune.md b/windows/security/licensing/security-baselines-with-intune.md
deleted file mode 100644
index 43b5f384ab..0000000000
--- a/windows/security/licensing/security-baselines-with-intune.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Security baselines with Intune:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Security baselines with Intune license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/server-message-block-direct-smb-direct.md b/windows/security/licensing/server-message-block-direct-smb-direct.md
deleted file mode 100644
index 1b76968707..0000000000
--- a/windows/security/licensing/server-message-block-direct-smb-direct.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Server Message Block Direct (SMB Direct):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Server Message Block Direct (SMB Direct) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/server-message-block-smb-file-service.md b/windows/security/licensing/server-message-block-smb-file-service.md
deleted file mode 100644
index f39db20a54..0000000000
--- a/windows/security/licensing/server-message-block-smb-file-service.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Server Message Block (SMB) file service:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Server Message Block (SMB) file service license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/smart-app-control.md b/windows/security/licensing/smart-app-control.md
deleted file mode 100644
index cfb6c198a6..0000000000
--- a/windows/security/licensing/smart-app-control.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Smart App Control:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Smart App Control license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/smart-cards-for-windows-service.md b/windows/security/licensing/smart-cards-for-windows-service.md
deleted file mode 100644
index b7a9d46f11..0000000000
--- a/windows/security/licensing/smart-cards-for-windows-service.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Smart Cards for Windows Service:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Smart Cards for Windows Service license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/tamper-protection-settings-for-mde.md b/windows/security/licensing/tamper-protection-settings-for-mde.md
deleted file mode 100644
index 06a01236ec..0000000000
--- a/windows/security/licensing/tamper-protection-settings-for-mde.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Tamper protection settings for MDE:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Tamper protection settings for MDE license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/transport-layer-security-tls.md b/windows/security/licensing/transport-layer-security-tls.md
deleted file mode 100644
index d0f2b933b2..0000000000
--- a/windows/security/licensing/transport-layer-security-tls.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Transport layer security (TLS):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Transport layer security (TLS) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/trusted-platform-module-tpm-20.md b/windows/security/licensing/trusted-platform-module-tpm-20.md
deleted file mode 100644
index 4b5197dd74..0000000000
--- a/windows/security/licensing/trusted-platform-module-tpm-20.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Trusted Platform Module (TPM) 2.0:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Trusted Platform Module (TPM) 2.0 license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/universal-print.md b/windows/security/licensing/universal-print.md
deleted file mode 100644
index 46f0afd2c6..0000000000
--- a/windows/security/licensing/universal-print.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Universal Print:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Universal Print license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/user-account-control-uac.md b/windows/security/licensing/user-account-control-uac.md
deleted file mode 100644
index dca8cb0915..0000000000
--- a/windows/security/licensing/user-account-control-uac.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support User Account Control (UAC):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-User Account Control (UAC) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/virtual-private-network-vpn.md b/windows/security/licensing/virtual-private-network-vpn.md
deleted file mode 100644
index 61de672ee8..0000000000
--- a/windows/security/licensing/virtual-private-network-vpn.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Virtual Private Network (VPN):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Virtual Private Network (VPN) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/virtualization-based-security-vbs.md b/windows/security/licensing/virtualization-based-security-vbs.md
deleted file mode 100644
index de05ea5d8e..0000000000
--- a/windows/security/licensing/virtualization-based-security-vbs.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Virtualization-based security (VBS):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Virtualization-based security (VBS) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/wifi-security.md b/windows/security/licensing/wifi-security.md
deleted file mode 100644
index 9507a7618a..0000000000
--- a/windows/security/licensing/wifi-security.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support WiFi Security:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-WiFi Security license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-autopatch.md b/windows/security/licensing/windows-autopatch.md
deleted file mode 100644
index f67e2b5216..0000000000
--- a/windows/security/licensing/windows-autopatch.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows Autopatch:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
-
-Windows Autopatch license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|No|No|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-autopilot.md b/windows/security/licensing/windows-autopilot.md
deleted file mode 100644
index 9c57cdb899..0000000000
--- a/windows/security/licensing/windows-autopilot.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows Autopilot:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows Autopilot license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-containers.md b/windows/security/licensing/windows-containers.md
deleted file mode 100644
index 0e4df6dcb8..0000000000
--- a/windows/security/licensing/windows-containers.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows containers:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows containers license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-defender-application-control-wdac.md b/windows/security/licensing/windows-defender-application-control-wdac.md
deleted file mode 100644
index 3f81db1b61..0000000000
--- a/windows/security/licensing/windows-defender-application-control-wdac.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows Defender Application Control (WDAC):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows Defender Application Control (WDAC) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-defender-credential-guard.md b/windows/security/licensing/windows-defender-credential-guard.md
deleted file mode 100644
index d55e33af47..0000000000
--- a/windows/security/licensing/windows-defender-credential-guard.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows Defender Credential Guard:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
-
-Windows Defender Credential Guard license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-defender-remote-credential-guard.md b/windows/security/licensing/windows-defender-remote-credential-guard.md
deleted file mode 100644
index 51feb6043b..0000000000
--- a/windows/security/licensing/windows-defender-remote-credential-guard.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows Defender Remote Credential Guard:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows Defender Remote Credential Guard license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-defender-system-guard.md b/windows/security/licensing/windows-defender-system-guard.md
deleted file mode 100644
index b4f7577506..0000000000
--- a/windows/security/licensing/windows-defender-system-guard.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows Defender System Guard:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows Defender System Guard license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-firewall.md b/windows/security/licensing/windows-firewall.md
deleted file mode 100644
index 12b7254fb9..0000000000
--- a/windows/security/licensing/windows-firewall.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows Firewall:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows Firewall license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md b/windows/security/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
deleted file mode 100644
index 0b8095a9f8..0000000000
--- a/windows/security/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows Hello for Business Enhanced Security Sign-in (ESS):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows Hello for Business Enhanced Security Sign-in (ESS) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-hello-for-business.md b/windows/security/licensing/windows-hello-for-business.md
deleted file mode 100644
index cb8ec101ad..0000000000
--- a/windows/security/licensing/windows-hello-for-business.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows Hello for Business:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows Hello for Business license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-presence-sensing.md b/windows/security/licensing/windows-presence-sensing.md
deleted file mode 100644
index 25eda4a8de..0000000000
--- a/windows/security/licensing/windows-presence-sensing.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows presence sensing:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows presence sensing license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-sandbox.md b/windows/security/licensing/windows-sandbox.md
deleted file mode 100644
index 1b23c6f198..0000000000
--- a/windows/security/licensing/windows-sandbox.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows Sandbox:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows Sandbox license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing/windows-security-policy-settings-and-auditing.md b/windows/security/licensing/windows-security-policy-settings-and-auditing.md
deleted file mode 100644
index 0fabeddb20..0000000000
--- a/windows/security/licensing/windows-security-policy-settings-and-auditing.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows Security policy settings and auditing:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows Security policy settings and auditing license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

From 7c7d66df4b0ce21d2a4b31adf3dc0036e89ce774 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Wed, 26 Apr 2023 17:11:53 -0400
Subject: [PATCH 023/107] updates

---
 windows/security/TOC.yml                      | 78 ++++++++--------
 .../hello-for-business/hello-overview.md      |  2 -
 windows/security/identity-protection/toc.yml  | 90 ++++++++++---------
 3 files changed, 87 insertions(+), 83 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 73cbaf7b9b..c52f738f8f 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -14,43 +14,47 @@
     href: introduction/security-features-licensing-requirements.md
 - name: Hardware security
   items:
-    - name: Overview
-      href: hardware.md
-    - name: Microsoft Pluton security processor
-      items:
-        - name: Microsoft Pluton overview
-          href: information-protection/pluton/microsoft-pluton-security-processor.md
-        - name: Microsoft Pluton as TPM
-          href: information-protection/pluton/pluton-as-tpm.md
-    - name: Trusted Platform Module
-      href: information-protection/tpm/trusted-platform-module-top-node.md
-      items:
-        - name: Trusted Platform Module overview
-          href: information-protection/tpm/trusted-platform-module-overview.md
-        - name: TPM fundamentals
-          href: information-protection/tpm/tpm-fundamentals.md
-        - name: How Windows uses the TPM
-          href: information-protection/tpm/how-windows-uses-the-tpm.md
-        - name: TPM Group Policy settings
-          href: information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
-        - name: Back up the TPM recovery information to AD DS
-          href: information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
-        - name: View status, clear, or troubleshoot the TPM
-          href: information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
-        - name: Understanding PCR banks on TPM 2.0 devices
-          href: information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
-        - name: TPM recommendations
-          href: information-protection/tpm/tpm-recommendations.md
-    - name: Hardware-based root of trust
-      href: threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
-    - name: System Guard Secure Launch and SMM protection
-      href: threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
-    - name: Enable virtualization-based protection of code integrity
-      href: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
-    - name: Kernel DMA Protection
-      href: information-protection/kernel-dma-protection-for-thunderbolt.md
-    - name: Windows secured-core devices
-      href: /windows-hardware/design/device-experiences/oem-highly-secure
+  - name: Overview
+    href: hardware.md
+  - name: Hardware root of trust
+    items:
+      - name: Windows Defender System Guard
+        href: threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
+      - name: Trusted Platform Module
+        href: information-protection/tpm/trusted-platform-module-top-node.md
+        items:
+          - name: Trusted Platform Module overview
+            href: information-protection/tpm/trusted-platform-module-overview.md
+          - name: TPM fundamentals
+            href: information-protection/tpm/tpm-fundamentals.md
+          - name: How Windows uses the TPM
+            href: information-protection/tpm/how-windows-uses-the-tpm.md
+          - name: TPM Group Policy settings
+            href: information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+          - name: Back up the TPM recovery information to AD DS
+            href: information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
+          - name: View status, clear, or troubleshoot the TPM
+            href: information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+          - name: Understanding PCR banks on TPM 2.0 devices
+            href: information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+          - name: TPM recommendations
+            href: information-protection/tpm/tpm-recommendations.md
+      - name: Microsoft Pluton security processor
+        items:
+          - name: Microsoft Pluton overview
+            href: information-protection/pluton/microsoft-pluton-security-processor.md
+          - name: Microsoft Pluton as TPM
+            href: information-protection/pluton/pluton-as-tpm.md
+      - name: Silicon assisted security
+        items:
+          - name: System Guard Secure Launch and SMM protection
+            href: threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
+          - name: Enable virtualization-based protection of code integrity
+            href: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+          - name: Kernel DMA Protection
+            href: information-protection/kernel-dma-protection-for-thunderbolt.md
+          - name: Windows secured-core devices
+            href: /windows-hardware/design/device-experiences/oem-highly-secure
 - name: Operating system security
   items:
     - name: Overview
diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md
index 7ed1ecc9b5..84acf6b19c 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/hello-overview.md
@@ -48,8 +48,6 @@ Windows stores biometric data that is used to implement Windows Hello securely o
 
 - *Windows Hello for Business*, which is configured by group policy or mobile device management (MDM) policy, always uses key-based or certificate-based authentication. This behavior makes it more secure than *Windows Hello convenience PIN*.
 
-[!INCLUDE [windows-hello-for-business](../../../../includes/licensing/windows-hello-for-business.md)]
-
 ## Benefits of Windows Hello
 
 Reports of identity theft and large-scale hacking are frequent headlines. Nobody wants to be notified that their user name and password have been exposed.
diff --git a/windows/security/identity-protection/toc.yml b/windows/security/identity-protection/toc.yml
index edc7841f47..55be6bbf33 100644
--- a/windows/security/identity-protection/toc.yml
+++ b/windows/security/identity-protection/toc.yml
@@ -7,8 +7,53 @@ items:
     items:
     - name: Windows Hello for Business ⇒
       href: hello-for-business/index.yml
+    - name: Windows presence sensing
+      href: https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb
     - name: FIDO 2 security keys ⇒
       href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key
+    - name: Smart Cards
+      href: smart-cards/smart-card-windows-smart-card-technical-reference.md
+      items:
+        - name: How Smart Card Sign-in Works in Windows
+          href: smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
+          items:
+            - name: Smart Card Architecture
+              href: smart-cards/smart-card-architecture.md
+            - name: Certificate Requirements and Enumeration
+              href: smart-cards/smart-card-certificate-requirements-and-enumeration.md
+            - name: Smart Card and Remote Desktop Services
+              href: smart-cards/smart-card-and-remote-desktop-services.md
+            - name: Smart Cards for Windows Service
+              href: smart-cards/smart-card-smart-cards-for-windows-service.md
+            - name: Certificate Propagation Service
+              href: smart-cards/smart-card-certificate-propagation-service.md
+            - name: Smart Card Removal Policy Service
+              href: smart-cards/smart-card-removal-policy-service.md
+        - name: Smart Card Tools and Settings
+          href: smart-cards/smart-card-tools-and-settings.md
+          items:
+            - name: Smart Cards Debugging Information
+              href: smart-cards/smart-card-debugging-information.md
+            - name: Smart Card Group Policy and Registry Settings
+              href: smart-cards/smart-card-group-policy-and-registry-settings.md
+            - name: Smart Card Events
+              href: smart-cards/smart-card-events.md
+        - name: Virtual smart cards
+          href: virtual-smart-cards/virtual-smart-card-overview.md
+          items:
+            - name: Understand and evaluate virtual smart cards
+              href: virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
+              items:
+                - name: Get started with virtual smart cards
+                  href: virtual-smart-cards/virtual-smart-card-get-started.md
+                - name: Use virtual smart cards
+                  href: virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
+                - name: Deploy virtual smart cards
+                  href: virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
+                - name: Evaluate virtual smart card security
+                  href: virtual-smart-cards/virtual-smart-card-evaluate-security.md
+            - name: Tpmvscmgr
+              href: virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
   - name: Windows LAPS (Local Administrator Password Solution) ⇒
     href: /windows-server/identity/laps/laps-overview
   - name: Enterprise Certificate Pinning
@@ -52,47 +97,4 @@ items:
       - name: User Account Control security policy settings
         href: user-account-control/user-account-control-security-policy-settings.md
       - name: User Account Control Group Policy and registry key settings
-        href: user-account-control/user-account-control-group-policy-and-registry-key-settings.md
-  - name: Smart Cards
-    href: smart-cards/smart-card-windows-smart-card-technical-reference.md
-    items:
-      - name: How Smart Card Sign-in Works in Windows
-        href: smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
-        items:
-          - name: Smart Card Architecture
-            href: smart-cards/smart-card-architecture.md
-          - name: Certificate Requirements and Enumeration
-            href: smart-cards/smart-card-certificate-requirements-and-enumeration.md
-          - name: Smart Card and Remote Desktop Services
-            href: smart-cards/smart-card-and-remote-desktop-services.md
-          - name: Smart Cards for Windows Service
-            href: smart-cards/smart-card-smart-cards-for-windows-service.md
-          - name: Certificate Propagation Service
-            href: smart-cards/smart-card-certificate-propagation-service.md
-          - name: Smart Card Removal Policy Service
-            href: smart-cards/smart-card-removal-policy-service.md
-      - name: Smart Card Tools and Settings
-        href: smart-cards/smart-card-tools-and-settings.md
-        items:
-          - name: Smart Cards Debugging Information
-            href: smart-cards/smart-card-debugging-information.md
-          - name: Smart Card Group Policy and Registry Settings
-            href: smart-cards/smart-card-group-policy-and-registry-settings.md
-          - name: Smart Card Events
-            href: smart-cards/smart-card-events.md
-      - name: Virtual smart cards
-        href: virtual-smart-cards/virtual-smart-card-overview.md
-        items:
-          - name: Understand and evaluate virtual smart cards
-            href: virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
-            items:
-              - name: Get started with virtual smart cards
-                href: virtual-smart-cards/virtual-smart-card-get-started.md
-              - name: Use virtual smart cards
-                href: virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
-              - name: Deploy virtual smart cards
-                href: virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
-              - name: Evaluate virtual smart card security
-                href: virtual-smart-cards/virtual-smart-card-evaluate-security.md
-          - name: Tpmvscmgr
-            href: virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
\ No newline at end of file
+        href: user-account-control/user-account-control-group-policy-and-registry-key-settings.md
\ No newline at end of file

From 29740a45677ce0962e55412a6358ca313143a9b4 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 27 Apr 2023 07:37:14 -0400
Subject: [PATCH 024/107] toc updates - hardware security

---
 windows/security/TOC.yml | 34 ++++++++++++++++++++++------------
 1 file changed, 22 insertions(+), 12 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 567b65e81d..695f89defa 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -51,16 +51,28 @@
             href: information-protection/pluton/microsoft-pluton-security-processor.md
           - name: Microsoft Pluton as TPM
             href: information-protection/pluton/pluton-as-tpm.md
-      - name: Silicon assisted security
-        items:
-          - name: System Guard Secure Launch and SMM protection
-            href: threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
-          - name: Enable virtualization-based protection of code integrity
-            href: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
-          - name: Kernel DMA Protection
-            href: information-protection/kernel-dma-protection-for-thunderbolt.md
-          - name: Windows secured-core devices
-            href: /windows-hardware/design/device-experiences/oem-highly-secure
+  - name: Silicon assisted security
+    items:
+      - name: Virtualization-based security (VBS)
+        href: /windows-hardware/design/device-experiences/oem-vbs
+      - name: Memory integrity (HVCI)
+        href: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+      - name: Memory integrity and VBS enablement
+        href: /windows-hardware/design/device-experiences/oem-hvci-enablement
+      - name: Hardware-enforced stack protection
+        href: https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815
+      - name: Secured-core PC
+        href: /windows-hardware/design/device-experiences/oem-highly-secure-11
+      - name: Kernel Direct Memory Access (DMA) protection
+        href: information-protection/kernel-dma-protection-for-thunderbolt.md
+      - name: Secure Boot and Trusted Boot
+        href: trusted-boot.md
+      - name: Measured Boot
+        href: /windows/compatibility/measured-boot
+      - name: Device health attestation service
+        href: threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+      - name: System Guard Secure Launch
+        href: threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
 - name: Operating system security
   items:
     - name: Overview
@@ -69,8 +81,6 @@
       items:
       - name: Secure the Windows boot process
         href: information-protection/secure-the-windows-10-boot-process.md
-      - name: Trusted Boot
-        href: trusted-boot.md
       - name: Cryptography and certificate management
         href: cryptography-certificate-mgmt.md
       - name: The Windows Security app

From 7cb591447255d031da6806da00fe32ea7eb29d22 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 27 Apr 2023 08:27:59 -0400
Subject: [PATCH 025/107] System security TOC

---
 windows/security/TOC.yml                   | 79 ++++------------------
 windows/security/hardware-security/toc.yml | 54 +++++++++++++++
 2 files changed, 69 insertions(+), 64 deletions(-)
 create mode 100644 windows/security/hardware-security/toc.yml

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 695f89defa..bc8331d8e0 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -13,66 +13,7 @@
   - name: Security features licensing requirements
     href: introduction/security-features-licensing-requirements.md
 - name: Hardware security
-  items:
-  - name: Overview
-    href: hardware.md
-  - name: Hardware root of trust
-    items:
-      - name: Windows Defender System Guard
-        href: threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
-      - name: Trusted Platform Module
-        href: information-protection/tpm/trusted-platform-module-top-node.md
-        items:
-          - name: Trusted Platform Module overview
-            href: information-protection/tpm/trusted-platform-module-overview.md
-          - name: TPM fundamentals
-            href: information-protection/tpm/tpm-fundamentals.md
-          - name: How Windows uses the TPM
-            href: information-protection/tpm/how-windows-uses-the-tpm.md
-          - name: Manage TPM commands
-            href: information-protection/tpm/manage-tpm-commands.md
-          - name: Manager TPM Lockout
-            href: information-protection/tpm/manage-tpm-lockout.md
-          - name: Change the TPM password
-            href: information-protection/tpm/change-the-tpm-owner-password.md
-          - name: TPM Group Policy settings
-            href: information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
-          - name: Back up the TPM recovery information to AD DS
-            href: information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
-          - name: View status, clear, or troubleshoot the TPM
-            href: information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
-          - name: Understanding PCR banks on TPM 2.0 devices
-            href: information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
-          - name: TPM recommendations
-            href: information-protection/tpm/tpm-recommendations.md
-      - name: Microsoft Pluton security processor
-        items:
-          - name: Microsoft Pluton overview
-            href: information-protection/pluton/microsoft-pluton-security-processor.md
-          - name: Microsoft Pluton as TPM
-            href: information-protection/pluton/pluton-as-tpm.md
-  - name: Silicon assisted security
-    items:
-      - name: Virtualization-based security (VBS)
-        href: /windows-hardware/design/device-experiences/oem-vbs
-      - name: Memory integrity (HVCI)
-        href: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
-      - name: Memory integrity and VBS enablement
-        href: /windows-hardware/design/device-experiences/oem-hvci-enablement
-      - name: Hardware-enforced stack protection
-        href: https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815
-      - name: Secured-core PC
-        href: /windows-hardware/design/device-experiences/oem-highly-secure-11
-      - name: Kernel Direct Memory Access (DMA) protection
-        href: information-protection/kernel-dma-protection-for-thunderbolt.md
-      - name: Secure Boot and Trusted Boot
-        href: trusted-boot.md
-      - name: Measured Boot
-        href: /windows/compatibility/measured-boot
-      - name: Device health attestation service
-        href: threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
-      - name: System Guard Secure Launch
-        href: threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
+  href: hardware-security/toc.yml
 - name: Operating system security
   items:
     - name: Overview
@@ -81,6 +22,12 @@
       items:
       - name: Secure the Windows boot process
         href: information-protection/secure-the-windows-10-boot-process.md
+      - name: Secure Boot and Trusted Boot
+        href: trusted-boot.md
+      - name: Measured Boot
+        href: /windows/compatibility/measured-boot
+      - name: Device health attestation service
+        href: threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
       - name: Cryptography and certificate management
         href: cryptography-certificate-mgmt.md
       - name: The Windows Security app
@@ -100,10 +47,8 @@
           href: threat-protection\windows-defender-security-center\wdsc-device-performance-health.md
         - name: Family options
           href: threat-protection\windows-defender-security-center\wdsc-family-options.md
-      - name: Security policy settings
-        href: threat-protection/security-policy-settings/security-policy-settings.md
-      - name: Security auditing
-        href: threat-protection/auditing/security-auditing-overview.md
+    - name: Virus and threat protection
+      items:
     - name: Encryption and data protection
       href: encryption-data-protection.md
       items:
@@ -207,6 +152,12 @@
           href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md
     - name: Configure S/MIME for Windows
       href: identity-protection/configure-s-mime.md
+    - name: Device management
+      items:
+      - name: Security policy settings
+        href: threat-protection/security-policy-settings/security-policy-settings.md
+      - name: Security auditing
+        href: threat-protection/auditing/security-auditing-overview.md
     - name: Network security
       items:
       - name: VPN technical guide
diff --git a/windows/security/hardware-security/toc.yml b/windows/security/hardware-security/toc.yml
new file mode 100644
index 0000000000..ea8046d653
--- /dev/null
+++ b/windows/security/hardware-security/toc.yml
@@ -0,0 +1,54 @@
+items:
+  - name: Overview
+    href: ../hardware.md
+  - name: Hardware root of trust
+    items:
+      - name: Windows Defender System Guard
+        href: ../threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
+      - name: Trusted Platform Module
+        href: ../information-protection/tpm/trusted-platform-module-top-node.md
+        items:
+          - name: Trusted Platform Module overview
+            href: ../information-protection/tpm/trusted-platform-module-overview.md
+          - name: TPM fundamentals
+            href: ../information-protection/tpm/tpm-fundamentals.md
+          - name: How Windows uses the TPM
+            href: ../information-protection/tpm/how-windows-uses-the-tpm.md
+          - name: Manage TPM commands
+            href: ../information-protection/tpm/manage-tpm-commands.md
+          - name: Manager TPM Lockout
+            href: ../information-protection/tpm/manage-tpm-lockout.md
+          - name: Change the TPM password
+            href: ../information-protection/tpm/change-the-tpm-owner-password.md
+          - name: TPM Group Policy settings
+            href: ../information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+          - name: Back up the TPM recovery information to AD DS
+            href: ../information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
+          - name: View status, clear, or troubleshoot the TPM
+            href: ../information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+          - name: Understanding PCR banks on TPM 2.0 devices
+            href: ../information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+          - name: TPM recommendations
+            href: ../information-protection/tpm/tpm-recommendations.md
+      - name: Microsoft Pluton security processor
+        items:
+          - name: Microsoft Pluton overview
+            href: ../information-protection/pluton/microsoft-pluton-security-processor.md
+          - name: Microsoft Pluton as TPM
+            href: ../information-protection/pluton/pluton-as-tpm.md
+  - name: Silicon assisted security
+    items:
+      - name: Virtualization-based security (VBS)
+        href: /windows-hardware/design/device-experiences/oem-vbs
+      - name: Memory integrity (HVCI)
+        href: ../threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+      - name: Memory integrity and VBS enablement
+        href: /windows-hardware/design/device-experiences/oem-hvci-enablement
+      - name: Hardware-enforced stack protection
+        href: https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815
+      - name: Secured-core PC
+        href: /windows-hardware/design/device-experiences/oem-highly-secure-11
+      - name: Kernel Direct Memory Access (DMA) protection
+        href: ../information-protection/kernel-dma-protection-for-thunderbolt.md
+      - name: System Guard Secure Launch
+        href: ../threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
\ No newline at end of file

From 8881009b80dca51e04bf003a42bbfb1ad7b45f5f Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Thu, 27 Apr 2023 10:15:45 -0400
Subject: [PATCH 026/107] CSP Changes draft

---
 windows/client-management/mdm/defender-csp.md |   6 +-
 .../mdm/enterprisemodernappmanagement-csp.md  | 140 +++++++++++++++++-
 .../mdm/passportforwork-csp.md                |  18 +--
 .../client-management/mdm/policy-csp-audit.md |   4 +-
 .../mdm/policy-csp-defender.md                |  17 ++-
 .../mdm/policy-csp-deviceinstallation.md      |   4 +-
 .../mdm/policy-csp-internetexplorer.md        |  20 +--
 .../mdm/policy-csp-kerberos.md                |   3 +-
 .../mdm/policy-csp-mixedreality.md            |  24 +--
 .../mdm/policy-csp-privacy.md                 |  10 +-
 .../mdm/policy-csp-tenantrestrictions.md      |   4 +-
 .../mdm/policy-csp-update.md                  |  38 ++---
 windows/client-management/mdm/supl-csp.md     |   4 +-
 windows/client-management/mdm/vpnv2-csp.md    |  24 +--
 14 files changed, 223 insertions(+), 93 deletions(-)

diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 7550924275..4f3b9bb084 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the Defender CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 04/26/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -2481,7 +2481,7 @@ Information about the current status of the threat. The following list shows the
 | 7 | Removed |
 | 8 | Cleaned |
 | 9 | Allowed |
-| 10 | No Status (Cleared) |
+| 10 | No Status ( Cleared) |
 <!-- Device-Detections-{ThreatId}-CurrentStatus-Description-End -->
 
 <!-- Device-Detections-{ThreatId}-CurrentStatus-Editable-Begin -->
@@ -3676,7 +3676,7 @@ OfflineScan action starts a Microsoft Defender Offline scan on the computer wher
 
 <!-- Device-RollbackEngine-Description-Begin -->
 <!-- Description-Source-DDF -->
-RollbackEngine action rolls back Microsoft Defender engine to its last known good saved version on the computer where you run the command.
+RollbackEngine action rolls back Microsoft Defender engine to it's last known good saved version on the computer where you run the command.
 <!-- Device-RollbackEngine-Description-End -->
 
 <!-- Device-RollbackEngine-Editable-Begin -->
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index 726ff88fb1..9d5ec3342a 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the EnterpriseModernAppManagement CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/28/2023
+ms.date: 04/26/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -17,6 +17,7 @@ ms.topic: reference
 # EnterpriseModernAppManagement CSP
 
 <!-- EnterpriseModernAppManagement-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps. For details about how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](../enterprise-app-management.md).
 
 > [!NOTE]
@@ -273,6 +274,7 @@ Used to perform app installation.
 <!-- Device-AppInstallation-Description-End -->
 
 <!-- Device-AppInstallation-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- Device-AppInstallation-Editable-End -->
 
@@ -312,6 +314,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh
 <!-- Device-AppInstallation-{PackageFamilyName}-Description-End -->
 
 <!-- Device-AppInstallation-{PackageFamilyName}-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is an optional node.
 
 > [!NOTE]
@@ -329,6 +332,7 @@ This is an optional node.
 <!-- Device-AppInstallation-{PackageFamilyName}-DFProperties-End -->
 
 <!-- Device-AppInstallation-{PackageFamilyName}-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 **Example**:
 
 Here's an example for uninstalling an app:
@@ -374,6 +378,7 @@ Command to perform an install of an app package from a hosted location (this can
 <!-- Device-AppInstallation-{PackageFamilyName}-HostedInstall-Description-End -->
 
 <!-- Device-AppInstallation-{PackageFamilyName}-HostedInstall-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node. The following list shows the supported deployment options:
 
 - ForceApplicationShutdown
@@ -424,6 +429,7 @@ Last error relating to the app installation.
 <!-- Device-AppInstallation-{PackageFamilyName}-LastError-Description-End -->
 
 <!-- Device-AppInstallation-{PackageFamilyName}-LastError-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > This element isn't present after the app is installed.
 <!-- Device-AppInstallation-{PackageFamilyName}-LastError-Editable-End -->
@@ -464,6 +470,7 @@ Description of last error relating to the app installation.
 <!-- Device-AppInstallation-{PackageFamilyName}-LastErrorDesc-Description-End -->
 
 <!-- Device-AppInstallation-{PackageFamilyName}-LastErrorDesc-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > This element isn't present after the app is installed.
 <!-- Device-AppInstallation-{PackageFamilyName}-LastErrorDesc-Editable-End -->
@@ -504,6 +511,7 @@ An integer the indicates the progress of the app installation. For https locatio
 <!-- Device-AppInstallation-{PackageFamilyName}-ProgressStatus-Description-End -->
 
 <!-- Device-AppInstallation-{PackageFamilyName}-ProgressStatus-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > This element isn't present after the app is installed.
 <!-- Device-AppInstallation-{PackageFamilyName}-ProgressStatus-Editable-End -->
@@ -544,6 +552,7 @@ Status of app installation. The following values are returned: NOT_INSTALLED (0)
 <!-- Device-AppInstallation-{PackageFamilyName}-Status-Description-End -->
 
 <!-- Device-AppInstallation-{PackageFamilyName}-Status-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > This element isn't present after the app is installed.
 <!-- Device-AppInstallation-{PackageFamilyName}-Status-Editable-End -->
@@ -662,6 +671,7 @@ Used to manage licenses for store apps.
 <!-- Device-AppLicenses-StoreLicenses-Description-End -->
 
 <!-- Device-AppLicenses-StoreLicenses-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- Device-AppLicenses-StoreLicenses-Editable-End -->
 
@@ -701,6 +711,7 @@ License ID for a store installed app. The license ID is generally the PFN of the
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-Description-End -->
 
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is an optional node.
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-Editable-End -->
 
@@ -741,6 +752,7 @@ Command to add license.
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-AddLicense-Description-End -->
 
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-AddLicense-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-AddLicense-Editable-End -->
 
@@ -780,6 +792,7 @@ Command to get license from the store.
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-GetLicenseFromStore-Description-End -->
 
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-GetLicenseFromStore-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-GetLicenseFromStore-Editable-End -->
 
@@ -936,6 +949,7 @@ Used for inventory and app management (post-install).
 <!-- Device-AppManagement-Description-End -->
 
 <!-- Device-AppManagement-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- Device-AppManagement-Editable-End -->
 
@@ -975,6 +989,7 @@ Specifies the query for app inventory.
 <!-- Device-AppManagement-AppInventoryQuery-Description-End -->
 
 <!-- Device-AppManagement-AppInventoryQuery-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node. Query parameters:
 
 - Output - Specifies the parameters for the information returned in AppInventoryResults operation. Multiple value must be separate by |. Valid values are:
@@ -1016,6 +1031,7 @@ This is a required node. Query parameters:
 <!-- Device-AppManagement-AppInventoryQuery-DFProperties-End -->
 
 <!-- Device-AppManagement-AppInventoryQuery-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 **Example**:
 
 The following example sets the inventory query for the package names and checks the status for reinstallation for all main packages that are nonStore apps.
@@ -1057,6 +1073,7 @@ Returns the results for app inventory that was created after the AppInventoryQue
 <!-- Device-AppManagement-AppInventoryResults-Description-End -->
 
 <!-- Device-AppManagement-AppInventoryResults-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- Device-AppManagement-AppInventoryResults-Editable-End -->
 
@@ -1070,6 +1087,7 @@ This is a required node.
 <!-- Device-AppManagement-AppInventoryResults-DFProperties-End -->
 
 <!-- Device-AppManagement-AppInventoryResults-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 **Example**:
 
 Here's an example of AppInventoryResults operation.
@@ -1108,6 +1126,7 @@ Here's an example of AppInventoryResults operation.
 <!-- Device-AppManagement-AppStore-Description-End -->
 
 <!-- Device-AppManagement-AppStore-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node. Used for managing apps from the Microsoft Store.
 <!-- Device-AppManagement-AppStore-Editable-End -->
 
@@ -1147,6 +1166,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-Description-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-Editable-End -->
@@ -1162,6 +1182,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-DFProperties-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 **Example**:
 
 Here's an example for uninstalling an app:
@@ -1247,6 +1268,7 @@ Architecture of installed package. Value type is string.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Architecture-Description-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Architecture-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Architecture-Editable-End -->
@@ -1287,6 +1309,7 @@ Date the app was installed. Value type is string.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Description-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Editable-End -->
 
@@ -1326,6 +1349,7 @@ Install location of the app on the device. Value type is string.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Description-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Editable-End -->
@@ -1405,6 +1429,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Description-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Editable-End -->
@@ -1484,6 +1509,7 @@ This node is used to identify whether the package is a stub package. A stub pack
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsStub-Description-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsStub-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The value is 1 if the package is a stub package and 0 (zero) for all other cases.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsStub-Editable-End -->
 
@@ -1562,6 +1588,7 @@ Provides information about the status of the package. Value type is int. Valid v
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Description-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Editable-End -->
@@ -1641,6 +1668,7 @@ Specifies whether the package state has changed and requires a reinstallation of
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Description-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 
 > [!NOTE]
@@ -1683,6 +1711,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Description-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Editable-End -->
@@ -1723,6 +1752,7 @@ Registered users of the app and the package install state. If the query is at th
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Users-Description-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Users-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node. Possible values:
 
 - 0 = Not Installed
@@ -1806,6 +1836,7 @@ Specifies whether you want to block a specific app from being updated via auto-u
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-DoNotUpdate-Description-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-DoNotUpdate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-DoNotUpdate-Editable-End -->
 
@@ -1854,6 +1885,7 @@ Specify whether on a AMD64 device, across an app update, the architecture of the
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Description-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (Most restrictive wins).
 
 | Applicability Setting | CSP state      | Result               |
@@ -1909,6 +1941,7 @@ This setting allows the IT admin to set an app to be nonremovable, or unable to
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-NonRemovable-Description-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-NonRemovable-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 NonRemovable requires admin permission. This setting can only be defined per device, not per user. You can query the setting using AppInventoryQuery or AppInventoryResults.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-NonRemovable-Editable-End -->
 
@@ -1931,6 +1964,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-NonRemovable-AllowedValues-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-NonRemovable-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 **Examples**:
 
 - Add an app to the nonremovable app policy list
@@ -2019,6 +2053,7 @@ Interior node for the managing updates through the Microsoft Store. These settin
 <!-- Device-AppManagement-AppStore-ReleaseManagement-Description-End -->
 
 <!-- Device-AppManagement-AppStore-ReleaseManagement-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > ReleaseManagement settings only apply to updates through the Microsoft Store.
 <!-- Device-AppManagement-AppStore-ReleaseManagement-Editable-End -->
@@ -2294,6 +2329,7 @@ Reports the last error code returned by the update scan.
 <!-- Device-AppManagement-LastScanError-Description-End -->
 
 <!-- Device-AppManagement-LastScanError-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- Device-AppManagement-LastScanError-Editable-End -->
 
@@ -2332,6 +2368,7 @@ This is a required node.
 <!-- Device-AppManagement-nonStore-Description-End -->
 
 <!-- Device-AppManagement-nonStore-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Used to manage enterprise apps or developer apps that weren't acquired from the Microsoft Store.
 <!-- Device-AppManagement-nonStore-Editable-End -->
 
@@ -2371,6 +2408,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-Description-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-Editable-End -->
@@ -2386,6 +2424,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-DFProperties-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 **Example**:
 
 Here's an example for uninstalling an app:
@@ -2471,6 +2510,7 @@ Architecture of installed package. Value type is string.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Architecture-Description-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Architecture-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Architecture-Editable-End -->
@@ -2511,6 +2551,7 @@ Date the app was installed. Value type is string.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Description-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Editable-End -->
 
@@ -2550,6 +2591,7 @@ Install location of the app on the device. Value type is string.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Description-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Editable-End -->
@@ -2629,6 +2671,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Description-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Editable-End -->
@@ -2708,6 +2751,7 @@ This node is used to identify whether the package is a stub package. A stub pack
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsStub-Description-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsStub-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The value is 1 if the package is a stub package and 0 (zero) for all other cases.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsStub-Editable-End -->
 
@@ -2786,6 +2830,7 @@ Provides information about the status of the package. Value type is int. Valid v
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Description-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Editable-End -->
@@ -2865,6 +2910,7 @@ Specifies whether the package state has changed and requires a reinstallation of
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Description-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 
 > [!NOTE]
@@ -2907,6 +2953,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Description-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Editable-End -->
@@ -2947,6 +2994,7 @@ Registered users of the app and the package install state. If the query is at th
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Users-Description-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Users-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node. Possible values:
 
 - 0 = Not Installed
@@ -3030,6 +3078,7 @@ Specifies whether you want to block a specific app from being updated via auto-u
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-DoNotUpdate-Description-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-DoNotUpdate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-DoNotUpdate-Editable-End -->
 
@@ -3078,6 +3127,7 @@ Specify whether on a AMD64 device, across an app update, the architecture of the
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Description-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (Most restrictive wins).
 
 | Applicability Setting | CSP state      | Result               |
@@ -3133,6 +3183,7 @@ This setting allows the IT admin to set an app to be nonremovable, or unable to
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-NonRemovable-Description-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-NonRemovable-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 NonRemovable requires admin permission. This setting can only be defined per device, not per user. You can query the setting using AppInventoryQuery or AppInventoryResults.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-NonRemovable-Editable-End -->
 
@@ -3155,6 +3206,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-NonRemovable-AllowedValues-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-NonRemovable-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 **Examples**:
 
 - Add an app to the nonremovable app policy list
@@ -3555,6 +3607,7 @@ Used to restore the Windows app to its initial configuration.
 <!-- Device-AppManagement-System-Description-End -->
 
 <!-- Device-AppManagement-System-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Reports apps installed as part of the operating system.
 <!-- Device-AppManagement-System-Editable-End -->
 
@@ -3594,6 +3647,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh
 <!-- Device-AppManagement-System-{PackageFamilyName}-Description-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}.
 <!-- Device-AppManagement-System-{PackageFamilyName}-Editable-End -->
@@ -3675,6 +3729,7 @@ Architecture of installed package. Value type is string.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Architecture-Description-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Architecture-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Architecture-Editable-End -->
@@ -3715,6 +3770,7 @@ Date the app was installed. Value type is string.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallDate-Description-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallDate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallDate-Editable-End -->
 
@@ -3754,6 +3810,7 @@ Install location of the app on the device. Value type is string.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallLocation-Description-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallLocation-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallLocation-Editable-End -->
@@ -3833,6 +3890,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsFramework-Description-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsFramework-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsFramework-Editable-End -->
@@ -3912,6 +3970,7 @@ This node is used to identify whether the package is a stub package. A stub pack
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsStub-Description-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsStub-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The value is 1 if the package is a stub package and 0 (zero) for all other cases.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsStub-Editable-End -->
 
@@ -3990,6 +4049,7 @@ Provides information about the status of the package. Value type is int. Valid v
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-PackageStatus-Description-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-PackageStatus-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-PackageStatus-Editable-End -->
@@ -4069,6 +4129,7 @@ Specifies whether the package state has changed and requires a reinstallation of
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Description-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 
 > [!NOTE]
@@ -4111,6 +4172,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-ResourceID-Description-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-ResourceID-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-ResourceID-Editable-End -->
@@ -4151,6 +4213,7 @@ Registered users of the app and the package install state. If the query is at th
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Users-Description-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Users-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 
 - 0 = Not Installed
@@ -4766,6 +4829,7 @@ Specifies whether you want to block a specific app from being updated via auto-u
 <!-- Device-AppManagement-System-{PackageFamilyName}-DoNotUpdate-Description-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-DoNotUpdate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- Device-AppManagement-System-{PackageFamilyName}-DoNotUpdate-Editable-End -->
 
@@ -4814,6 +4878,7 @@ Specify whether on a AMD64 device, across an app update, the architecture of the
 <!-- Device-AppManagement-System-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Description-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (Most restrictive wins).
 
 | Applicability Setting | CSP state      | Result               |
@@ -4869,6 +4934,7 @@ This setting allows the IT admin to set an app to be nonremovable, or unable to
 <!-- Device-AppManagement-System-{PackageFamilyName}-NonRemovable-Description-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-NonRemovable-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 NonRemovable requires admin permission. This setting can only be defined per device, not per user. You can query the setting using AppInventoryQuery or AppInventoryResults.
 <!-- Device-AppManagement-System-{PackageFamilyName}-NonRemovable-Editable-End -->
 
@@ -4891,6 +4957,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev
 <!-- Device-AppManagement-System-{PackageFamilyName}-NonRemovable-AllowedValues-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-NonRemovable-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 **Examples**:
 
 - Add an app to the nonremovable app policy list
@@ -5253,6 +5320,7 @@ Used to start the Windows Update scan.
 <!-- Device-AppManagement-UpdateScan-Description-End -->
 
 <!-- Device-AppManagement-UpdateScan-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- Device-AppManagement-UpdateScan-Editable-End -->
 
@@ -5331,6 +5399,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh
 <!-- User-AppInstallation-{PackageFamilyName}-Description-End -->
 
 <!-- User-AppInstallation-{PackageFamilyName}-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}.
 <!-- User-AppInstallation-{PackageFamilyName}-Editable-End -->
@@ -5346,6 +5415,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh
 <!-- User-AppInstallation-{PackageFamilyName}-DFProperties-End -->
 
 <!-- User-AppInstallation-{PackageFamilyName}-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 **Example**:
 
 Here's an example for uninstalling an app:
@@ -5391,6 +5461,7 @@ Command to perform an install of an app package from a hosted location (this can
 <!-- User-AppInstallation-{PackageFamilyName}-HostedInstall-Description-End -->
 
 <!-- User-AppInstallation-{PackageFamilyName}-HostedInstall-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node. The following list shows the supported deployment options:
 
 - ForceApplicationShutdown
@@ -5441,6 +5512,7 @@ Last error relating to the app installation.
 <!-- User-AppInstallation-{PackageFamilyName}-LastError-Description-End -->
 
 <!-- User-AppInstallation-{PackageFamilyName}-LastError-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > This element isn't present after the app is installed.
 <!-- User-AppInstallation-{PackageFamilyName}-LastError-Editable-End -->
@@ -5481,6 +5553,7 @@ Description of last error relating to the app installation.
 <!-- User-AppInstallation-{PackageFamilyName}-LastErrorDesc-Description-End -->
 
 <!-- User-AppInstallation-{PackageFamilyName}-LastErrorDesc-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > This element isn't present after the app is installed.
 <!-- User-AppInstallation-{PackageFamilyName}-LastErrorDesc-Editable-End -->
@@ -5521,6 +5594,7 @@ An integer the indicates the progress of the app installation. For https locatio
 <!-- User-AppInstallation-{PackageFamilyName}-ProgressStatus-Description-End -->
 
 <!-- User-AppInstallation-{PackageFamilyName}-ProgressStatus-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > This element isn't present after the app is installed.
 <!-- User-AppInstallation-{PackageFamilyName}-ProgressStatus-Editable-End -->
@@ -5561,6 +5635,7 @@ Status of app installation. The following values are returned: NOT_INSTALLED (0)
 <!-- User-AppInstallation-{PackageFamilyName}-Status-Description-End -->
 
 <!-- User-AppInstallation-{PackageFamilyName}-Status-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > This element isn't present after the app is installed.
 <!-- User-AppInstallation-{PackageFamilyName}-Status-Editable-End -->
@@ -5718,6 +5793,7 @@ License ID for a store installed app. The license ID is generally the PFN of the
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-Description-End -->
 
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is an optional node.
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-Editable-End -->
 
@@ -5758,6 +5834,7 @@ Command to add license.
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-AddLicense-Description-End -->
 
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-AddLicense-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-AddLicense-Editable-End -->
 
@@ -5797,6 +5874,7 @@ Command to get license from the store.
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-GetLicenseFromStore-Description-End -->
 
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-GetLicenseFromStore-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-GetLicenseFromStore-Editable-End -->
 
@@ -5992,6 +6070,7 @@ Specifies the query for app inventory.
 <!-- User-AppManagement-AppInventoryQuery-Description-End -->
 
 <!-- User-AppManagement-AppInventoryQuery-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node. Query parameters:
 
 - Output - Specifies the parameters for the information returned in AppInventoryResults operation. Multiple value must be separate by |. Valid values are:
@@ -6031,6 +6110,7 @@ This is a required node. Query parameters:
 <!-- User-AppManagement-AppInventoryQuery-DFProperties-End -->
 
 <!-- User-AppManagement-AppInventoryQuery-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 **Example**:
 
 The following example sets the inventory query for the package names and checks the status for reinstallation for all main packages that are nonStore apps.
@@ -6072,6 +6152,7 @@ Returns the results for app inventory that was created after the AppInventoryQue
 <!-- User-AppManagement-AppInventoryResults-Description-End -->
 
 <!-- User-AppManagement-AppInventoryResults-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- User-AppManagement-AppInventoryResults-Editable-End -->
 
@@ -6085,6 +6166,7 @@ This is a required node.
 <!-- User-AppManagement-AppInventoryResults-DFProperties-End -->
 
 <!-- User-AppManagement-AppInventoryResults-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 **Example**:
 
 Here's an example of AppInventoryResults operation.
@@ -6123,6 +6205,7 @@ Here's an example of AppInventoryResults operation.
 <!-- User-AppManagement-AppStore-Description-End -->
 
 <!-- User-AppManagement-AppStore-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node. Used for managing apps from the Microsoft Store.
 <!-- User-AppManagement-AppStore-Editable-End -->
 
@@ -6162,6 +6245,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-Description-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-Editable-End -->
@@ -6177,6 +6261,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-DFProperties-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 **Example**:
 
 Here's an example for uninstalling an app:
@@ -6262,6 +6347,7 @@ Architecture of installed package. Value type is string.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Architecture-Description-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Architecture-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Architecture-Editable-End -->
@@ -6302,6 +6388,7 @@ Date the app was installed. Value type is string.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Description-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Editable-End -->
 
@@ -6341,6 +6428,7 @@ Install location of the app on the device. Value type is string.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Description-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Editable-End -->
@@ -6420,6 +6508,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Description-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Editable-End -->
@@ -6499,6 +6588,7 @@ This node is used to identify whether the package is a stub package. A stub pack
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsStub-Description-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsStub-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The value is 1 if the package is a stub package and 0 (zero) for all other cases.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsStub-Editable-End -->
 
@@ -6577,6 +6667,7 @@ Provides information about the status of the package. Value type is int. Valid v
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Description-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Editable-End -->
@@ -6656,6 +6747,7 @@ Specifies whether the package state has changed and requires a reinstallation of
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Description-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 
 > [!NOTE]
@@ -6698,6 +6790,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Description-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Editable-End -->
@@ -6738,6 +6831,7 @@ Registered users of the app and the package install state. If the query is at th
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Users-Description-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Users-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node. Possible values:
 
 - 0 = Not Installed
@@ -6821,6 +6915,7 @@ Interior node for all managed app setting values.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-AppSettingPolicy-Description-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-AppSettingPolicy-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > This node is only supported in the user context.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-AppSettingPolicy-Editable-End -->
@@ -6861,6 +6956,7 @@ The SettingValue and data represent a key value pair to be configured for the ap
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Description-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This setting only works for apps that support the feature and it's only supported in the user context.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Editable-End -->
 
@@ -6875,6 +6971,7 @@ This setting only works for apps that support the feature and it's only supporte
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-DFProperties-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 **Examples**:
 
 - The following example sets the value for the 'Server'
@@ -6933,6 +7030,7 @@ Specifies whether you want to block a specific app from being updated via auto-u
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-DoNotUpdate-Description-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-DoNotUpdate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-DoNotUpdate-Editable-End -->
 
@@ -6981,6 +7079,7 @@ Specify whether on a AMD64 device, across an app update, the architecture of the
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Description-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (Most restrictive wins).
 
 |Applicability Setting |CSP state  |Result  |
@@ -7036,6 +7135,7 @@ Interior node for the managing updates through the Microsoft Store. These settin
 <!-- User-AppManagement-AppStore-ReleaseManagement-Description-End -->
 
 <!-- User-AppManagement-AppStore-ReleaseManagement-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > ReleaseManagement settings only apply to updates through the Microsoft Store.
 <!-- User-AppManagement-AppStore-ReleaseManagement-Editable-End -->
@@ -7311,6 +7411,7 @@ Reports the last error code returned by the update scan.
 <!-- User-AppManagement-LastScanError-Description-End -->
 
 <!-- User-AppManagement-LastScanError-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- User-AppManagement-LastScanError-Editable-End -->
 
@@ -7349,6 +7450,7 @@ This is a required node.
 <!-- User-AppManagement-nonStore-Description-End -->
 
 <!-- User-AppManagement-nonStore-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Used to manage enterprise apps or developer apps that weren't acquired from the Microsoft Store.
 <!-- User-AppManagement-nonStore-Editable-End -->
 
@@ -7388,6 +7490,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-Description-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-Editable-End -->
@@ -7403,6 +7506,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-DFProperties-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 ```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
@@ -7484,6 +7588,7 @@ Architecture of installed package. Value type is string.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Architecture-Description-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Architecture-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Architecture-Editable-End -->
@@ -7524,6 +7629,7 @@ Date the app was installed. Value type is string.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Description-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Editable-End -->
 
@@ -7563,6 +7669,7 @@ Install location of the app on the device. Value type is string.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Description-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Editable-End -->
@@ -7642,6 +7749,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Description-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Editable-End -->
@@ -7721,6 +7829,7 @@ This node is used to identify whether the package is a stub package. A stub pack
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsStub-Description-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsStub-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The value is 1 if the package is a stub package and 0 (zero) for all other cases.
 
 Value type is int.
@@ -7801,6 +7910,7 @@ Provides information about the status of the package. Value type is int. Valid v
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Description-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Editable-End -->
@@ -7880,6 +7990,7 @@ Specifies whether the package state has changed and requires a reinstallation of
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Description-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 
 > [!NOTE]
@@ -7922,6 +8033,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Description-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Editable-End -->
@@ -7962,6 +8074,7 @@ Registered users of the app and the package install state. If the query is at th
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Users-Description-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Users-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Requried.
 
 - Not Installed = 0
@@ -8045,6 +8158,7 @@ Interior node for all managed app setting values.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-AppSettingPolicy-Description-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-AppSettingPolicy-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This node is only supported in the user context.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-AppSettingPolicy-Editable-End -->
 
@@ -8084,6 +8198,7 @@ The SettingValue and data represent a key value pair to be configured for the ap
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Description-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This setting only works for apps that support the feature and it's only supported in the user context.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Editable-End -->
 
@@ -8098,6 +8213,7 @@ This setting only works for apps that support the feature and it's only supporte
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-DFProperties-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 The following example sets the value for the 'Server'
 
 ```xml
@@ -8154,6 +8270,7 @@ Specifies whether you want to block a specific app from being updated via auto-u
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-DoNotUpdate-Description-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-DoNotUpdate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-DoNotUpdate-Editable-End -->
 
@@ -8202,6 +8319,7 @@ Specify whether on a AMD64 device, across an app update, the architecture of the
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Description-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (Most restrictive wins).
 
 | Applicability Setting | CSP state      | Result               |
@@ -8531,6 +8649,7 @@ Used to remove packages.
 <!-- User-AppManagement-RemovePackage-Description-End -->
 
 <!-- User-AppManagement-RemovePackage-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Parameters:
 
 - Package
@@ -8551,6 +8670,7 @@ Parameters:
 <!-- User-AppManagement-RemovePackage-DFProperties-End -->
 
 <!-- User-AppManagement-RemovePackage-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 **Example**:
 
 The following example removes a package for all users:
@@ -8632,6 +8752,7 @@ Used to restore the Windows app to its initial configuration.
 <!-- User-AppManagement-System-Description-End -->
 
 <!-- User-AppManagement-System-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Reports apps installed as part of the operating system.
 <!-- User-AppManagement-System-Editable-End -->
 
@@ -8671,6 +8792,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh
 <!-- User-AppManagement-System-{PackageFamilyName}-Description-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}.
 <!-- User-AppManagement-System-{PackageFamilyName}-Editable-End -->
@@ -8686,6 +8808,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh
 <!-- User-AppManagement-System-{PackageFamilyName}-DFProperties-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 **Example**:
 
 ```xml
@@ -8769,6 +8892,7 @@ Architecture of installed package. Value type is string.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Architecture-Description-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Architecture-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Architecture-Editable-End -->
@@ -8809,6 +8933,7 @@ Date the app was installed. Value type is string.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallDate-Description-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallDate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallDate-Editable-End -->
 
@@ -8848,6 +8973,7 @@ Install location of the app on the device. Value type is string.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallLocation-Description-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallLocation-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallLocation-Editable-End -->
@@ -8927,6 +9053,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsFramework-Description-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsFramework-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsFramework-Editable-End -->
@@ -9006,6 +9133,7 @@ This node is used to identify whether the package is a stub package. A stub pack
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsStub-Description-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsStub-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The value is 1 if the package is a stub package and 0 (zero) for all other cases.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsStub-Editable-End -->
 
@@ -9084,6 +9212,7 @@ Provides information about the status of the package. Value type is int. Valid v
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-PackageStatus-Description-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-PackageStatus-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-PackageStatus-Editable-End -->
@@ -9163,6 +9292,7 @@ Specifies whether the package state has changed and requires a reinstallation of
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Description-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 
 > [!NOTE]
@@ -9205,6 +9335,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-ResourceID-Description-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-ResourceID-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > Not applicable to XAP files.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-ResourceID-Editable-End -->
@@ -9245,6 +9376,7 @@ Registered users of the app and the package install state. If the query is at th
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Users-Description-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Users-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 
 - 0 = Not Installed
@@ -9328,6 +9460,7 @@ Interior node for all managed app setting values.
 <!-- User-AppManagement-System-{PackageFamilyName}-AppSettingPolicy-Description-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-AppSettingPolicy-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This node is only supported in the user context.
 <!-- User-AppManagement-System-{PackageFamilyName}-AppSettingPolicy-Editable-End -->
 
@@ -9367,6 +9500,7 @@ The SettingValue and data represent a key value pair to be configured for the ap
 <!-- User-AppManagement-System-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Description-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This setting only works for apps that support the feature and it's only supported in the user context.
 <!-- User-AppManagement-System-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Editable-End -->
 
@@ -9381,6 +9515,7 @@ This setting only works for apps that support the feature and it's only supporte
 <!-- User-AppManagement-System-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-DFProperties-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 **Examples**:
 
 - The following example sets the value for the 'Server'
@@ -9439,6 +9574,7 @@ Specifies whether you want to block a specific app from being updated via auto-u
 <!-- User-AppManagement-System-{PackageFamilyName}-DoNotUpdate-Description-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-DoNotUpdate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- User-AppManagement-System-{PackageFamilyName}-DoNotUpdate-Editable-End -->
 
@@ -9487,6 +9623,7 @@ Specify whether on a AMD64 device, across an app update, the architecture of the
 <!-- User-AppManagement-System-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Description-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (Most restrictive wins).
 
 | Applicability Setting | CSP state      | Result               |
@@ -9816,6 +9953,7 @@ Used to start the Windows Update scan.
 <!-- User-AppManagement-UpdateScan-Description-End -->
 
 <!-- User-AppManagement-UpdateScan-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This is a required node.
 <!-- User-AppManagement-UpdateScan-Editable-End -->
 
diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md
index 79728405bf..e172fe94a5 100644
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the PassportForWork CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 04/26/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -445,7 +445,7 @@ A value of 2 corresponds to "Disallow." If you configure this policy setting to
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Allows the use of digits in PIN. |
-| 1 | Requires the use of at least one digit in PIN. |
+| 1 | Requires the use of at least one digits in PIN. |
 | 2 | Does not allow the use of digits in PIN. |
 <!-- Device-{TenantId}-Policies-PINComplexity-Digits-AllowedValues-End -->
 
@@ -583,7 +583,7 @@ A value of 2 corresponds to "Disallow." If you configure this policy setting to
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Allows the use of lowercase letters in PIN. |
-| 1 | Requires the use of at least one lowercase letter in PIN. |
+| 1 | Requires the use of at least one lowercase letters in PIN. |
 | 2 | Does not allow the use of lowercase letters in PIN. |
 <!-- Device-{TenantId}-Policies-PINComplexity-LowercaseLetters-AllowedValues-End -->
 
@@ -706,7 +706,7 @@ Minimum PIN length configures the minimum number of characters required for the
 
 <!-- Device-{TenantId}-Policies-PINComplexity-SpecialCharacters-Description-Begin -->
 <!-- Description-Source-DDF -->
-Use this policy setting to configure the use of special character in the Windows Hello for Business PIN gesture. Valid special characters for Windows Hello for Business PIN gestures include: ! " # $ % & ' ( ) * + , - . / : ; `< = >` ? @ [ \ ] ^ _ ` { | } ~ .
+Use this policy setting to configure the use of special characters in the Windows Hello for Business PIN gesture. Valid special characters for Windows Hello for Business PIN gestures include: ! " # $ % & ' ( ) * + , - . / : ; `< = >` ? @ [ \ ] ^ _ ` { | } ~ .
 
 A value of 1 corresponds to "Required." If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one special character in their PIN.
 
@@ -791,7 +791,7 @@ A value of 2 corresponds to "Disallow." If you configure this policy setting to
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Allows the use of uppercase letters in PIN. |
-| 1 | Requires the use of at least one uppercase letter in PIN. |
+| 1 | Requires the use of at least one uppercase letters in PIN. |
 | 2 | Does not allow the use of uppercase letters in PIN. |
 <!-- Device-{TenantId}-Policies-PINComplexity-UppercaseLetters-AllowedValues-End -->
 
@@ -2027,7 +2027,7 @@ A value of 2 corresponds to "Disallow." If you configure this policy setting to
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Allows the use of digits in PIN. |
-| 1 | Requires the use of at least one digit in PIN. |
+| 1 | Requires the use of at least one digits in PIN. |
 | 2 | Does not allow the use of digits in PIN. |
 <!-- User-{TenantId}-Policies-PINComplexity-Digits-AllowedValues-End -->
 
@@ -2165,7 +2165,7 @@ A value of 2 corresponds to "Disallow." If you configure this policy setting to
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Allows the use of lowercase letters in PIN. |
-| 1 | Requires the use of at least one lowercase letter in PIN. |
+| 1 | Requires the use of at least one lowercase letters in PIN. |
 | 2 | Does not allow the use of lowercase letters in PIN. |
 <!-- User-{TenantId}-Policies-PINComplexity-LowercaseLetters-AllowedValues-End -->
 
@@ -2317,7 +2317,7 @@ A value of 2 corresponds to "Disallow." If you configure this policy setting to
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Allows the use of special characters in PIN. |
-| 1 | Requires the use of at least one special character in PIN. |
+| 1 | Requires the use of at least one special characters in PIN. |
 | 2 | Does not allow the use of special characters in PIN. |
 <!-- User-{TenantId}-Policies-PINComplexity-SpecialCharacters-AllowedValues-End -->
 
@@ -2373,7 +2373,7 @@ A value of 2 corresponds to "Disallow." If you configure this policy setting to
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Allows the use of uppercase letters in PIN. |
-| 1 | Requires the use of at least one uppercase letter in PIN. |
+| 1 | Requires the use of at least one uppercase letters in PIN. |
 | 2 | Does not allow the use of uppercase letters in PIN. |
 <!-- User-{TenantId}-Policies-PINComplexity-UppercaseLetters-AllowedValues-End -->
 
diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md
index 0b01016c5f..19a5889d94 100644
--- a/windows/client-management/mdm/policy-csp-audit.md
+++ b/windows/client-management/mdm/policy-csp-audit.md
@@ -4,7 +4,7 @@ description: Learn more about the Audit Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 04/14/2023
+ms.date: 04/26/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -843,7 +843,7 @@ Volume: Low.
 
 <!-- AccountLogonLogoff_AuditSpecialLogon-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy setting allows you to audit events generated by special logons such as the following: The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see [article 947223 in the Microsoft Knowledge Base](https://go.microsoft.com/fwlink/?LinkId=121697).
+This policy setting allows you to audit events generated by special logons such as the following : The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see [article 947223 in the Microsoft Knowledge Base](https://go.microsoft.com/fwlink/?LinkId=121697).
 <!-- AccountLogonLogoff_AuditSpecialLogon-Description-End -->
 
 <!-- AccountLogonLogoff_AuditSpecialLogon-Editable-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 1f26de308e..8643e7282a 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -4,7 +4,7 @@ description: Learn more about the Defender Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/27/2023
+ms.date: 04/26/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -1885,8 +1885,8 @@ Same as Disabled.
 <!-- ExcludedExtensions-OmaUri-End -->
 
 <!-- ExcludedExtensions-Description-Begin -->
-<!-- Description-Source-ADMX -->
-This policy setting allows you specify a list of file types that should be excluded from scheduled, custom, and real-time scanning. File types should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the file type extension (such as "obj" or "lib"). The value is not used and it is recommended that this be set to 0.
+<!-- Description-Source-DDF-Forced -->
+Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a |. For example, lib|obj.
 <!-- ExcludedExtensions-Description-End -->
 
 <!-- ExcludedExtensions-Editable-Begin -->
@@ -1939,8 +1939,8 @@ This policy setting allows you specify a list of file types that should be exclu
 <!-- ExcludedPaths-OmaUri-End -->
 
 <!-- ExcludedPaths-Description-Begin -->
-<!-- Description-Source-ADMX -->
-This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe". The value is not used and it is recommended that this be set to 0.
+<!-- Description-Source-DDF-Forced -->
+Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a |. For example, C:\Example|C:\Example1.
 <!-- ExcludedPaths-Description-End -->
 
 <!-- ExcludedPaths-Editable-Begin -->
@@ -1993,8 +1993,11 @@ This policy setting allows you to disable scheduled and real-time scanning for f
 <!-- ExcludedProcesses-OmaUri-End -->
 
 <!-- ExcludedProcesses-Description-Begin -->
-<!-- Description-Source-ADMX -->
-This policy setting allows you to disable real-time scanning for any file opened by any of the specified processes. This policy does not apply to scheduled scans. The process itself will not be excluded. To exclude the process, use the Path exclusion. Processes should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the path to the process image. **Note** that only executables can be excluded. For example, a process might be defined as: "c:\windows\app.exe". The value is not used and it is recommended that this be set to 0.
+<!-- Description-Source-DDF-Forced -->
+Allows an administrator to specify a list of files opened by processes to ignore during a scan.
+
+> [!IMPORTANT]
+> The process itself is not excluded from the scan, but can be by using the Defender/ExcludedPaths policy to exclude its path. Each file type must be separated by a |. For example, C:\Example. exe|C:\Example1.exe.
 <!-- ExcludedProcesses-Description-End -->
 
 <!-- ExcludedProcesses-Editable-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index b65b65b1e4..c86a89adff 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -4,7 +4,7 @@ description: Learn more about the DeviceInstallation Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 04/26/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -347,7 +347,7 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
 <!-- EnableInstallationPolicyLayering-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348.256] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.2145] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.1714] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1151] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.256] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.2145] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.1714] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1151] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableInstallationPolicyLayering-Applicability-End -->
 
 <!-- EnableInstallationPolicyLayering-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index 92fda2c42a..d8938e641c 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -4,7 +4,7 @@ description: Learn more about the InternetExplorer Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 04/26/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -1428,7 +1428,7 @@ This policy allows the user to go directly to an intranet site for a one-word en
 <!-- AllowSaveTargetAsInIEMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later |
 <!-- AllowSaveTargetAsInIEMode-Applicability-End -->
 
 <!-- AllowSaveTargetAsInIEMode-OmaUri-Begin -->
@@ -2080,7 +2080,7 @@ This policy setting allows you to manage whether Internet Explorer checks for di
 <!-- ConfigureEdgeRedirectChannel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later |
 <!-- ConfigureEdgeRedirectChannel-Applicability-End -->
 
 <!-- ConfigureEdgeRedirectChannel-OmaUri-Begin -->
@@ -3403,7 +3403,7 @@ The Home page specified on the General tab of the Internet Options dialog box is
 <!-- DisableHTMLApplication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348.1060] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.3460] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.2060] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1030] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1060] and later <br> :heavy_check_mark: Windows 10, version 1809 [10.0.17763.3460] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.2060] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1030] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
 <!-- DisableHTMLApplication-Applicability-End -->
 
 <!-- DisableHTMLApplication-OmaUri-Begin -->
@@ -3599,7 +3599,7 @@ InPrivate Browsing prevents Internet Explorer from storing data about a user's b
 <!-- DisableInternetExplorerApp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later |
 <!-- DisableInternetExplorerApp-Applicability-End -->
 
 <!-- DisableInternetExplorerApp-OmaUri-Begin -->
@@ -4486,7 +4486,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T
 <!-- EnableExtendedIEModeHotkeys-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348.143] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.1474] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.906] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.143] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.1474] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.906] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableExtendedIEModeHotkeys-Applicability-End -->
 
 <!-- EnableExtendedIEModeHotkeys-OmaUri-Begin -->
@@ -4552,7 +4552,7 @@ For more information, see <https://go.microsoft.com/fwlink/?linkid=2102115>
 <!-- EnableGlobalWindowListInIEMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348.558] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1566] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.527] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.558] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1566] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.527] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableGlobalWindowListInIEMode-Applicability-End -->
 
 <!-- EnableGlobalWindowListInIEMode-OmaUri-Begin -->
@@ -7968,7 +7968,7 @@ This policy setting specifies whether JScript or JScript9Legacy is loaded for MS
 <!-- KeepIntranetSitesInInternetExplorer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later |
 <!-- KeepIntranetSitesInInternetExplorer-Applicability-End -->
 
 <!-- KeepIntranetSitesInInternetExplorer-OmaUri-Begin -->
@@ -13390,7 +13390,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T
 <!-- ResetZoomForDialogInIEMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348.261] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.1832] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1266] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.282] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.261] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.1832] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1266] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.282] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
 <!-- ResetZoomForDialogInIEMode-Applicability-End -->
 
 <!-- ResetZoomForDialogInIEMode-OmaUri-Begin -->
@@ -16537,7 +16537,7 @@ Also, see the "Security zones: Do not allow users to change policies" policy.
 <!-- SendSitesNotInEnterpriseSiteListToEdge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later |
 <!-- SendSitesNotInEnterpriseSiteListToEdge-Applicability-End -->
 
 <!-- SendSitesNotInEnterpriseSiteListToEdge-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index 870386a6e5..16587b8ce0 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -4,7 +4,7 @@ description: Learn more about the Kerberos Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 04/26/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -242,7 +242,6 @@ This policy setting controls hash or checksum algorithms used by the Kerberos cl
 - "Not Supported" disables usage of the algorithm. This state is intended for algorithms that are deemed to be insecure.
 
 - If you disable or do not configure this policy, each algorithm will assume the "Default" state.
-More information about the hash and checksum algorithms supported by the Windows Kerberos client and their default states can be found at< https://go.microsoft.com/fwlink/?linkid=2169037>.
 
 Events generated by this configuration: 205, 206, 207, 208.
 <!-- PKInitHashAlgorithmConfiguration-Description-End -->
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index 6f83800c56..ad926281b0 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -4,7 +4,7 @@ description: Learn more about the MixedReality Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 04/26/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -86,7 +86,7 @@ Steps to use this policy correctly:
 <!-- AllowCaptivePortalBeforeLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: [10.0.20348] and later |
 <!-- AllowCaptivePortalBeforeLogon-Applicability-End -->
 
 <!-- AllowCaptivePortalBeforeLogon-OmaUri-Begin -->
@@ -136,7 +136,7 @@ This opt-in policy can help with the setup of new devices in new areas or new us
 <!-- AllowLaunchUriInSingleAppKiosk-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: [10.0.20348] and later |
 <!-- AllowLaunchUriInSingleAppKiosk-Applicability-End -->
 
 <!-- AllowLaunchUriInSingleAppKiosk-OmaUri-Begin -->
@@ -188,7 +188,7 @@ For more information on the Launcher API, see [Launcher Class (Windows.System) -
 <!-- AutoLogonUser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: [10.0.20348] and later |
 <!-- AutoLogonUser-Applicability-End -->
 
 <!-- AutoLogonUser-OmaUri-Begin -->
@@ -335,7 +335,7 @@ This policy setting controls if pressing the brightness button changes the brigh
 <!-- ConfigureMovingPlatform-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: [10.0.20348] and later |
 <!-- ConfigureMovingPlatform-Applicability-End -->
 
 <!-- ConfigureMovingPlatform-OmaUri-Begin -->
@@ -386,7 +386,7 @@ For more information, see [Moving platform mode on low dynamic motion moving pla
 <!-- ConfigureNtpClient-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: [10.0.20348] and later |
 <!-- ConfigureNtpClient-Applicability-End -->
 
 <!-- ConfigureNtpClient-OmaUri-Begin -->
@@ -491,7 +491,7 @@ The following XML string is an example of the value for this policy:
 <!-- DisallowNetworkConnectivityPassivePolling-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: [10.0.20348] and later |
 <!-- DisallowNetworkConnectivityPassivePolling-Applicability-End -->
 
 <!-- DisallowNetworkConnectivityPassivePolling-OmaUri-Begin -->
@@ -687,7 +687,7 @@ This policy configures behavior of HUP to determine, which algorithm to use for
 <!-- ManualDownDirectionDisabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: [10.0.20348] and later |
 <!-- ManualDownDirectionDisabled-Applicability-End -->
 
 <!-- ManualDownDirectionDisabled-OmaUri-Begin -->
@@ -786,7 +786,7 @@ This policy setting controls whether microphone on HoloLens 2 is disabled or not
 <!-- NtpClientEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: [10.0.20348] and later |
 <!-- NtpClientEnabled-Applicability-End -->
 
 <!-- NtpClientEnabled-OmaUri-Begin -->
@@ -856,7 +856,7 @@ The following example XML string shows the value to enable this policy:
 <!-- SkipCalibrationDuringSetup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: [10.0.20348] and later |
 <!-- SkipCalibrationDuringSetup-Applicability-End -->
 
 <!-- SkipCalibrationDuringSetup-OmaUri-Begin -->
@@ -907,7 +907,7 @@ This policy configures whether the device will take the user through the eye tra
 <!-- SkipTrainingDuringSetup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: [10.0.20348] and later |
 <!-- SkipTrainingDuringSetup-Applicability-End -->
 
 <!-- SkipTrainingDuringSetup-OmaUri-Begin -->
@@ -957,7 +957,7 @@ It skips the training experience of interactions with the hummingbird and Start
 <!-- VisitorAutoLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: [10.0.20348] and later |
 <!-- VisitorAutoLogon-Applicability-End -->
 
 <!-- VisitorAutoLogon-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index f4fa8a6e6a..507250a860 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -4,7 +4,7 @@ description: Learn more about the Privacy Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 04/26/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -2930,7 +2930,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessHumanPresence-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.25000] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.25000] and later |
 <!-- LetAppsAccessHumanPresence-Applicability-End -->
 
 <!-- LetAppsAccessHumanPresence-OmaUri-Begin -->
@@ -2990,7 +2990,7 @@ This policy setting specifies whether Windows apps can access the human presence
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.25000] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.25000] and later |
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-OmaUri-Begin -->
@@ -3040,7 +3040,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.25000] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.25000] and later |
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-OmaUri-Begin -->
@@ -3090,7 +3090,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.25000] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.25000] and later |
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-tenantrestrictions.md b/windows/client-management/mdm/policy-csp-tenantrestrictions.md
index babefd000e..96f488a077 100644
--- a/windows/client-management/mdm/policy-csp-tenantrestrictions.md
+++ b/windows/client-management/mdm/policy-csp-tenantrestrictions.md
@@ -4,7 +4,7 @@ description: Learn more about the TenantRestrictions Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 04/26/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -31,7 +31,7 @@ ms.topic: reference
 <!-- ConfigureTenantRestrictions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348.320] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1320] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1320] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1320] and later <br> :heavy_check_mark: Windows 10, version 21H2 [10.0.19044] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.320] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1320] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1320] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1320] and later <br> :heavy_check_mark: Windows 10, version 21H2 [10.0.19044] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureTenantRestrictions-Applicability-End -->
 
 <!-- ConfigureTenantRestrictions-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 8bf785ab2e..a5d3afb700 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -4,7 +4,7 @@ description: Learn more about the Update Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 04/26/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -826,12 +826,8 @@ Pause Updates | To prevent Feature Updates from being offered to the device, you
 <!-- PauseFeatureUpdatesStartTime-OmaUri-End -->
 
 <!-- PauseFeatureUpdatesStartTime-Description-Begin -->
-<!-- Description-Source-ADMX -->
-Enable this policy to specify when to receive Feature Updates.
-
-Defer Updates | This enables devices to defer taking the next Feature Update available for their current product (or a new product if specified in the Select the target Feature Update version policy). You can defer a Feature Update for up to 14 days for all pre-release channels and up to 365 days for the General Availability Channel. To learn more about the current releases, please see aka.ms/WindowsTargetVersioninfo
-
-Pause Updates | To prevent Feature Updates from being offered to the device, you can temporarily pause Feature Updates. This pause will remain in effect for 35 days from the specified start date or until the field is cleared. Note, Quality Updates will still be offered even if Feature Updates are paused.
+<!-- Description-Source-DDF-Forced -->
+Specifies the date and time when the IT admin wants to start pausing the Feature Updates. Value type is string (yyyy-mm-dd, ex. 2018-10-28).
 <!-- PauseFeatureUpdatesStartTime-Description-End -->
 
 <!-- PauseFeatureUpdatesStartTime-Editable-Begin -->
@@ -955,16 +951,8 @@ If you disable or do not configure this policy, Windows Update will not alter it
 <!-- PauseQualityUpdatesStartTime-OmaUri-End -->
 
 <!-- PauseQualityUpdatesStartTime-Description-Begin -->
-<!-- Description-Source-ADMX -->
-Enable this policy to specify when to receive quality updates.
-
-You can defer receiving quality updates for up to 30 days.
-
-To prevent quality updates from being received on their scheduled time, you can temporarily pause quality updates. The pause will remain in effect for 35 days or until you clear the start date field.
-
-To resume receiving Quality Updates which are paused, clear the start date field.
-
-If you disable or do not configure this policy, Windows Update will not alter its behavior.
+<!-- Description-Source-DDF-Forced -->
+Specifies the date and time when the IT admin wants to start pausing the Quality Updates. Value type is string (yyyy-mm-dd, ex. 2018-10-28).
 <!-- PauseQualityUpdatesStartTime-Description-End -->
 
 <!-- PauseQualityUpdatesStartTime-Editable-Begin -->
@@ -2143,9 +2131,9 @@ If the status is set to Not Configured, use of Automatic Updates is not specifie
 
 | Value | Description |
 |:--|:--|
-| 0 | Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option, users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel. |
-| 1 | Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that do not shut down properly on restart. |
-| 2 (Default) | Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that does not shut down properly on restart. |
+| 0 | Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel. |
+| 1 | Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that do not shutdown properly on restart. |
+| 2 (Default) | Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that does not shutdown properly on restart. |
 | 3 | Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart. |
 | 4 | Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only. |
 | 5 | Turn off automatic updates. |
@@ -3551,7 +3539,7 @@ If the status is set to Not Configured, use of Automatic Updates is not specifie
 
 <!-- SetDisablePauseUXAccess-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This setting allows removal access to "Pause updates" feature.
+This setting allows to remove access to "Pause updates" feature.
 
 Once enabled user access to pause updates is removed.
 <!-- SetDisablePauseUXAccess-Description-End -->
@@ -4311,7 +4299,7 @@ Enable this policy to control the timing before transitioning from Auto restarts
 
 You can specify the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.
 
-You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed, within the specified period.
+You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period.
 
 If you do not specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart.
 
@@ -4381,7 +4369,7 @@ Enable this policy to control the timing before transitioning from Auto restarts
 
 You can specify the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.
 
-You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed, within the specified period.
+You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period.
 
 If you do not specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart.
 
@@ -4451,7 +4439,7 @@ Enable this policy to control the timing before transitioning from Auto restarts
 
 You can specify the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.
 
-You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed, within the specified period.
+You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period.
 
 If you do not specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart.
 
@@ -4521,7 +4509,7 @@ Enable this policy to control the timing before transitioning from Auto restarts
 
 You can specify the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.
 
-You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed, within the specified period.
+You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period.
 
 If you do not specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart.
 
diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md
index 7594de5981..ddfda20a6b 100644
--- a/windows/client-management/mdm/supl-csp.md
+++ b/windows/client-management/mdm/supl-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the SUPL CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 04/26/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -17,6 +17,7 @@ ms.topic: reference
 # SUPL CSP
 
 <!-- SUPL-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The SUPL configuration service provider is used to configure the location client, as shown in the following table:
 
 - **Location Service**: Connection type
@@ -395,6 +396,7 @@ This setting is deprecated in Windows 10. Optional. Boolean. Specifies whether t
 <!-- Device-SUPL1-Ext-Microsoft-LocMasterSwitchDependencyNII-Description-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-LocMasterSwitchDependencyNII-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 | Location toggle setting | LocMasterSwitchDependencyNII setting | NI request processing allowed      |
 |-------------------------|--------------------------------------|------------------------------------|
 | On                      | 0                                    | Yes                                |
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index ce9204701c..84b7a6c4ec 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the VPNv2 CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/28/2023
+ms.date: 04/26/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -2838,7 +2838,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later |
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-OmaUri-Begin -->
@@ -2876,7 +2876,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later |
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-OmaUri-Begin -->
@@ -2915,7 +2915,7 @@ List of inbox VPN protocols in priority order.
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later |
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-OmaUri-Begin -->
@@ -2953,7 +2953,7 @@ List of inbox VPN protocols in priority order.
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later |
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-OmaUri-Begin -->
@@ -3003,7 +3003,7 @@ Inbox VPN protocols type.
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later |
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-OmaUri-Begin -->
@@ -7063,7 +7063,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later |
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-OmaUri-Begin -->
@@ -7101,7 +7101,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later |
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-OmaUri-Begin -->
@@ -7140,7 +7140,7 @@ List of inbox VPN protocols in priority order.
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later |
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-OmaUri-Begin -->
@@ -7178,7 +7178,7 @@ List of inbox VPN protocols in priority order.
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later |
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-OmaUri-Begin -->
@@ -7228,7 +7228,7 @@ Inbox VPN protocols type.
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later |
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later |
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-OmaUri-Begin -->
@@ -7893,7 +7893,7 @@ Boolean value (true or false) for caching credentials.
 <!-- User-{ProfileName}-RequireVpnClientAppUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.19628] and later |
+| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.19628] and later |
 <!-- User-{ProfileName}-RequireVpnClientAppUI-Applicability-End -->
 
 <!-- User-{ProfileName}-RequireVpnClientAppUI-OmaUri-Begin -->

From 1aa76bf2e87ed79b076f31a5385d61949278234d Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 27 Apr 2023 10:30:19 -0400
Subject: [PATCH 027/107] nested TOCs

---
 windows/security/TOC.yml                      | 105 +++++++++---------
 .../data-protection/toc.yml                   |   4 +
 .../modern-device-management/toc.yml          |   4 +
 .../network-security/toc.yml                  |   4 +
 .../system-security/toc.yml                   |  28 +++++
 .../operating-system-security/toc.yml         |  13 +++
 .../virus-and-threat-protection/toc.yml       |  19 ++++
 7 files changed, 124 insertions(+), 53 deletions(-)
 create mode 100644 windows/security/operating-system-security/data-protection/toc.yml
 create mode 100644 windows/security/operating-system-security/modern-device-management/toc.yml
 create mode 100644 windows/security/operating-system-security/network-security/toc.yml
 create mode 100644 windows/security/operating-system-security/system-security/toc.yml
 create mode 100644 windows/security/operating-system-security/toc.yml
 create mode 100644 windows/security/operating-system-security/virus-and-threat-protection/toc.yml

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index bc8331d8e0..2df32bf045 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -15,6 +15,8 @@
 - name: Hardware security
   href: hardware-security/toc.yml
 - name: Operating system security
+  href: operating-system-security/toc.yml
+- name: Operating system security (OLD)
   items:
     - name: Overview
       href: operating-system.md
@@ -49,6 +51,53 @@
           href: threat-protection\windows-defender-security-center\wdsc-family-options.md
     - name: Virus and threat protection
       items:
+      - name: Overview
+        href: threat-protection/index.md
+      - name: Microsoft Defender Antivirus
+        href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
+      - name: Attack surface reduction (ASR)
+        href: /microsoft-365/security/defender-endpoint/attack-surface-reduction
+      - name: Tamper protection for MDE
+        href: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
+      - name: Microsoft Vulnerable Driver Blocklist
+        href: threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+      - name: Controlled folder access
+        href: /microsoft-365/security/defender-endpoint/controlled-folders
+      - name: Exploit protection
+        href: /microsoft-365/security/defender-endpoint/exploit-protection
+      - name: Microsoft Defender SmartScreen
+        href: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+      - name: Microsoft Defender for Endpoint
+        href: /microsoft-365/security/defender-endpoint
+    - name: Network security
+      items:
+      - name: VPN technical guide
+        href: identity-protection/vpn/vpn-guide.md
+        items:
+        - name: VPN connection types
+          href: identity-protection/vpn/vpn-connection-type.md
+        - name: VPN routing decisions
+          href: identity-protection/vpn/vpn-routing.md
+        - name: VPN authentication options
+          href: identity-protection/vpn/vpn-authentication.md
+        - name: VPN and conditional access
+          href: identity-protection/vpn/vpn-conditional-access.md
+        - name: VPN name resolution
+          href: identity-protection/vpn/vpn-name-resolution.md
+        - name: VPN auto-triggered profile options
+          href: identity-protection/vpn/vpn-auto-trigger-profile.md
+        - name: VPN security features
+          href: identity-protection/vpn/vpn-security-features.md
+        - name: VPN profile options
+          href: identity-protection/vpn/vpn-profile-options.md
+        - name: How to configure Diffie Hellman protocol over IKEv2 VPN connections
+          href: identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
+        - name: How to use single sign-on (SSO) over VPN and Wi-Fi connections
+          href: identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+        - name: Optimizing Office 365 traffic with the Windows VPN client
+          href: identity-protection/vpn/vpn-office-365-optimization.md
+      - name: Windows Defender Firewall
+        href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
     - name: Encryption and data protection
       href: encryption-data-protection.md
       items:
@@ -158,35 +207,6 @@
         href: threat-protection/security-policy-settings/security-policy-settings.md
       - name: Security auditing
         href: threat-protection/auditing/security-auditing-overview.md
-    - name: Network security
-      items:
-      - name: VPN technical guide
-        href: identity-protection/vpn/vpn-guide.md
-        items:
-        - name: VPN connection types
-          href: identity-protection/vpn/vpn-connection-type.md
-        - name: VPN routing decisions
-          href: identity-protection/vpn/vpn-routing.md
-        - name: VPN authentication options
-          href: identity-protection/vpn/vpn-authentication.md
-        - name: VPN and conditional access
-          href: identity-protection/vpn/vpn-conditional-access.md
-        - name: VPN name resolution
-          href: identity-protection/vpn/vpn-name-resolution.md
-        - name: VPN auto-triggered profile options
-          href: identity-protection/vpn/vpn-auto-trigger-profile.md
-        - name: VPN security features
-          href: identity-protection/vpn/vpn-security-features.md
-        - name: VPN profile options
-          href: identity-protection/vpn/vpn-profile-options.md
-        - name: How to configure Diffie Hellman protocol over IKEv2 VPN connections
-          href: identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
-        - name: How to use single sign-on (SSO) over VPN and Wi-Fi connections
-          href: identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
-        - name: Optimizing Office 365 traffic with the Windows VPN client
-          href: identity-protection/vpn/vpn-office-365-optimization.md
-      - name: Windows Defender Firewall
-        href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
     - name: Windows security baselines
       href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
       items:
@@ -196,24 +216,6 @@
         href: threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
       - name: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
         href: threat-protection/mbsa-removal-and-guidance.md
-    - name: Virus & threat protection
-      items:
-      - name: Overview
-        href: threat-protection/index.md
-      - name: Microsoft Defender Antivirus
-        href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
-      - name: Attack surface reduction rules
-        href: /microsoft-365/security/defender-endpoint/attack-surface-reduction
-      - name: Tamper protection
-        href: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
-      - name: Network protection
-        href: /microsoft-365/security/defender-endpoint/network-protection
-      - name: Controlled folder access
-        href: /microsoft-365/security/defender-endpoint/controlled-folders
-      - name: Exploit protection
-        href: /microsoft-365/security/defender-endpoint/exploit-protection
-      - name: Microsoft Defender for Endpoint
-        href: /microsoft-365/security/defender-endpoint
     - name: More Windows security
       items:
       - name: Override Process Mitigation Options to help enforce app-related security policies
@@ -288,11 +290,8 @@
           href: threat-protection/windows-sandbox/windows-sandbox-architecture.md
         - name: Windows Sandbox configuration
           href: threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
-    - name: Microsoft Defender SmartScreen overview
-      href: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
-      items:
-        - name: Enhanced Phishing Protection in Microsoft Defender SmartScreen
-          href: threat-protection\microsoft-defender-smartscreen\phishing-protection-microsoft-defender-smartscreen.md
+    - name: Enhanced Phishing Protection in Microsoft Defender SmartScreen
+      href: threat-protection\microsoft-defender-smartscreen\phishing-protection-microsoft-defender-smartscreen.md
     - name: Configure S/MIME for Windows
       href: identity-protection\configure-s-mime.md
     - name: Windows Credential Theft Mitigation Guide Abstract
@@ -320,4 +319,4 @@
     - name: Common Criteria Certifications
       href: threat-protection/windows-platform-common-criteria.md
 - name: Windows Privacy
-  href: /windows/privacy/windows-10-and-privacy-compliance
+  href: /windows/privacy/windows-10-and-privacy-compliance
\ No newline at end of file
diff --git a/windows/security/operating-system-security/data-protection/toc.yml b/windows/security/operating-system-security/data-protection/toc.yml
new file mode 100644
index 0000000000..92a175b806
--- /dev/null
+++ b/windows/security/operating-system-security/data-protection/toc.yml
@@ -0,0 +1,4 @@
+items:
+  - name: Overview
+    href: ../hardware.md
+  - name: Hardware root of trust
\ No newline at end of file
diff --git a/windows/security/operating-system-security/modern-device-management/toc.yml b/windows/security/operating-system-security/modern-device-management/toc.yml
new file mode 100644
index 0000000000..92a175b806
--- /dev/null
+++ b/windows/security/operating-system-security/modern-device-management/toc.yml
@@ -0,0 +1,4 @@
+items:
+  - name: Overview
+    href: ../hardware.md
+  - name: Hardware root of trust
\ No newline at end of file
diff --git a/windows/security/operating-system-security/network-security/toc.yml b/windows/security/operating-system-security/network-security/toc.yml
new file mode 100644
index 0000000000..92a175b806
--- /dev/null
+++ b/windows/security/operating-system-security/network-security/toc.yml
@@ -0,0 +1,4 @@
+items:
+  - name: Overview
+    href: ../hardware.md
+  - name: Hardware root of trust
\ No newline at end of file
diff --git a/windows/security/operating-system-security/system-security/toc.yml b/windows/security/operating-system-security/system-security/toc.yml
new file mode 100644
index 0000000000..86abf54e55
--- /dev/null
+++ b/windows/security/operating-system-security/system-security/toc.yml
@@ -0,0 +1,28 @@
+items:
+- name: Secure the Windows boot process
+  href: ../../information-protection/secure-the-windows-10-boot-process.md
+- name: Secure Boot and Trusted Boot
+  href: ../../trusted-boot.md
+- name: Measured Boot
+  href: /windows/compatibility/measured-boot
+- name: Device health attestation service
+  href: ../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+- name: Cryptography and certificate management
+  href: ../../cryptography-certificate-mgmt.md
+- name: The Windows Security app
+  href: ../../threat-protection/windows-defender-security-center/windows-defender-security-center.md
+  items:
+  - name: Virus & threat protection
+    href: ../../threat-protection\windows-defender-security-center\wdsc-virus-threat-protection.md
+  - name: Account protection
+    href: ../../threat-protection\windows-defender-security-center\wdsc-account-protection.md
+  - name: Firewall & network protection
+    href: ../../threat-protection\windows-defender-security-center\wdsc-firewall-network-protection.md
+  - name: App & browser control
+    href: ../../threat-protection\windows-defender-security-center\wdsc-app-browser-control.md
+  - name: Device security
+    href: ../../threat-protection\windows-defender-security-center\wdsc-device-security.md
+  - name: Device performance & health
+    href: ../../threat-protection\windows-defender-security-center\wdsc-device-performance-health.md
+  - name: Family options
+    href: ../../threat-protection\windows-defender-security-center\wdsc-family-options.md
\ No newline at end of file
diff --git a/windows/security/operating-system-security/toc.yml b/windows/security/operating-system-security/toc.yml
new file mode 100644
index 0000000000..5f56835eeb
--- /dev/null
+++ b/windows/security/operating-system-security/toc.yml
@@ -0,0 +1,13 @@
+items:
+  - name: Overview
+    href: ../operating-system.md
+  - name: System security
+    href: system-security/toc.yml
+  - name: Virus and threat protection
+    href: virus-and-threat-protection/toc.yml
+  - name: Network security
+    href: network-security/toc.yml
+  - name: Data protection
+    href: data-protection/toc.yml
+  - name: Modern device management
+    href: modern-device-management/toc.yml
\ No newline at end of file
diff --git a/windows/security/operating-system-security/virus-and-threat-protection/toc.yml b/windows/security/operating-system-security/virus-and-threat-protection/toc.yml
new file mode 100644
index 0000000000..0649858634
--- /dev/null
+++ b/windows/security/operating-system-security/virus-and-threat-protection/toc.yml
@@ -0,0 +1,19 @@
+items:
+- name: Overview
+  href: ../../threat-protection/index.md
+- name: Microsoft Defender Antivirus
+  href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
+- name: Attack surface reduction (ASR)
+  href: /microsoft-365/security/defender-endpoint/attack-surface-reduction
+- name: Tamper protection for MDE
+  href: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
+- name: Microsoft Vulnerable Driver Blocklist
+  href: ../../threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+- name: Controlled folder access
+  href: /microsoft-365/security/defender-endpoint/controlled-folders
+- name: Exploit protection
+  href: /microsoft-365/security/defender-endpoint/exploit-protection
+- name: Microsoft Defender SmartScreen
+  href: ../../threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+- name: Microsoft Defender for Endpoint
+  href: /microsoft-365/security/defender-endpoint
\ No newline at end of file

From 70ff169ce936503e16bcb52f1df4dcbdc2f04c0b Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 27 Apr 2023 11:09:04 -0400
Subject: [PATCH 028/107] TOC updates

---
 windows/security/TOC.yml                      | 242 ++++++------------
 .../toc.yml                                   |   0
 .../network-security/toc.yml                  |  42 ++-
 .../operating-system-security/toc.yml         |   2 +-
 4 files changed, 121 insertions(+), 165 deletions(-)
 rename windows/security/operating-system-security/{modern-device-management => device-management}/toc.yml (100%)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 2df32bf045..ab55949d3a 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -18,166 +18,86 @@
   href: operating-system-security/toc.yml
 - name: Operating system security (OLD)
   items:
-    - name: Overview
-      href: operating-system.md
-    - name: System security
+  - name: Encryption and data protection
+    href: encryption-data-protection.md
+    items:
+    - name: Encrypted Hard Drive
+      href: information-protection/encrypted-hard-drive.md
+    - name: BitLocker
+      href: information-protection/bitlocker/bitlocker-overview.md
       items:
-      - name: Secure the Windows boot process
-        href: information-protection/secure-the-windows-10-boot-process.md
-      - name: Secure Boot and Trusted Boot
-        href: trusted-boot.md
-      - name: Measured Boot
-        href: /windows/compatibility/measured-boot
-      - name: Device health attestation service
-        href: threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
-      - name: Cryptography and certificate management
-        href: cryptography-certificate-mgmt.md
-      - name: The Windows Security app
-        href: threat-protection/windows-defender-security-center/windows-defender-security-center.md
+      - name: Overview of BitLocker Device Encryption in Windows
+        href: information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+      - name: BitLocker frequently asked questions (FAQ)
+        href: information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
         items:
-        - name: Virus & threat protection
-          href: threat-protection\windows-defender-security-center\wdsc-virus-threat-protection.md
-        - name: Account protection
-          href: threat-protection\windows-defender-security-center\wdsc-account-protection.md
-        - name: Firewall & network protection
-          href: threat-protection\windows-defender-security-center\wdsc-firewall-network-protection.md
-        - name: App & browser control
-          href: threat-protection\windows-defender-security-center\wdsc-app-browser-control.md
-        - name: Device security
-          href: threat-protection\windows-defender-security-center\wdsc-device-security.md
-        - name: Device performance & health
-          href: threat-protection\windows-defender-security-center\wdsc-device-performance-health.md
-        - name: Family options
-          href: threat-protection\windows-defender-security-center\wdsc-family-options.md
-    - name: Virus and threat protection
-      items:
-      - name: Overview
-        href: threat-protection/index.md
-      - name: Microsoft Defender Antivirus
-        href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
-      - name: Attack surface reduction (ASR)
-        href: /microsoft-365/security/defender-endpoint/attack-surface-reduction
-      - name: Tamper protection for MDE
-        href: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
-      - name: Microsoft Vulnerable Driver Blocklist
-        href: threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
-      - name: Controlled folder access
-        href: /microsoft-365/security/defender-endpoint/controlled-folders
-      - name: Exploit protection
-        href: /microsoft-365/security/defender-endpoint/exploit-protection
-      - name: Microsoft Defender SmartScreen
-        href: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
-      - name: Microsoft Defender for Endpoint
-        href: /microsoft-365/security/defender-endpoint
-    - name: Network security
-      items:
-      - name: VPN technical guide
-        href: identity-protection/vpn/vpn-guide.md
+          - name: Overview and requirements
+            href: information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
+          - name: Upgrading
+            href: information-protection/bitlocker/bitlocker-upgrading-faq.yml
+          - name: Deployment and administration
+            href: information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
+          - name: Key management
+            href: information-protection/bitlocker/bitlocker-key-management-faq.yml
+          - name: BitLocker To Go
+            href: information-protection/bitlocker/bitlocker-to-go-faq.yml
+          - name: Active Directory Domain Services
+            href: information-protection/bitlocker/bitlocker-and-adds-faq.yml
+          - name: Security
+            href: information-protection/bitlocker/bitlocker-security-faq.yml
+          - name: BitLocker Network Unlock
+            href: information-protection/bitlocker/bitlocker-network-unlock-faq.yml
+          - name: General
+            href: information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
+      - name: "Prepare your organization for BitLocker: Planning and policies"
+        href: information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
+      - name: BitLocker deployment comparison
+        href: information-protection/bitlocker/bitlocker-deployment-comparison.md
+      - name: BitLocker basic deployment
+        href: information-protection/bitlocker/bitlocker-basic-deployment.md
+      - name: Deploy BitLocker on Windows Server 2012 and later
+        href: information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
+      - name: BitLocker management for enterprises
+        href: information-protection/bitlocker/bitlocker-management-for-enterprises.md
+      - name: Enable Network Unlock with BitLocker
+        href: information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
+      - name: Use BitLocker Drive Encryption Tools to manage BitLocker
+        href: information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+      - name: Use BitLocker Recovery Password Viewer
+        href: information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
+      - name: BitLocker Group Policy settings
+        href: information-protection/bitlocker/bitlocker-group-policy-settings.md
+      - name: BCD settings and BitLocker
+        href: information-protection/bitlocker/bcd-settings-and-bitlocker.md
+      - name: BitLocker Recovery Guide
+        href: information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+      - name: BitLocker Countermeasures
+        href: information-protection/bitlocker/bitlocker-countermeasures.md
+      - name: Protecting cluster shared volumes and storage area networks with BitLocker
+        href: information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+      - name: Troubleshoot BitLocker
         items:
-        - name: VPN connection types
-          href: identity-protection/vpn/vpn-connection-type.md
-        - name: VPN routing decisions
-          href: identity-protection/vpn/vpn-routing.md
-        - name: VPN authentication options
-          href: identity-protection/vpn/vpn-authentication.md
-        - name: VPN and conditional access
-          href: identity-protection/vpn/vpn-conditional-access.md
-        - name: VPN name resolution
-          href: identity-protection/vpn/vpn-name-resolution.md
-        - name: VPN auto-triggered profile options
-          href: identity-protection/vpn/vpn-auto-trigger-profile.md
-        - name: VPN security features
-          href: identity-protection/vpn/vpn-security-features.md
-        - name: VPN profile options
-          href: identity-protection/vpn/vpn-profile-options.md
-        - name: How to configure Diffie Hellman protocol over IKEv2 VPN connections
-          href: identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
-        - name: How to use single sign-on (SSO) over VPN and Wi-Fi connections
-          href: identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
-        - name: Optimizing Office 365 traffic with the Windows VPN client
-          href: identity-protection/vpn/vpn-office-365-optimization.md
-      - name: Windows Defender Firewall
-        href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
-    - name: Encryption and data protection
-      href: encryption-data-protection.md
-      items:
-      - name: Encrypted Hard Drive
-        href: information-protection/encrypted-hard-drive.md
-      - name: BitLocker
-        href: information-protection/bitlocker/bitlocker-overview.md
-        items:
-        - name: Overview of BitLocker Device Encryption in Windows
-          href: information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
-        - name: BitLocker frequently asked questions (FAQ)
-          href: information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
-          items:
-            - name: Overview and requirements
-              href: information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
-            - name: Upgrading
-              href: information-protection/bitlocker/bitlocker-upgrading-faq.yml
-            - name: Deployment and administration
-              href: information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
-            - name: Key management
-              href: information-protection/bitlocker/bitlocker-key-management-faq.yml
-            - name: BitLocker To Go
-              href: information-protection/bitlocker/bitlocker-to-go-faq.yml
-            - name: Active Directory Domain Services
-              href: information-protection/bitlocker/bitlocker-and-adds-faq.yml
-            - name: Security
-              href: information-protection/bitlocker/bitlocker-security-faq.yml
-            - name: BitLocker Network Unlock
-              href: information-protection/bitlocker/bitlocker-network-unlock-faq.yml
-            - name: General
-              href: information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
-        - name: "Prepare your organization for BitLocker: Planning and policies"
-          href: information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
-        - name: BitLocker deployment comparison
-          href: information-protection/bitlocker/bitlocker-deployment-comparison.md
-        - name: BitLocker basic deployment
-          href: information-protection/bitlocker/bitlocker-basic-deployment.md
-        - name: Deploy BitLocker on Windows Server 2012 and later
-          href: information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
-        - name: BitLocker management for enterprises
-          href: information-protection/bitlocker/bitlocker-management-for-enterprises.md
-        - name: Enable Network Unlock with BitLocker
-          href: information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
-        - name: Use BitLocker Drive Encryption Tools to manage BitLocker
-          href: information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
-        - name: Use BitLocker Recovery Password Viewer
-          href: information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
-        - name: BitLocker Group Policy settings
-          href: information-protection/bitlocker/bitlocker-group-policy-settings.md
-        - name: BCD settings and BitLocker
-          href: information-protection/bitlocker/bcd-settings-and-bitlocker.md
-        - name: BitLocker Recovery Guide
-          href: information-protection/bitlocker/bitlocker-recovery-guide-plan.md
-        - name: BitLocker Countermeasures
-          href: information-protection/bitlocker/bitlocker-countermeasures.md
-        - name: Protecting cluster shared volumes and storage area networks with BitLocker
-          href: information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
-        - name: Troubleshoot BitLocker
-          items:
-            - name: Troubleshoot BitLocker
-              href: /troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting
-            - name: "BitLocker cannot encrypt a drive: known issues"
-              href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-issues
-            - name: "Enforcing BitLocker policies by using Intune: known issues"
-              href: /troubleshoot/windows-client/windows-security/enforcing-bitlocker-policies-by-using-intune-known-issues
-            - name: "BitLocker Network Unlock: known issues"
-              href: /troubleshoot/windows-client/windows-security/bitlocker-network-unlock-known-issues
-            - name: "BitLocker recovery: known issues"
-              href: /troubleshoot/windows-client/windows-security/bitlocker-recovery-known-issues
-            - name: "BitLocker configuration: known issues"
-              href: /troubleshoot/windows-client/windows-security/bitlocker-configuration-known-issues
-            - name: Troubleshoot BitLocker and TPM issues
-              items:
-                - name: "BitLocker cannot encrypt a drive: known TPM issues"
-                  href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-tpm-issues
-                - name: "BitLocker and TPM: other known issues"
-                  href: /troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues
-                - name: Decode Measured Boot logs to track PCR changes
-                  href: /troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes
-    - name: Personal Data Encryption (PDE)
+          - name: Troubleshoot BitLocker
+            href: /troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting
+          - name: "BitLocker cannot encrypt a drive: known issues"
+            href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-issues
+          - name: "Enforcing BitLocker policies by using Intune: known issues"
+            href: /troubleshoot/windows-client/windows-security/enforcing-bitlocker-policies-by-using-intune-known-issues
+          - name: "BitLocker Network Unlock: known issues"
+            href: /troubleshoot/windows-client/windows-security/bitlocker-network-unlock-known-issues
+          - name: "BitLocker recovery: known issues"
+            href: /troubleshoot/windows-client/windows-security/bitlocker-recovery-known-issues
+          - name: "BitLocker configuration: known issues"
+            href: /troubleshoot/windows-client/windows-security/bitlocker-configuration-known-issues
+          - name: Troubleshoot BitLocker and TPM issues
+            items:
+              - name: "BitLocker cannot encrypt a drive: known TPM issues"
+                href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-tpm-issues
+              - name: "BitLocker and TPM: other known issues"
+                href: /troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues
+              - name: Decode Measured Boot logs to track PCR changes
+                href: /troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes
+  - name: Personal Data Encryption (PDE)
       items:
       - name: Personal Data Encryption (PDE) overview
         href: information-protection/personal-data-encryption/overview-pde.md
@@ -199,15 +119,15 @@
           href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md
         - name: Disable allowing users to select when a password is required when resuming from connected standby for PDE
           href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md
-    - name: Configure S/MIME for Windows
+  - name: Configure S/MIME for Windows
       href: identity-protection/configure-s-mime.md
-    - name: Device management
+  - name: Device management
       items:
       - name: Security policy settings
         href: threat-protection/security-policy-settings/security-policy-settings.md
       - name: Security auditing
         href: threat-protection/auditing/security-auditing-overview.md
-    - name: Windows security baselines
+  - name: Windows security baselines
       href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
       items:
       - name: Security Compliance Toolkit
@@ -216,7 +136,7 @@
         href: threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
       - name: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
         href: threat-protection/mbsa-removal-and-guidance.md
-    - name: More Windows security
+  - name: More Windows security
       items:
       - name: Override Process Mitigation Options to help enforce app-related security policies
         href: threat-protection/override-mitigation-options-for-app-related-security-policies.md
diff --git a/windows/security/operating-system-security/modern-device-management/toc.yml b/windows/security/operating-system-security/device-management/toc.yml
similarity index 100%
rename from windows/security/operating-system-security/modern-device-management/toc.yml
rename to windows/security/operating-system-security/device-management/toc.yml
diff --git a/windows/security/operating-system-security/network-security/toc.yml b/windows/security/operating-system-security/network-security/toc.yml
index 92a175b806..af372280a4 100644
--- a/windows/security/operating-system-security/network-security/toc.yml
+++ b/windows/security/operating-system-security/network-security/toc.yml
@@ -1,4 +1,40 @@
 items:
-  - name: Overview
-    href: ../hardware.md
-  - name: Hardware root of trust
\ No newline at end of file
+- name: Transport layer security (TLS)
+  href: /windows-server/security/tls/tls-ssl-schannel-ssp-overview
+- name: WiFi Security
+  href: https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09
+- name: Windows Firewall
+  href: ../../threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+- name: Virtual Private Network (VPN)
+  href: ../../identity-protection/vpn/vpn-guide.md
+  items:
+  - name: VPN connection types
+    href: ../../identity-protection/vpn/vpn-connection-type.md
+  - name: VPN routing decisions
+    href: ../../identity-protection/vpn/vpn-routing.md
+  - name: VPN authentication options
+    href: ../../identity-protection/vpn/vpn-authentication.md
+  - name: VPN and conditional access
+    href: ../../identity-protection/vpn/vpn-conditional-access.md
+  - name: VPN name resolution
+    href: ../../identity-protection/vpn/vpn-name-resolution.md
+  - name: VPN auto-triggered profile options
+    href: ../../identity-protection/vpn/vpn-auto-trigger-profile.md
+  - name: VPN security features
+    href: ../../identity-protection/vpn/vpn-security-features.md
+  - name: VPN profile options
+    href: ../../identity-protection/vpn/vpn-profile-options.md
+  - name: How to configure Diffie Hellman protocol over IKEv2 VPN connections
+    href: ../../identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
+  - name: How to use single sign-on (SSO) over VPN and Wi-Fi connections
+    href: ../../identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+  - name: Optimizing Office 365 traffic with the Windows VPN client
+    href: ../../identity-protection/vpn/vpn-office-365-optimization.md
+- name: Always On VPN
+  href: /windows-server/remote/remote-access/vpn/always-on-vpn/
+- name: Direct Access
+  href: /windows-server/remote/remote-access/directaccess/directaccess
+- name: Server Message Block (SMB) file service
+  href: /windows-server/storage/file-server/file-server-smb-overview
+- name: Server Message Block Direct (SMB Direct)
+  href: /windows-server/storage/file-server/smb-direct
\ No newline at end of file
diff --git a/windows/security/operating-system-security/toc.yml b/windows/security/operating-system-security/toc.yml
index 5f56835eeb..d5b5e71a52 100644
--- a/windows/security/operating-system-security/toc.yml
+++ b/windows/security/operating-system-security/toc.yml
@@ -10,4 +10,4 @@ items:
   - name: Data protection
     href: data-protection/toc.yml
   - name: Modern device management
-    href: modern-device-management/toc.yml
\ No newline at end of file
+    href: device-management/toc.yml
\ No newline at end of file

From 8f6fddec3811a254482f9e3edf611d0bad87ef6e Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 27 Apr 2023 11:11:37 -0400
Subject: [PATCH 029/107] updates

---
 windows/security/TOC.yml | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index ab55949d3a..35e668eb8d 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -31,24 +31,24 @@
       - name: BitLocker frequently asked questions (FAQ)
         href: information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
         items:
-          - name: Overview and requirements
-            href: information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
-          - name: Upgrading
-            href: information-protection/bitlocker/bitlocker-upgrading-faq.yml
-          - name: Deployment and administration
-            href: information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
-          - name: Key management
-            href: information-protection/bitlocker/bitlocker-key-management-faq.yml
-          - name: BitLocker To Go
-            href: information-protection/bitlocker/bitlocker-to-go-faq.yml
-          - name: Active Directory Domain Services
-            href: information-protection/bitlocker/bitlocker-and-adds-faq.yml
-          - name: Security
-            href: information-protection/bitlocker/bitlocker-security-faq.yml
-          - name: BitLocker Network Unlock
-            href: information-protection/bitlocker/bitlocker-network-unlock-faq.yml
-          - name: General
-            href: information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
+        - name: Overview and requirements
+          href: information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
+        - name: Upgrading
+          href: information-protection/bitlocker/bitlocker-upgrading-faq.yml
+        - name: Deployment and administration
+          href: information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
+        - name: Key management
+          href: information-protection/bitlocker/bitlocker-key-management-faq.yml
+        - name: BitLocker To Go
+          href: information-protection/bitlocker/bitlocker-to-go-faq.yml
+        - name: Active Directory Domain Services
+          href: information-protection/bitlocker/bitlocker-and-adds-faq.yml
+        - name: Security
+          href: information-protection/bitlocker/bitlocker-security-faq.yml
+        - name: BitLocker Network Unlock
+          href: information-protection/bitlocker/bitlocker-network-unlock-faq.yml
+        - name: General
+          href: information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
       - name: "Prepare your organization for BitLocker: Planning and policies"
         href: information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
       - name: BitLocker deployment comparison

From 705752a57917276936328244f6955172490a7509 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 27 Apr 2023 11:19:51 -0400
Subject: [PATCH 030/107] updates

---
 windows/security/TOC.yml                      | 177 ------------------
 .../data-protection/toc.yml                   | 106 ++++++++++-
 .../device-management/toc.yml                 |  75 +++++++-
 3 files changed, 175 insertions(+), 183 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 35e668eb8d..bcaab2b498 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -16,183 +16,6 @@
   href: hardware-security/toc.yml
 - name: Operating system security
   href: operating-system-security/toc.yml
-- name: Operating system security (OLD)
-  items:
-  - name: Encryption and data protection
-    href: encryption-data-protection.md
-    items:
-    - name: Encrypted Hard Drive
-      href: information-protection/encrypted-hard-drive.md
-    - name: BitLocker
-      href: information-protection/bitlocker/bitlocker-overview.md
-      items:
-      - name: Overview of BitLocker Device Encryption in Windows
-        href: information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
-      - name: BitLocker frequently asked questions (FAQ)
-        href: information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
-        items:
-        - name: Overview and requirements
-          href: information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
-        - name: Upgrading
-          href: information-protection/bitlocker/bitlocker-upgrading-faq.yml
-        - name: Deployment and administration
-          href: information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
-        - name: Key management
-          href: information-protection/bitlocker/bitlocker-key-management-faq.yml
-        - name: BitLocker To Go
-          href: information-protection/bitlocker/bitlocker-to-go-faq.yml
-        - name: Active Directory Domain Services
-          href: information-protection/bitlocker/bitlocker-and-adds-faq.yml
-        - name: Security
-          href: information-protection/bitlocker/bitlocker-security-faq.yml
-        - name: BitLocker Network Unlock
-          href: information-protection/bitlocker/bitlocker-network-unlock-faq.yml
-        - name: General
-          href: information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
-      - name: "Prepare your organization for BitLocker: Planning and policies"
-        href: information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
-      - name: BitLocker deployment comparison
-        href: information-protection/bitlocker/bitlocker-deployment-comparison.md
-      - name: BitLocker basic deployment
-        href: information-protection/bitlocker/bitlocker-basic-deployment.md
-      - name: Deploy BitLocker on Windows Server 2012 and later
-        href: information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
-      - name: BitLocker management for enterprises
-        href: information-protection/bitlocker/bitlocker-management-for-enterprises.md
-      - name: Enable Network Unlock with BitLocker
-        href: information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
-      - name: Use BitLocker Drive Encryption Tools to manage BitLocker
-        href: information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
-      - name: Use BitLocker Recovery Password Viewer
-        href: information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
-      - name: BitLocker Group Policy settings
-        href: information-protection/bitlocker/bitlocker-group-policy-settings.md
-      - name: BCD settings and BitLocker
-        href: information-protection/bitlocker/bcd-settings-and-bitlocker.md
-      - name: BitLocker Recovery Guide
-        href: information-protection/bitlocker/bitlocker-recovery-guide-plan.md
-      - name: BitLocker Countermeasures
-        href: information-protection/bitlocker/bitlocker-countermeasures.md
-      - name: Protecting cluster shared volumes and storage area networks with BitLocker
-        href: information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
-      - name: Troubleshoot BitLocker
-        items:
-          - name: Troubleshoot BitLocker
-            href: /troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting
-          - name: "BitLocker cannot encrypt a drive: known issues"
-            href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-issues
-          - name: "Enforcing BitLocker policies by using Intune: known issues"
-            href: /troubleshoot/windows-client/windows-security/enforcing-bitlocker-policies-by-using-intune-known-issues
-          - name: "BitLocker Network Unlock: known issues"
-            href: /troubleshoot/windows-client/windows-security/bitlocker-network-unlock-known-issues
-          - name: "BitLocker recovery: known issues"
-            href: /troubleshoot/windows-client/windows-security/bitlocker-recovery-known-issues
-          - name: "BitLocker configuration: known issues"
-            href: /troubleshoot/windows-client/windows-security/bitlocker-configuration-known-issues
-          - name: Troubleshoot BitLocker and TPM issues
-            items:
-              - name: "BitLocker cannot encrypt a drive: known TPM issues"
-                href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-tpm-issues
-              - name: "BitLocker and TPM: other known issues"
-                href: /troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues
-              - name: Decode Measured Boot logs to track PCR changes
-                href: /troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes
-  - name: Personal Data Encryption (PDE)
-      items:
-      - name: Personal Data Encryption (PDE) overview
-        href: information-protection/personal-data-encryption/overview-pde.md
-      - name: Personal Data Encryption (PDE) frequently asked questions (FAQ)
-        href: information-protection/personal-data-encryption/faq-pde.yml
-      - name: Configure Personal Data Encryption (PDE) in Intune
-        items:
-        - name: Configure Personal Data Encryption (PDE) in Intune
-          href: information-protection/personal-data-encryption/configure-pde-in-intune.md
-        - name: Enable Personal Data Encryption (PDE)
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-enable-pde.md
-        - name: Disable Winlogon automatic restart sign-on (ARSO) for PDE
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-arso.md
-        - name: Disable kernel-mode crash dumps and live dumps for PDE
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-memory-dumps.md
-        - name: Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-wer.md
-        - name: Disable hibernation for PDE
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md
-        - name: Disable allowing users to select when a password is required when resuming from connected standby for PDE
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md
-  - name: Configure S/MIME for Windows
-      href: identity-protection/configure-s-mime.md
-  - name: Device management
-      items:
-      - name: Security policy settings
-        href: threat-protection/security-policy-settings/security-policy-settings.md
-      - name: Security auditing
-        href: threat-protection/auditing/security-auditing-overview.md
-  - name: Windows security baselines
-      href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
-      items:
-      - name: Security Compliance Toolkit
-        href: threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
-      - name: Get support
-        href: threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
-      - name: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
-        href: threat-protection/mbsa-removal-and-guidance.md
-  - name: More Windows security
-      items:
-      - name: Override Process Mitigation Options to help enforce app-related security policies
-        href: threat-protection/override-mitigation-options-for-app-related-security-policies.md
-      - name: Use Windows Event Forwarding to help with intrusion detection
-        href: threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
-      - name: Block untrusted fonts in an enterprise
-        href: threat-protection/block-untrusted-fonts-in-enterprise.md
-      - name: Windows Information Protection (WIP)
-        href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
-        items:
-          - name: Create a WIP policy using Microsoft Intune
-            href: information-protection/windows-information-protection/overview-create-wip-policy.md
-            items:
-            - name: Create a WIP policy in Microsoft Intune
-              href: information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
-              items:
-                - name: Deploy your WIP policy in Microsoft Intune
-                  href: information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
-                - name: Associate and deploy a VPN policy for WIP in Microsoft Intune
-                  href: information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
-            - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
-              href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
-            - name: Determine the enterprise context of an app running in WIP
-              href: information-protection/windows-information-protection/wip-app-enterprise-context.md
-          - name: Create a WIP policy using Microsoft Configuration Manager
-            href: information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
-            items:
-            - name: Create and deploy a WIP policy in Configuration Manager
-              href: information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
-            - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
-              href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
-            - name: Determine the enterprise context of an app running in WIP
-              href: information-protection/windows-information-protection/wip-app-enterprise-context.md
-          - name: Mandatory tasks and settings required to turn on WIP
-            href: information-protection/windows-information-protection/mandatory-settings-for-wip.md
-          - name: Testing scenarios for WIP
-            href: information-protection/windows-information-protection/testing-scenarios-for-wip.md
-          - name: Limitations while using WIP
-            href: information-protection/windows-information-protection/limitations-with-wip.md
-          - name: How to collect WIP audit event logs
-            href: information-protection/windows-information-protection/collect-wip-audit-event-logs.md
-          - name: General guidance and best practices for WIP
-            href: information-protection/windows-information-protection/guidance-and-best-practices-wip.md
-            items:
-            - name: Enlightened apps for use with WIP
-              href: information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
-            - name: Unenlightened and enlightened app behavior while using WIP
-              href: information-protection/windows-information-protection/app-behavior-with-wip.md
-            - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP
-              href: information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
-            - name: Using Outlook Web Access with WIP
-              href: information-protection/windows-information-protection/using-owa-with-wip.md
-          - name: Fine-tune WIP Learning
-            href: information-protection/windows-information-protection/wip-learning.md
-          - name: Disable WIP
-            href: information-protection/windows-information-protection/how-to-disable-wip.md
 - name: Application security
   items:
     - name: Overview
diff --git a/windows/security/operating-system-security/data-protection/toc.yml b/windows/security/operating-system-security/data-protection/toc.yml
index 92a175b806..f78505b3b7 100644
--- a/windows/security/operating-system-security/data-protection/toc.yml
+++ b/windows/security/operating-system-security/data-protection/toc.yml
@@ -1,4 +1,104 @@
 items:
-  - name: Overview
-    href: ../hardware.md
-  - name: Hardware root of trust
\ No newline at end of file
+  - name: Encryption and data protection
+    href: encryption-data-protection.md
+    items:
+    - name: Encrypted Hard Drive
+      href: information-protection/encrypted-hard-drive.md
+    - name: BitLocker
+      href: information-protection/bitlocker/bitlocker-overview.md
+      items:
+      - name: Overview of BitLocker Device Encryption in Windows
+        href: information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+      - name: BitLocker frequently asked questions (FAQ)
+        href: information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
+        items:
+        - name: Overview and requirements
+          href: information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
+        - name: Upgrading
+          href: information-protection/bitlocker/bitlocker-upgrading-faq.yml
+        - name: Deployment and administration
+          href: information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
+        - name: Key management
+          href: information-protection/bitlocker/bitlocker-key-management-faq.yml
+        - name: BitLocker To Go
+          href: information-protection/bitlocker/bitlocker-to-go-faq.yml
+        - name: Active Directory Domain Services
+          href: information-protection/bitlocker/bitlocker-and-adds-faq.yml
+        - name: Security
+          href: information-protection/bitlocker/bitlocker-security-faq.yml
+        - name: BitLocker Network Unlock
+          href: information-protection/bitlocker/bitlocker-network-unlock-faq.yml
+        - name: General
+          href: information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
+      - name: "Prepare your organization for BitLocker: Planning and policies"
+        href: information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
+      - name: BitLocker deployment comparison
+        href: information-protection/bitlocker/bitlocker-deployment-comparison.md
+      - name: BitLocker basic deployment
+        href: information-protection/bitlocker/bitlocker-basic-deployment.md
+      - name: Deploy BitLocker on Windows Server 2012 and later
+        href: information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
+      - name: BitLocker management for enterprises
+        href: information-protection/bitlocker/bitlocker-management-for-enterprises.md
+      - name: Enable Network Unlock with BitLocker
+        href: information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
+      - name: Use BitLocker Drive Encryption Tools to manage BitLocker
+        href: information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+      - name: Use BitLocker Recovery Password Viewer
+        href: information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
+      - name: BitLocker Group Policy settings
+        href: information-protection/bitlocker/bitlocker-group-policy-settings.md
+      - name: BCD settings and BitLocker
+        href: information-protection/bitlocker/bcd-settings-and-bitlocker.md
+      - name: BitLocker Recovery Guide
+        href: information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+      - name: BitLocker Countermeasures
+        href: information-protection/bitlocker/bitlocker-countermeasures.md
+      - name: Protecting cluster shared volumes and storage area networks with BitLocker
+        href: information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+      - name: Troubleshoot BitLocker
+        items:
+          - name: Troubleshoot BitLocker
+            href: /troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting
+          - name: "BitLocker cannot encrypt a drive: known issues"
+            href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-issues
+          - name: "Enforcing BitLocker policies by using Intune: known issues"
+            href: /troubleshoot/windows-client/windows-security/enforcing-bitlocker-policies-by-using-intune-known-issues
+          - name: "BitLocker Network Unlock: known issues"
+            href: /troubleshoot/windows-client/windows-security/bitlocker-network-unlock-known-issues
+          - name: "BitLocker recovery: known issues"
+            href: /troubleshoot/windows-client/windows-security/bitlocker-recovery-known-issues
+          - name: "BitLocker configuration: known issues"
+            href: /troubleshoot/windows-client/windows-security/bitlocker-configuration-known-issues
+          - name: Troubleshoot BitLocker and TPM issues
+            items:
+              - name: "BitLocker cannot encrypt a drive: known TPM issues"
+                href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-tpm-issues
+              - name: "BitLocker and TPM: other known issues"
+                href: /troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues
+              - name: Decode Measured Boot logs to track PCR changes
+                href: /troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes
+    - name: Personal Data Encryption (PDE)
+      items:
+      - name: Personal Data Encryption (PDE) overview
+        href: information-protection/personal-data-encryption/overview-pde.md
+      - name: Personal Data Encryption (PDE) frequently asked questions (FAQ)
+        href: information-protection/personal-data-encryption/faq-pde.yml
+      - name: Configure Personal Data Encryption (PDE) in Intune
+        items:
+        - name: Configure Personal Data Encryption (PDE) in Intune
+          href: information-protection/personal-data-encryption/configure-pde-in-intune.md
+        - name: Enable Personal Data Encryption (PDE)
+          href: information-protection/personal-data-encryption/pde-in-intune/intune-enable-pde.md
+        - name: Disable Winlogon automatic restart sign-on (ARSO) for PDE
+          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-arso.md
+        - name: Disable kernel-mode crash dumps and live dumps for PDE
+          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-memory-dumps.md
+        - name: Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE
+          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-wer.md
+        - name: Disable hibernation for PDE
+          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md
+        - name: Disable allowing users to select when a password is required when resuming from connected standby for PDE
+          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md
+    - name: Configure S/MIME for Windows
+      href: identity-protection/configure-s-mime.md
\ No newline at end of file
diff --git a/windows/security/operating-system-security/device-management/toc.yml b/windows/security/operating-system-security/device-management/toc.yml
index 92a175b806..06f1c70e75 100644
--- a/windows/security/operating-system-security/device-management/toc.yml
+++ b/windows/security/operating-system-security/device-management/toc.yml
@@ -1,4 +1,73 @@
 items:
-  - name: Overview
-    href: ../hardware.md
-  - name: Hardware root of trust
\ No newline at end of file
+  - name: Device management
+    items:
+    - name: Security policy settings
+      href: threat-protection/security-policy-settings/security-policy-settings.md
+    - name: Security auditing
+      href: threat-protection/auditing/security-auditing-overview.md
+  - name: Windows security baselines
+    href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+    items:
+    - name: Security Compliance Toolkit
+      href: threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+    - name: Get support
+      href: threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
+    - name: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
+      href: threat-protection/mbsa-removal-and-guidance.md
+  - name: More Windows security
+    items:
+    - name: Override Process Mitigation Options to help enforce app-related security policies
+      href: threat-protection/override-mitigation-options-for-app-related-security-policies.md
+    - name: Use Windows Event Forwarding to help with intrusion detection
+      href: threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+    - name: Block untrusted fonts in an enterprise
+      href: threat-protection/block-untrusted-fonts-in-enterprise.md
+    - name: Windows Information Protection (WIP)
+      href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
+      items:
+        - name: Create a WIP policy using Microsoft Intune
+          href: information-protection/windows-information-protection/overview-create-wip-policy.md
+          items:
+          - name: Create a WIP policy in Microsoft Intune
+            href: information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+            items:
+              - name: Deploy your WIP policy in Microsoft Intune
+                href: information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
+              - name: Associate and deploy a VPN policy for WIP in Microsoft Intune
+                href: information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
+          - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
+            href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+          - name: Determine the enterprise context of an app running in WIP
+            href: information-protection/windows-information-protection/wip-app-enterprise-context.md
+        - name: Create a WIP policy using Microsoft Configuration Manager
+          href: information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
+          items:
+          - name: Create and deploy a WIP policy in Configuration Manager
+            href: information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
+          - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
+            href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+          - name: Determine the enterprise context of an app running in WIP
+            href: information-protection/windows-information-protection/wip-app-enterprise-context.md
+        - name: Mandatory tasks and settings required to turn on WIP
+          href: information-protection/windows-information-protection/mandatory-settings-for-wip.md
+        - name: Testing scenarios for WIP
+          href: information-protection/windows-information-protection/testing-scenarios-for-wip.md
+        - name: Limitations while using WIP
+          href: information-protection/windows-information-protection/limitations-with-wip.md
+        - name: How to collect WIP audit event logs
+          href: information-protection/windows-information-protection/collect-wip-audit-event-logs.md
+        - name: General guidance and best practices for WIP
+          href: information-protection/windows-information-protection/guidance-and-best-practices-wip.md
+          items:
+          - name: Enlightened apps for use with WIP
+            href: information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+          - name: Unenlightened and enlightened app behavior while using WIP
+            href: information-protection/windows-information-protection/app-behavior-with-wip.md
+          - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP
+            href: information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
+          - name: Using Outlook Web Access with WIP
+            href: information-protection/windows-information-protection/using-owa-with-wip.md
+        - name: Fine-tune WIP Learning
+          href: information-protection/windows-information-protection/wip-learning.md
+        - name: Disable WIP
+            href: information-protection/windows-information-protection/how-to-disable-wip.md
\ No newline at end of file

From 05fb8141a86cfd16b36706b1944743cfcd1dd64a Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 27 Apr 2023 11:26:29 -0400
Subject: [PATCH 031/107] updates

---
 .../data-protection/toc.yml                   | 198 +++++++++---------
 .../device-management/toc.yml                 | 140 ++++++-------
 2 files changed, 169 insertions(+), 169 deletions(-)

diff --git a/windows/security/operating-system-security/data-protection/toc.yml b/windows/security/operating-system-security/data-protection/toc.yml
index f78505b3b7..8d511a2659 100644
--- a/windows/security/operating-system-security/data-protection/toc.yml
+++ b/windows/security/operating-system-security/data-protection/toc.yml
@@ -1,104 +1,104 @@
 items:
-  - name: Encryption and data protection
-    href: encryption-data-protection.md
+- name: Encryption and data protection
+  href: ../../encryption-data-protection.md
+  items:
+  - name: Encrypted Hard Drive
+    href: ../../information-protection/encrypted-hard-drive.md
+  - name: BitLocker
+    href: ../../information-protection/bitlocker/bitlocker-overview.md
     items:
-    - name: Encrypted Hard Drive
-      href: information-protection/encrypted-hard-drive.md
-    - name: BitLocker
-      href: information-protection/bitlocker/bitlocker-overview.md
+    - name: Overview of BitLocker Device Encryption in Windows
+      href: ../../information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+    - name: BitLocker frequently asked questions (FAQ)
+      href: ../../information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
       items:
-      - name: Overview of BitLocker Device Encryption in Windows
-        href: information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
-      - name: BitLocker frequently asked questions (FAQ)
-        href: information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
-        items:
-        - name: Overview and requirements
-          href: information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
-        - name: Upgrading
-          href: information-protection/bitlocker/bitlocker-upgrading-faq.yml
-        - name: Deployment and administration
-          href: information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
-        - name: Key management
-          href: information-protection/bitlocker/bitlocker-key-management-faq.yml
-        - name: BitLocker To Go
-          href: information-protection/bitlocker/bitlocker-to-go-faq.yml
-        - name: Active Directory Domain Services
-          href: information-protection/bitlocker/bitlocker-and-adds-faq.yml
-        - name: Security
-          href: information-protection/bitlocker/bitlocker-security-faq.yml
-        - name: BitLocker Network Unlock
-          href: information-protection/bitlocker/bitlocker-network-unlock-faq.yml
-        - name: General
-          href: information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
-      - name: "Prepare your organization for BitLocker: Planning and policies"
-        href: information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
-      - name: BitLocker deployment comparison
-        href: information-protection/bitlocker/bitlocker-deployment-comparison.md
-      - name: BitLocker basic deployment
-        href: information-protection/bitlocker/bitlocker-basic-deployment.md
-      - name: Deploy BitLocker on Windows Server 2012 and later
-        href: information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
-      - name: BitLocker management for enterprises
-        href: information-protection/bitlocker/bitlocker-management-for-enterprises.md
-      - name: Enable Network Unlock with BitLocker
-        href: information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
-      - name: Use BitLocker Drive Encryption Tools to manage BitLocker
-        href: information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
-      - name: Use BitLocker Recovery Password Viewer
-        href: information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
-      - name: BitLocker Group Policy settings
-        href: information-protection/bitlocker/bitlocker-group-policy-settings.md
-      - name: BCD settings and BitLocker
-        href: information-protection/bitlocker/bcd-settings-and-bitlocker.md
-      - name: BitLocker Recovery Guide
-        href: information-protection/bitlocker/bitlocker-recovery-guide-plan.md
-      - name: BitLocker Countermeasures
-        href: information-protection/bitlocker/bitlocker-countermeasures.md
-      - name: Protecting cluster shared volumes and storage area networks with BitLocker
-        href: information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
-      - name: Troubleshoot BitLocker
-        items:
-          - name: Troubleshoot BitLocker
-            href: /troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting
-          - name: "BitLocker cannot encrypt a drive: known issues"
-            href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-issues
-          - name: "Enforcing BitLocker policies by using Intune: known issues"
-            href: /troubleshoot/windows-client/windows-security/enforcing-bitlocker-policies-by-using-intune-known-issues
-          - name: "BitLocker Network Unlock: known issues"
-            href: /troubleshoot/windows-client/windows-security/bitlocker-network-unlock-known-issues
-          - name: "BitLocker recovery: known issues"
-            href: /troubleshoot/windows-client/windows-security/bitlocker-recovery-known-issues
-          - name: "BitLocker configuration: known issues"
-            href: /troubleshoot/windows-client/windows-security/bitlocker-configuration-known-issues
-          - name: Troubleshoot BitLocker and TPM issues
-            items:
-              - name: "BitLocker cannot encrypt a drive: known TPM issues"
-                href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-tpm-issues
-              - name: "BitLocker and TPM: other known issues"
-                href: /troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues
-              - name: Decode Measured Boot logs to track PCR changes
-                href: /troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes
-    - name: Personal Data Encryption (PDE)
+      - name: Overview and requirements
+        href: ../../information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
+      - name: Upgrading
+        href: ../../information-protection/bitlocker/bitlocker-upgrading-faq.yml
+      - name: Deployment and administration
+        href: ../../information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
+      - name: Key management
+        href: ../../information-protection/bitlocker/bitlocker-key-management-faq.yml
+      - name: BitLocker To Go
+        href: ../../information-protection/bitlocker/bitlocker-to-go-faq.yml
+      - name: Active Directory Domain Services
+        href: ../../information-protection/bitlocker/bitlocker-and-adds-faq.yml
+      - name: Security
+        href: ../../information-protection/bitlocker/bitlocker-security-faq.yml
+      - name: BitLocker Network Unlock
+        href: ../../information-protection/bitlocker/bitlocker-network-unlock-faq.yml
+      - name: General
+        href: ../../information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
+    - name: "Prepare your organization for BitLocker: Planning and policies"
+      href: ../../information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
+    - name: BitLocker deployment comparison
+      href: ../../information-protection/bitlocker/bitlocker-deployment-comparison.md
+    - name: BitLocker basic deployment
+      href: ../../information-protection/bitlocker/bitlocker-basic-deployment.md
+    - name: Deploy BitLocker on Windows Server 2012 and later
+      href: ../../information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
+    - name: BitLocker management for enterprises
+      href: ../../information-protection/bitlocker/bitlocker-management-for-enterprises.md
+    - name: Enable Network Unlock with BitLocker
+      href: ../../information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
+    - name: Use BitLocker Drive Encryption Tools to manage BitLocker
+      href: ../../information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+    - name: Use BitLocker Recovery Password Viewer
+      href: ../../information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
+    - name: BitLocker Group Policy settings
+      href: ../../information-protection/bitlocker/bitlocker-group-policy-settings.md
+    - name: BCD settings and BitLocker
+      href: ../../information-protection/bitlocker/bcd-settings-and-bitlocker.md
+    - name: BitLocker Recovery Guide
+      href: ../../information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+    - name: BitLocker Countermeasures
+      href: ../../information-protection/bitlocker/bitlocker-countermeasures.md
+    - name: Protecting cluster shared volumes and storage area networks with BitLocker
+      href: ../../information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+    - name: Troubleshoot BitLocker
+      items:
+        - name: Troubleshoot BitLocker
+          href: /troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting
+        - name: "BitLocker cannot encrypt a drive: known issues"
+          href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-issues
+        - name: "Enforcing BitLocker policies by using Intune: known issues"
+          href: /troubleshoot/windows-client/windows-security/enforcing-bitlocker-policies-by-using-intune-known-issues
+        - name: "BitLocker Network Unlock: known issues"
+          href: /troubleshoot/windows-client/windows-security/bitlocker-network-unlock-known-issues
+        - name: "BitLocker recovery: known issues"
+          href: /troubleshoot/windows-client/windows-security/bitlocker-recovery-known-issues
+        - name: "BitLocker configuration: known issues"
+          href: /troubleshoot/windows-client/windows-security/bitlocker-configuration-known-issues
+        - name: Troubleshoot BitLocker and TPM issues
+          items:
+            - name: "BitLocker cannot encrypt a drive: known TPM issues"
+              href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-tpm-issues
+            - name: "BitLocker and TPM: other known issues"
+              href: /troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues
+            - name: Decode Measured Boot logs to track PCR changes
+              href: /troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes
+  - name: Personal Data Encryption (PDE)
+    items:
+    - name: Personal Data Encryption (PDE) overview
+      href: ../../information-protection/personal-data-encryption/overview-pde.md
+    - name: Personal Data Encryption (PDE) frequently asked questions (FAQ)
+      href: ../../information-protection/personal-data-encryption/faq-pde.yml
+    - name: Configure Personal Data Encryption (PDE) in Intune
       items:
-      - name: Personal Data Encryption (PDE) overview
-        href: information-protection/personal-data-encryption/overview-pde.md
-      - name: Personal Data Encryption (PDE) frequently asked questions (FAQ)
-        href: information-protection/personal-data-encryption/faq-pde.yml
       - name: Configure Personal Data Encryption (PDE) in Intune
-        items:
-        - name: Configure Personal Data Encryption (PDE) in Intune
-          href: information-protection/personal-data-encryption/configure-pde-in-intune.md
-        - name: Enable Personal Data Encryption (PDE)
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-enable-pde.md
-        - name: Disable Winlogon automatic restart sign-on (ARSO) for PDE
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-arso.md
-        - name: Disable kernel-mode crash dumps and live dumps for PDE
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-memory-dumps.md
-        - name: Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-wer.md
-        - name: Disable hibernation for PDE
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md
-        - name: Disable allowing users to select when a password is required when resuming from connected standby for PDE
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md
-    - name: Configure S/MIME for Windows
-      href: identity-protection/configure-s-mime.md
\ No newline at end of file
+        href: ../../information-protection/personal-data-encryption/configure-pde-in-intune.md
+      - name: Enable Personal Data Encryption (PDE)
+        href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-enable-pde.md
+      - name: Disable Winlogon automatic restart sign-on (ARSO) for PDE
+        href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-arso.md
+      - name: Disable kernel-mode crash dumps and live dumps for PDE
+        href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-memory-dumps.md
+      - name: Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE
+        href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-wer.md
+      - name: Disable hibernation for PDE
+        href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md
+      - name: Disable allowing users to select when a password is required when resuming from connected standby for PDE
+        href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md
+  - name: Configure S/MIME for Windows
+    href: ../../identity-protection/configure-s-mime.md
\ No newline at end of file
diff --git a/windows/security/operating-system-security/device-management/toc.yml b/windows/security/operating-system-security/device-management/toc.yml
index 06f1c70e75..154075b5f4 100644
--- a/windows/security/operating-system-security/device-management/toc.yml
+++ b/windows/security/operating-system-security/device-management/toc.yml
@@ -1,73 +1,73 @@
 items:
-  - name: Device management
+- name: Device management
+  items:
+  - name: Security policy settings
+    href: ../../threat-protection/security-policy-settings/security-policy-settings.md
+  - name: Security auditing
+    href: ../../threat-protection/auditing/security-auditing-overview.md
+- name: Windows security baselines
+  href: ../../threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+  items:
+  - name: Security Compliance Toolkit
+    href: ../../threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+  - name: Get support
+    href: ../../threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
+  - name: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
+    href: ../../threat-protection/mbsa-removal-and-guidance.md
+- name: More Windows security
+  items:
+  - name: Override Process Mitigation Options to help enforce app-related security policies
+    href: ../../threat-protection/override-mitigation-options-for-app-related-security-policies.md
+  - name: Use Windows Event Forwarding to help with intrusion detection
+    href: ../../threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+  - name: Block untrusted fonts in an enterprise
+    href: ../../threat-protection/block-untrusted-fonts-in-enterprise.md
+  - name: Windows Information Protection (WIP)
+    href: ../../information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
     items:
-    - name: Security policy settings
-      href: threat-protection/security-policy-settings/security-policy-settings.md
-    - name: Security auditing
-      href: threat-protection/auditing/security-auditing-overview.md
-  - name: Windows security baselines
-    href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
-    items:
-    - name: Security Compliance Toolkit
-      href: threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
-    - name: Get support
-      href: threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
-    - name: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
-      href: threat-protection/mbsa-removal-and-guidance.md
-  - name: More Windows security
-    items:
-    - name: Override Process Mitigation Options to help enforce app-related security policies
-      href: threat-protection/override-mitigation-options-for-app-related-security-policies.md
-    - name: Use Windows Event Forwarding to help with intrusion detection
-      href: threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
-    - name: Block untrusted fonts in an enterprise
-      href: threat-protection/block-untrusted-fonts-in-enterprise.md
-    - name: Windows Information Protection (WIP)
-      href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
-      items:
-        - name: Create a WIP policy using Microsoft Intune
-          href: information-protection/windows-information-protection/overview-create-wip-policy.md
+      - name: Create a WIP policy using Microsoft Intune
+        href: ../../information-protection/windows-information-protection/overview-create-wip-policy.md
+        items:
+        - name: Create a WIP policy in Microsoft Intune
+          href: ../../information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
           items:
-          - name: Create a WIP policy in Microsoft Intune
-            href: information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
-            items:
-              - name: Deploy your WIP policy in Microsoft Intune
-                href: information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
-              - name: Associate and deploy a VPN policy for WIP in Microsoft Intune
-                href: information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
-          - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
-            href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
-          - name: Determine the enterprise context of an app running in WIP
-            href: information-protection/windows-information-protection/wip-app-enterprise-context.md
-        - name: Create a WIP policy using Microsoft Configuration Manager
-          href: information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
-          items:
-          - name: Create and deploy a WIP policy in Configuration Manager
-            href: information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
-          - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
-            href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
-          - name: Determine the enterprise context of an app running in WIP
-            href: information-protection/windows-information-protection/wip-app-enterprise-context.md
-        - name: Mandatory tasks and settings required to turn on WIP
-          href: information-protection/windows-information-protection/mandatory-settings-for-wip.md
-        - name: Testing scenarios for WIP
-          href: information-protection/windows-information-protection/testing-scenarios-for-wip.md
-        - name: Limitations while using WIP
-          href: information-protection/windows-information-protection/limitations-with-wip.md
-        - name: How to collect WIP audit event logs
-          href: information-protection/windows-information-protection/collect-wip-audit-event-logs.md
-        - name: General guidance and best practices for WIP
-          href: information-protection/windows-information-protection/guidance-and-best-practices-wip.md
-          items:
-          - name: Enlightened apps for use with WIP
-            href: information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
-          - name: Unenlightened and enlightened app behavior while using WIP
-            href: information-protection/windows-information-protection/app-behavior-with-wip.md
-          - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP
-            href: information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
-          - name: Using Outlook Web Access with WIP
-            href: information-protection/windows-information-protection/using-owa-with-wip.md
-        - name: Fine-tune WIP Learning
-          href: information-protection/windows-information-protection/wip-learning.md
-        - name: Disable WIP
-            href: information-protection/windows-information-protection/how-to-disable-wip.md
\ No newline at end of file
+            - name: Deploy your WIP policy in Microsoft Intune
+              href: ../../information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
+            - name: Associate and deploy a VPN policy for WIP in Microsoft Intune
+              href: ../../information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
+        - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
+          href: ../../information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+        - name: Determine the enterprise context of an app running in WIP
+          href: ../../information-protection/windows-information-protection/wip-app-enterprise-context.md
+      - name: Create a WIP policy using Microsoft Configuration Manager
+        href: ../../information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
+        items:
+        - name: Create and deploy a WIP policy in Configuration Manager
+          href: ../../information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
+        - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
+          href: ../../information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+        - name: Determine the enterprise context of an app running in WIP
+          href: ../../information-protection/windows-information-protection/wip-app-enterprise-context.md
+      - name: Mandatory tasks and settings required to turn on WIP
+        href: ../../information-protection/windows-information-protection/mandatory-settings-for-wip.md
+      - name: Testing scenarios for WIP
+        href: ../../information-protection/windows-information-protection/testing-scenarios-for-wip.md
+      - name: Limitations while using WIP
+        href: ../../information-protection/windows-information-protection/limitations-with-wip.md
+      - name: How to collect WIP audit event logs
+        href: ../../information-protection/windows-information-protection/collect-wip-audit-event-logs.md
+      - name: General guidance and best practices for WIP
+        href: ../../information-protection/windows-information-protection/guidance-and-best-practices-wip.md
+        items:
+        - name: Enlightened apps for use with WIP
+          href: ../../information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+        - name: Unenlightened and enlightened app behavior while using WIP
+          href: ../../information-protection/windows-information-protection/app-behavior-with-wip.md
+        - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP
+          href: ../../information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
+        - name: Using Outlook Web Access with WIP
+          href: ../../information-protection/windows-information-protection/using-owa-with-wip.md
+      - name: Fine-tune WIP Learning
+        href: ../../information-protection/windows-information-protection/wip-learning.md
+      - name: Disable WIP
+        href: ../../information-protection/windows-information-protection/how-to-disable-wip.md
\ No newline at end of file

From 3a67ba0fb821c075843d081d7c1c6f893cbba944 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 27 Apr 2023 11:45:28 -0400
Subject: [PATCH 032/107] Data protection TOC

---
 .../data-protection/toc.yml                   | 191 +++++++++---------
 .../operating-system-security/toc.yml         |  24 +--
 2 files changed, 107 insertions(+), 108 deletions(-)

diff --git a/windows/security/operating-system-security/data-protection/toc.yml b/windows/security/operating-system-security/data-protection/toc.yml
index 8d511a2659..bd47960568 100644
--- a/windows/security/operating-system-security/data-protection/toc.yml
+++ b/windows/security/operating-system-security/data-protection/toc.yml
@@ -1,104 +1,103 @@
 items:
-- name: Encryption and data protection
+- name: Overview
   href: ../../encryption-data-protection.md
+- name: BitLocker
+  href: ../../information-protection/bitlocker/bitlocker-overview.md
   items:
-  - name: Encrypted Hard Drive
-    href: ../../information-protection/encrypted-hard-drive.md
-  - name: BitLocker
-    href: ../../information-protection/bitlocker/bitlocker-overview.md
+  - name: Overview of BitLocker Device Encryption in Windows
+    href: ../../information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+  - name: BitLocker frequently asked questions (FAQ)
+    href: ../../information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
     items:
-    - name: Overview of BitLocker Device Encryption in Windows
-      href: ../../information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
-    - name: BitLocker frequently asked questions (FAQ)
-      href: ../../information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
-      items:
-      - name: Overview and requirements
-        href: ../../information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
-      - name: Upgrading
-        href: ../../information-protection/bitlocker/bitlocker-upgrading-faq.yml
-      - name: Deployment and administration
-        href: ../../information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
-      - name: Key management
-        href: ../../information-protection/bitlocker/bitlocker-key-management-faq.yml
-      - name: BitLocker To Go
-        href: ../../information-protection/bitlocker/bitlocker-to-go-faq.yml
-      - name: Active Directory Domain Services
-        href: ../../information-protection/bitlocker/bitlocker-and-adds-faq.yml
-      - name: Security
-        href: ../../information-protection/bitlocker/bitlocker-security-faq.yml
-      - name: BitLocker Network Unlock
-        href: ../../information-protection/bitlocker/bitlocker-network-unlock-faq.yml
-      - name: General
-        href: ../../information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
-    - name: "Prepare your organization for BitLocker: Planning and policies"
-      href: ../../information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
-    - name: BitLocker deployment comparison
-      href: ../../information-protection/bitlocker/bitlocker-deployment-comparison.md
-    - name: BitLocker basic deployment
-      href: ../../information-protection/bitlocker/bitlocker-basic-deployment.md
-    - name: Deploy BitLocker on Windows Server 2012 and later
-      href: ../../information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
-    - name: BitLocker management for enterprises
-      href: ../../information-protection/bitlocker/bitlocker-management-for-enterprises.md
-    - name: Enable Network Unlock with BitLocker
-      href: ../../information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
-    - name: Use BitLocker Drive Encryption Tools to manage BitLocker
-      href: ../../information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
-    - name: Use BitLocker Recovery Password Viewer
-      href: ../../information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
-    - name: BitLocker Group Policy settings
-      href: ../../information-protection/bitlocker/bitlocker-group-policy-settings.md
-    - name: BCD settings and BitLocker
-      href: ../../information-protection/bitlocker/bcd-settings-and-bitlocker.md
-    - name: BitLocker Recovery Guide
-      href: ../../information-protection/bitlocker/bitlocker-recovery-guide-plan.md
-    - name: BitLocker Countermeasures
-      href: ../../information-protection/bitlocker/bitlocker-countermeasures.md
-    - name: Protecting cluster shared volumes and storage area networks with BitLocker
-      href: ../../information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
-    - name: Troubleshoot BitLocker
-      items:
-        - name: Troubleshoot BitLocker
-          href: /troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting
-        - name: "BitLocker cannot encrypt a drive: known issues"
-          href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-issues
-        - name: "Enforcing BitLocker policies by using Intune: known issues"
-          href: /troubleshoot/windows-client/windows-security/enforcing-bitlocker-policies-by-using-intune-known-issues
-        - name: "BitLocker Network Unlock: known issues"
-          href: /troubleshoot/windows-client/windows-security/bitlocker-network-unlock-known-issues
-        - name: "BitLocker recovery: known issues"
-          href: /troubleshoot/windows-client/windows-security/bitlocker-recovery-known-issues
-        - name: "BitLocker configuration: known issues"
-          href: /troubleshoot/windows-client/windows-security/bitlocker-configuration-known-issues
-        - name: Troubleshoot BitLocker and TPM issues
-          items:
-            - name: "BitLocker cannot encrypt a drive: known TPM issues"
-              href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-tpm-issues
-            - name: "BitLocker and TPM: other known issues"
-              href: /troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues
-            - name: Decode Measured Boot logs to track PCR changes
-              href: /troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes
-  - name: Personal Data Encryption (PDE)
+    - name: Overview and requirements
+      href: ../../information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
+    - name: Upgrading
+      href: ../../information-protection/bitlocker/bitlocker-upgrading-faq.yml
+    - name: Deployment and administration
+      href: ../../information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
+    - name: Key management
+      href: ../../information-protection/bitlocker/bitlocker-key-management-faq.yml
+    - name: BitLocker To Go
+      href: ../../information-protection/bitlocker/bitlocker-to-go-faq.yml
+    - name: Active Directory Domain Services
+      href: ../../information-protection/bitlocker/bitlocker-and-adds-faq.yml
+    - name: Security
+      href: ../../information-protection/bitlocker/bitlocker-security-faq.yml
+    - name: BitLocker Network Unlock
+      href: ../../information-protection/bitlocker/bitlocker-network-unlock-faq.yml
+    - name: General
+      href: ../../information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
+  - name: "Prepare your organization for BitLocker: Planning and policies"
+    href: ../../information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
+  - name: BitLocker deployment comparison
+    href: ../../information-protection/bitlocker/bitlocker-deployment-comparison.md
+  - name: BitLocker basic deployment
+    href: ../../information-protection/bitlocker/bitlocker-basic-deployment.md
+  - name: Deploy BitLocker on Windows Server 2012 and later
+    href: ../../information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
+  - name: BitLocker management for enterprises
+    href: ../../information-protection/bitlocker/bitlocker-management-for-enterprises.md
+  - name: Enable Network Unlock with BitLocker
+    href: ../../information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
+  - name: Use BitLocker Drive Encryption Tools to manage BitLocker
+    href: ../../information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+  - name: Use BitLocker Recovery Password Viewer
+    href: ../../information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
+  - name: BitLocker Group Policy settings
+    href: ../../information-protection/bitlocker/bitlocker-group-policy-settings.md
+  - name: BCD settings and BitLocker
+    href: ../../information-protection/bitlocker/bcd-settings-and-bitlocker.md
+  - name: BitLocker Recovery Guide
+    href: ../../information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+  - name: BitLocker Countermeasures
+    href: ../../information-protection/bitlocker/bitlocker-countermeasures.md
+  - name: Protecting cluster shared volumes and storage area networks with BitLocker
+    href: ../../information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+  - name: Troubleshoot BitLocker
+    items:
+      - name: Troubleshoot BitLocker
+        href: /troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting
+      - name: "BitLocker cannot encrypt a drive: known issues"
+        href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-issues
+      - name: "Enforcing BitLocker policies by using Intune: known issues"
+        href: /troubleshoot/windows-client/windows-security/enforcing-bitlocker-policies-by-using-intune-known-issues
+      - name: "BitLocker Network Unlock: known issues"
+        href: /troubleshoot/windows-client/windows-security/bitlocker-network-unlock-known-issues
+      - name: "BitLocker recovery: known issues"
+        href: /troubleshoot/windows-client/windows-security/bitlocker-recovery-known-issues
+      - name: "BitLocker configuration: known issues"
+        href: /troubleshoot/windows-client/windows-security/bitlocker-configuration-known-issues
+      - name: Troubleshoot BitLocker and TPM issues
+        items:
+          - name: "BitLocker cannot encrypt a drive: known TPM issues"
+            href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-tpm-issues
+          - name: "BitLocker and TPM: other known issues"
+            href: /troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues
+          - name: Decode Measured Boot logs to track PCR changes
+            href: /troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes
+- name: Encrypted Hard Drive
+  href: ../../information-protection/encrypted-hard-drive.md
+- name: Personal Data Encryption (PDE)
+  items:
+  - name: Personal Data Encryption (PDE) overview
+    href: ../../information-protection/personal-data-encryption/overview-pde.md
+  - name: Personal Data Encryption (PDE) frequently asked questions (FAQ)
+    href: ../../information-protection/personal-data-encryption/faq-pde.yml
+  - name: Configure Personal Data Encryption (PDE) in Intune
     items:
-    - name: Personal Data Encryption (PDE) overview
-      href: ../../information-protection/personal-data-encryption/overview-pde.md
-    - name: Personal Data Encryption (PDE) frequently asked questions (FAQ)
-      href: ../../information-protection/personal-data-encryption/faq-pde.yml
     - name: Configure Personal Data Encryption (PDE) in Intune
-      items:
-      - name: Configure Personal Data Encryption (PDE) in Intune
-        href: ../../information-protection/personal-data-encryption/configure-pde-in-intune.md
-      - name: Enable Personal Data Encryption (PDE)
-        href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-enable-pde.md
-      - name: Disable Winlogon automatic restart sign-on (ARSO) for PDE
-        href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-arso.md
-      - name: Disable kernel-mode crash dumps and live dumps for PDE
-        href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-memory-dumps.md
-      - name: Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE
-        href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-wer.md
-      - name: Disable hibernation for PDE
-        href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md
-      - name: Disable allowing users to select when a password is required when resuming from connected standby for PDE
-        href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md
+      href: ../../information-protection/personal-data-encryption/configure-pde-in-intune.md
+    - name: Enable Personal Data Encryption (PDE)
+      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-enable-pde.md
+    - name: Disable Winlogon automatic restart sign-on (ARSO) for PDE
+      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-arso.md
+    - name: Disable kernel-mode crash dumps and live dumps for PDE
+      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-memory-dumps.md
+    - name: Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE
+      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-wer.md
+    - name: Disable hibernation for PDE
+      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md
+    - name: Disable allowing users to select when a password is required when resuming from connected standby for PDE
+      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md
   - name: Configure S/MIME for Windows
     href: ../../identity-protection/configure-s-mime.md
\ No newline at end of file
diff --git a/windows/security/operating-system-security/toc.yml b/windows/security/operating-system-security/toc.yml
index d5b5e71a52..e89ccbd235 100644
--- a/windows/security/operating-system-security/toc.yml
+++ b/windows/security/operating-system-security/toc.yml
@@ -1,13 +1,13 @@
 items:
-  - name: Overview
-    href: ../operating-system.md
-  - name: System security
-    href: system-security/toc.yml
-  - name: Virus and threat protection
-    href: virus-and-threat-protection/toc.yml
-  - name: Network security
-    href: network-security/toc.yml
-  - name: Data protection
-    href: data-protection/toc.yml
-  - name: Modern device management
-    href: device-management/toc.yml
\ No newline at end of file
+- name: Overview
+  href: ../operating-system.md
+- name: System security
+  href: system-security/toc.yml
+- name: Virus and threat protection
+  href: virus-and-threat-protection/toc.yml
+- name: Network security
+  href: network-security/toc.yml
+- name: Data protection
+  href: data-protection/toc.yml
+- name: Modern device management
+  href: device-management/toc.yml
\ No newline at end of file

From c07cf27c7145d5289dcf89f935dfe03876471816 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 27 Apr 2023 16:19:41 -0400
Subject: [PATCH 033/107] TOC update

---
 windows/security/TOC.yml                      | 53 +++--------------
 .../application-control/toc.yml               | 25 ++++++++
 .../application-isolation/toc.yml             | 12 ++++
 windows/security/application-security/toc.yml |  8 +++
 windows/security/cloud-security/toc.yml       | 18 ++++++
 windows/security/hardware-security/toc.yml    |  4 +-
 windows/security/identity-protection/toc.yml  | 56 +++++++++---------
 .../data-protection/toc.yml                   | 51 ++++++++++++++++-
 .../device-management/toc.yml                 | 57 ++-----------------
 .../virus-and-threat-protection/toc.yml       |  2 +
 .../certification/toc.yml                     |  5 ++
 windows/security/security-foundations/toc.yml |  7 +++
 12 files changed, 171 insertions(+), 127 deletions(-)
 create mode 100644 windows/security/application-security/application-control/toc.yml
 create mode 100644 windows/security/application-security/application-isolation/toc.yml
 create mode 100644 windows/security/application-security/toc.yml
 create mode 100644 windows/security/cloud-security/toc.yml
 create mode 100644 windows/security/security-foundations/certification/toc.yml
 create mode 100644 windows/security/security-foundations/toc.yml

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index bcaab2b498..1a28b4a916 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -17,49 +17,14 @@
 - name: Operating system security
   href: operating-system-security/toc.yml
 - name: Application security
-  items:
-    - name: Overview
-      href: apps.md
-    - name: Windows Defender Application Control and virtualization-based protection of code integrity
-      href: threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
-    - name: Windows Defender Application Control
-      href: threat-protection\windows-defender-application-control\windows-defender-application-control.md
-    - name: Microsoft Defender Application Guard
-      href: threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md
-    - name: Windows Sandbox
-      href: threat-protection/windows-sandbox/windows-sandbox-overview.md
-      items:
-        - name: Windows Sandbox architecture
-          href: threat-protection/windows-sandbox/windows-sandbox-architecture.md
-        - name: Windows Sandbox configuration
-          href: threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
-    - name: Enhanced Phishing Protection in Microsoft Defender SmartScreen
-      href: threat-protection\microsoft-defender-smartscreen\phishing-protection-microsoft-defender-smartscreen.md
-    - name: Configure S/MIME for Windows
-      href: identity-protection\configure-s-mime.md
-    - name: Windows Credential Theft Mitigation Guide Abstract
-      href: identity-protection\windows-credential-theft-mitigation-guide-abstract.md
-- name: User security and secured identity
+  href: application-security/toc.yml
+- name: Identity protection
   href: identity-protection/toc.yml
-- name: Cloud services
-  items:
-    - name: Overview
-      href: cloud.md
-    - name: Mobile device management
-      href: /windows/client-management/mdm/
-    - name: Windows 365 Cloud PCs
-      href: /windows-365/overview
-    - name: Azure Virtual Desktop
-      href: /azure/virtual-desktop/
-- name: Security foundations
-  items:
-    - name: Overview
-      href: security-foundations.md
-    - name: Microsoft Security Development Lifecycle
-      href: threat-protection/msft-security-dev-lifecycle.md
-    - name: FIPS 140-2 Validation
-      href: threat-protection/fips-140-validation.md
-    - name: Common Criteria Certifications
-      href: threat-protection/windows-platform-common-criteria.md
 - name: Windows Privacy
-  href: /windows/privacy/windows-10-and-privacy-compliance
\ No newline at end of file
+  href: /windows/privacy/windows-10-and-privacy-compliance
+- name: Security foundations
+  href: security-foundations/toc.yml
+- name: Cloud services
+  href: cloud-services/toc.yml
+- name: Security policy settings
+  href: /windows/security/threat-protection/security-policy-settings
\ No newline at end of file
diff --git a/windows/security/application-security/application-control/toc.yml b/windows/security/application-security/application-control/toc.yml
new file mode 100644
index 0000000000..05774f9405
--- /dev/null
+++ b/windows/security/application-security/application-control/toc.yml
@@ -0,0 +1,25 @@
+items:
+- name: User Account Control (UAC)
+  items:
+  - name: Overview
+    href: ../../identity-protection/user-account-control/user-account-control-overview.md
+  - name: How User Account Control works
+    href: ../../identity-protection/user-account-control/how-user-account-control-works.md
+  - name: User Account Control security policy settings
+    href: ../../identity-protection/user-account-control/user-account-control-security-policy-settings.md
+  - name: User Account Control Group Policy and registry key settings
+    href: ../../identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
+  - name: Windows Defender Application Control and virtualization-based protection of code integrity
+    href: ../../threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+  - name: Windows Defender Application Control
+    href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md
+  - name: Smart App Control
+    href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md
+  - name: Microsoft Defender Application Guard (MDAG) for Edge standalone mode
+    href: ../../threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
+  - name: Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management
+    href: /deployedge/microsoft-edge-security-windows-defender-application-guard
+  - name: Microsoft Defender Application Guard (MDAG) for Microsoft Office
+    href: https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46
+  - name: Microsoft Defender Application Guard (MDAG) configure via MDM
+    href: /windows/client-management/mdm/windowsdefenderapplicationguard-csp
diff --git a/windows/security/application-security/application-isolation/toc.yml b/windows/security/application-security/application-isolation/toc.yml
new file mode 100644
index 0000000000..5d2361090b
--- /dev/null
+++ b/windows/security/application-security/application-isolation/toc.yml
@@ -0,0 +1,12 @@
+items:
+- name: Microsoft Defender Application Guard
+  href: ../../threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md
+- name: Windows containers
+  href: /virtualization/windowscontainers/about
+- name: Windows Sandbox
+  href: ../../threat-protection/windows-sandbox/windows-sandbox-overview.md
+  items:
+  - name: Windows Sandbox architecture
+    href: ../../threat-protection/windows-sandbox/windows-sandbox-architecture.md
+  - name: Windows Sandbox configuration
+    href: ../../threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
\ No newline at end of file
diff --git a/windows/security/application-security/toc.yml b/windows/security/application-security/toc.yml
new file mode 100644
index 0000000000..5e2bd70284
--- /dev/null
+++ b/windows/security/application-security/toc.yml
@@ -0,0 +1,8 @@
+items:
+- name: Overview
+  href: ../apps.md
+- name: Application Control
+  href: application-control/toc.yml
+- name: Application Isolation
+  href: application-isolation/toc.yml
+
diff --git a/windows/security/cloud-security/toc.yml b/windows/security/cloud-security/toc.yml
new file mode 100644
index 0000000000..87f69eadc0
--- /dev/null
+++ b/windows/security/cloud-security/toc.yml
@@ -0,0 +1,18 @@
+items:
+- name: Overview
+  href: ../../cloud.md
+- name: Join Active Directory and Azure AD with single sign-on (SSO) ⇒
+  href: /azure/active-directory/devices/concept-azure-ad-join
+- name: Security baselines with Intune ⇒
+  href: /mem/intune/protect/security-baselines
+- name: Remote wipe (Autopilot reset) ⇒
+  href: /windows/client-management/mdm/remotewipe-csp
+- name: Mobile Device Management (MDM) ⇒
+  href: /windows/client-management/mdm/
+- name: Universal Print ⇒
+  href: /universal-print
+- name: Windows Autopatch ⇒
+  href: /windows/deployment/windows-autopatch
+- name: Windows Autopilot ⇒
+  href: /windows/deployment/windows-autopilot
+
diff --git a/windows/security/hardware-security/toc.yml b/windows/security/hardware-security/toc.yml
index ea8046d653..a812a513d8 100644
--- a/windows/security/hardware-security/toc.yml
+++ b/windows/security/hardware-security/toc.yml
@@ -42,11 +42,11 @@ items:
         href: /windows-hardware/design/device-experiences/oem-vbs
       - name: Memory integrity (HVCI)
         href: ../threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
-      - name: Memory integrity and VBS enablement
+      - name: Memory integrity and VBS enablement ⇒
         href: /windows-hardware/design/device-experiences/oem-hvci-enablement
       - name: Hardware-enforced stack protection
         href: https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815
-      - name: Secured-core PC
+      - name: Secured-core PC ⇒
         href: /windows-hardware/design/device-experiences/oem-highly-secure-11
       - name: Kernel Direct Memory Access (DMA) protection
         href: ../information-protection/kernel-dma-protection-for-thunderbolt.md
diff --git a/windows/security/identity-protection/toc.yml b/windows/security/identity-protection/toc.yml
index 55be6bbf33..16b2a51847 100644
--- a/windows/security/identity-protection/toc.yml
+++ b/windows/security/identity-protection/toc.yml
@@ -7,10 +7,14 @@ items:
     items:
     - name: Windows Hello for Business ⇒
       href: hello-for-business/index.yml
-    - name: Windows presence sensing
+    - name: Windows presence sensing ⇒
       href: https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb
-    - name: FIDO 2 security keys ⇒
+    - name: Windows Hello for Business Enhanced Security Sign-in (ESS) ⇒
+      href: /windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security
+    - name: FIDO 2 security key ⇒
       href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key
+    - name: Federated sign-in ⇒
+      href: /education/windows/federated-sign-in
     - name: Smart Cards
       href: smart-cards/smart-card-windows-smart-card-technical-reference.md
       items:
@@ -54,12 +58,26 @@ items:
                   href: virtual-smart-cards/virtual-smart-card-evaluate-security.md
             - name: Tpmvscmgr
               href: virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
-  - name: Windows LAPS (Local Administrator Password Solution) ⇒
-    href: /windows-server/identity/laps/laps-overview
-  - name: Enterprise Certificate Pinning
-    href: enterprise-certificate-pinning.md
-  - name: Credential Guard
+    - name: Windows LAPS (Local Administrator Password Solution) ⇒
+      href: /windows-server/identity/laps/laps-overview
+    - name: Enterprise Certificate Pinning
+      href: enterprise-certificate-pinning.md
+  - name: Advanced credential protection
     items:
+    - name: Account Lockout Policy
+      href: ../threat-protection/security-policy-settings/account-lockout-policy.md
+    - name: Technical support policy for lost or forgotten passwords
+      href: password-support-policy.md
+    - name: Enhanced Phishing Protection in Microsoft Defender SmartScreen
+      href: ../threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
+    - name: Access Control
+      items:
+      - name: Overview
+        href: access-control/access-control.md
+      - name: Local Accounts
+        href: access-control/local-accounts.md
+    - name: Windows Defender Credential Guard
+      items:
       - name: Protect derived domain credentials with Credential Guard
         href: credential-guard/credential-guard.md
       - name: How Credential Guard works
@@ -76,25 +94,5 @@ items:
         href: credential-guard/additional-mitigations.md
       - name: Known issues
         href: credential-guard/credential-guard-known-issues.md
-  - name: Remote Credential Guard
-    href: remote-credential-guard.md
-  - name: Configuring LSA Protection
-    href: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json
-  - name: Technical support policy for lost or forgotten passwords
-    href: password-support-policy.md
-  - name: Access Control
-    items:
-      - name: Overview
-        href: access-control/access-control.md
-      - name: Local Accounts
-        href: access-control/local-accounts.md
-  - name: User Account Control (UAC)
-    items:
-      - name: Overview
-        href: user-account-control/user-account-control-overview.md
-      - name: How User Account Control works
-        href: user-account-control/how-user-account-control-works.md
-      - name: User Account Control security policy settings
-        href: user-account-control/user-account-control-security-policy-settings.md
-      - name: User Account Control Group Policy and registry key settings
-        href: user-account-control/user-account-control-group-policy-and-registry-key-settings.md
\ No newline at end of file
+  - name: Windows Defender Remote Credential Guard
+    href: remote-credential-guard.md
\ No newline at end of file
diff --git a/windows/security/operating-system-security/data-protection/toc.yml b/windows/security/operating-system-security/data-protection/toc.yml
index bd47960568..bd7afea8da 100644
--- a/windows/security/operating-system-security/data-protection/toc.yml
+++ b/windows/security/operating-system-security/data-protection/toc.yml
@@ -100,4 +100,53 @@ items:
     - name: Disable allowing users to select when a password is required when resuming from connected standby for PDE
       href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md
   - name: Configure S/MIME for Windows
-    href: ../../identity-protection/configure-s-mime.md
\ No newline at end of file
+    href: ../../identity-protection/configure-s-mime.md
+- name: Windows Information Protection (WIP)
+  href: ../../information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
+  items:
+    - name: Create a WIP policy using Microsoft Intune
+      href: ../../information-protection/windows-information-protection/overview-create-wip-policy.md
+      items:
+      - name: Create a WIP policy in Microsoft Intune
+        href: ../../information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+        items:
+          - name: Deploy your WIP policy in Microsoft Intune
+            href: ../../information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
+          - name: Associate and deploy a VPN policy for WIP in Microsoft Intune
+            href: ../../information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
+      - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
+        href: ../../information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+      - name: Determine the enterprise context of an app running in WIP
+        href: ../../information-protection/windows-information-protection/wip-app-enterprise-context.md
+    - name: Create a WIP policy using Microsoft Configuration Manager
+      href: ../../information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
+      items:
+      - name: Create and deploy a WIP policy in Configuration Manager
+        href: ../../information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
+      - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
+        href: ../../information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+      - name: Determine the enterprise context of an app running in WIP
+        href: ../../information-protection/windows-information-protection/wip-app-enterprise-context.md
+    - name: Mandatory tasks and settings required to turn on WIP
+      href: ../../information-protection/windows-information-protection/mandatory-settings-for-wip.md
+    - name: Testing scenarios for WIP
+      href: ../../information-protection/windows-information-protection/testing-scenarios-for-wip.md
+    - name: Limitations while using WIP
+      href: ../../information-protection/windows-information-protection/limitations-with-wip.md
+    - name: How to collect WIP audit event logs
+      href: ../../information-protection/windows-information-protection/collect-wip-audit-event-logs.md
+    - name: General guidance and best practices for WIP
+      href: ../../information-protection/windows-information-protection/guidance-and-best-practices-wip.md
+      items:
+      - name: Enlightened apps for use with WIP
+        href: ../../information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+      - name: Unenlightened and enlightened app behavior while using WIP
+        href: ../../information-protection/windows-information-protection/app-behavior-with-wip.md
+      - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP
+        href: ../../information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
+      - name: Using Outlook Web Access with WIP
+        href: ../../information-protection/windows-information-protection/using-owa-with-wip.md
+    - name: Fine-tune WIP Learning
+      href: ../../information-protection/windows-information-protection/wip-learning.md
+    - name: Disable WIP
+      href: ../../information-protection/windows-information-protection/how-to-disable-wip.md
\ No newline at end of file
diff --git a/windows/security/operating-system-security/device-management/toc.yml b/windows/security/operating-system-security/device-management/toc.yml
index 154075b5f4..b52d3b78a7 100644
--- a/windows/security/operating-system-security/device-management/toc.yml
+++ b/windows/security/operating-system-security/device-management/toc.yml
@@ -5,7 +5,11 @@ items:
     href: ../../threat-protection/security-policy-settings/security-policy-settings.md
   - name: Security auditing
     href: ../../threat-protection/auditing/security-auditing-overview.md
-- name: Windows security baselines
+  - name: Secured-core configuration lock
+    href: ../../../client-management/config-lock
+  - name: Assigned Access (kiosk mode)
+    href: ../../../configuration/kiosk-methods
+- name: Security baselines
   href: ../../threat-protection/windows-security-configuration-framework/windows-security-baselines.md
   items:
   - name: Security Compliance Toolkit
@@ -21,53 +25,4 @@ items:
   - name: Use Windows Event Forwarding to help with intrusion detection
     href: ../../threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
   - name: Block untrusted fonts in an enterprise
-    href: ../../threat-protection/block-untrusted-fonts-in-enterprise.md
-  - name: Windows Information Protection (WIP)
-    href: ../../information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
-    items:
-      - name: Create a WIP policy using Microsoft Intune
-        href: ../../information-protection/windows-information-protection/overview-create-wip-policy.md
-        items:
-        - name: Create a WIP policy in Microsoft Intune
-          href: ../../information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
-          items:
-            - name: Deploy your WIP policy in Microsoft Intune
-              href: ../../information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
-            - name: Associate and deploy a VPN policy for WIP in Microsoft Intune
-              href: ../../information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
-        - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
-          href: ../../information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
-        - name: Determine the enterprise context of an app running in WIP
-          href: ../../information-protection/windows-information-protection/wip-app-enterprise-context.md
-      - name: Create a WIP policy using Microsoft Configuration Manager
-        href: ../../information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
-        items:
-        - name: Create and deploy a WIP policy in Configuration Manager
-          href: ../../information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
-        - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
-          href: ../../information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
-        - name: Determine the enterprise context of an app running in WIP
-          href: ../../information-protection/windows-information-protection/wip-app-enterprise-context.md
-      - name: Mandatory tasks and settings required to turn on WIP
-        href: ../../information-protection/windows-information-protection/mandatory-settings-for-wip.md
-      - name: Testing scenarios for WIP
-        href: ../../information-protection/windows-information-protection/testing-scenarios-for-wip.md
-      - name: Limitations while using WIP
-        href: ../../information-protection/windows-information-protection/limitations-with-wip.md
-      - name: How to collect WIP audit event logs
-        href: ../../information-protection/windows-information-protection/collect-wip-audit-event-logs.md
-      - name: General guidance and best practices for WIP
-        href: ../../information-protection/windows-information-protection/guidance-and-best-practices-wip.md
-        items:
-        - name: Enlightened apps for use with WIP
-          href: ../../information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
-        - name: Unenlightened and enlightened app behavior while using WIP
-          href: ../../information-protection/windows-information-protection/app-behavior-with-wip.md
-        - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP
-          href: ../../information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
-        - name: Using Outlook Web Access with WIP
-          href: ../../information-protection/windows-information-protection/using-owa-with-wip.md
-      - name: Fine-tune WIP Learning
-        href: ../../information-protection/windows-information-protection/wip-learning.md
-      - name: Disable WIP
-        href: ../../information-protection/windows-information-protection/how-to-disable-wip.md
\ No newline at end of file
+    href: ../../threat-protection/block-untrusted-fonts-in-enterprise.md
\ No newline at end of file
diff --git a/windows/security/operating-system-security/virus-and-threat-protection/toc.yml b/windows/security/operating-system-security/virus-and-threat-protection/toc.yml
index 0649858634..a8c5cdf1e5 100644
--- a/windows/security/operating-system-security/virus-and-threat-protection/toc.yml
+++ b/windows/security/operating-system-security/virus-and-threat-protection/toc.yml
@@ -3,6 +3,8 @@ items:
   href: ../../threat-protection/index.md
 - name: Microsoft Defender Antivirus
   href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
+- name: Configuring LSA Protection
+  href: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json
 - name: Attack surface reduction (ASR)
   href: /microsoft-365/security/defender-endpoint/attack-surface-reduction
 - name: Tamper protection for MDE
diff --git a/windows/security/security-foundations/certification/toc.yml b/windows/security/security-foundations/certification/toc.yml
new file mode 100644
index 0000000000..70d9d800b8
--- /dev/null
+++ b/windows/security/security-foundations/certification/toc.yml
@@ -0,0 +1,5 @@
+items:
+- name: FIPS 140-2 Validation
+  href: ../../threat-protection/fips-140-validation.md
+- name: Common Criteria Certifications
+  href: ../../threat-protection/windows-platform-common-criteria.md
\ No newline at end of file
diff --git a/windows/security/security-foundations/toc.yml b/windows/security/security-foundations/toc.yml
new file mode 100644
index 0000000000..d52c477387
--- /dev/null
+++ b/windows/security/security-foundations/toc.yml
@@ -0,0 +1,7 @@
+items:
+- name: Overview
+  href: ../security-foundations.md
+- name: Microsoft Security Development Lifecycle
+  href: ../threat-protection/msft-security-dev-lifecycle.md
+- name: Certification
+  href: certification/toc.yml
\ No newline at end of file

From 414ea1e795d3d990b1f40951e18c748ced86297a Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 27 Apr 2023 16:29:07 -0400
Subject: [PATCH 034/107] TOC update

---
 .../deployment/images/ur-arch-diagram.png           | Bin
 windows/security/cloud-security/toc.yml             |   2 +-
 .../device-management/toc.yml                       |   4 ++--
 3 files changed, 3 insertions(+), 3 deletions(-)
 rename ur-arch-diagram.png => windows/deployment/images/ur-arch-diagram.png (100%)

diff --git a/ur-arch-diagram.png b/windows/deployment/images/ur-arch-diagram.png
similarity index 100%
rename from ur-arch-diagram.png
rename to windows/deployment/images/ur-arch-diagram.png
diff --git a/windows/security/cloud-security/toc.yml b/windows/security/cloud-security/toc.yml
index 87f69eadc0..7eaefc2acd 100644
--- a/windows/security/cloud-security/toc.yml
+++ b/windows/security/cloud-security/toc.yml
@@ -1,6 +1,6 @@
 items:
 - name: Overview
-  href: ../../cloud.md
+  href: ../cloud.md
 - name: Join Active Directory and Azure AD with single sign-on (SSO) ⇒
   href: /azure/active-directory/devices/concept-azure-ad-join
 - name: Security baselines with Intune ⇒
diff --git a/windows/security/operating-system-security/device-management/toc.yml b/windows/security/operating-system-security/device-management/toc.yml
index b52d3b78a7..01419872b2 100644
--- a/windows/security/operating-system-security/device-management/toc.yml
+++ b/windows/security/operating-system-security/device-management/toc.yml
@@ -6,9 +6,9 @@ items:
   - name: Security auditing
     href: ../../threat-protection/auditing/security-auditing-overview.md
   - name: Secured-core configuration lock
-    href: ../../../client-management/config-lock
+    href: /windows/client-management/config-lock
   - name: Assigned Access (kiosk mode)
-    href: ../../../configuration/kiosk-methods
+    href: /windows/configuration/kiosk-methods
 - name: Security baselines
   href: ../../threat-protection/windows-security-configuration-framework/windows-security-baselines.md
   items:

From 27d3815bb3552df2bd8782d6cb76912dd158d1f4 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 27 Apr 2023 16:33:51 -0400
Subject: [PATCH 035/107] updates

---
 windows/security/TOC.yml                      |  4 +--
 .../device-management/toc.yml                 | 36 +++++++++----------
 .../operating-system-security/toc.yml         |  2 +-
 3 files changed, 20 insertions(+), 22 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 1a28b4a916..538d6ddff5 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -24,7 +24,7 @@
   href: /windows/privacy/windows-10-and-privacy-compliance
 - name: Security foundations
   href: security-foundations/toc.yml
-- name: Cloud services
-  href: cloud-services/toc.yml
+- name: Cloud security
+  href: cloud-security/toc.yml
 - name: Security policy settings
   href: /windows/security/threat-protection/security-policy-settings
\ No newline at end of file
diff --git a/windows/security/operating-system-security/device-management/toc.yml b/windows/security/operating-system-security/device-management/toc.yml
index 01419872b2..239b2eb2a6 100644
--- a/windows/security/operating-system-security/device-management/toc.yml
+++ b/windows/security/operating-system-security/device-management/toc.yml
@@ -1,6 +1,4 @@
 items:
-- name: Device management
-  items:
   - name: Security policy settings
     href: ../../threat-protection/security-policy-settings/security-policy-settings.md
   - name: Security auditing
@@ -9,20 +7,20 @@ items:
     href: /windows/client-management/config-lock
   - name: Assigned Access (kiosk mode)
     href: /windows/configuration/kiosk-methods
-- name: Security baselines
-  href: ../../threat-protection/windows-security-configuration-framework/windows-security-baselines.md
-  items:
-  - name: Security Compliance Toolkit
-    href: ../../threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
-  - name: Get support
-    href: ../../threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
-  - name: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
-    href: ../../threat-protection/mbsa-removal-and-guidance.md
-- name: More Windows security
-  items:
-  - name: Override Process Mitigation Options to help enforce app-related security policies
-    href: ../../threat-protection/override-mitigation-options-for-app-related-security-policies.md
-  - name: Use Windows Event Forwarding to help with intrusion detection
-    href: ../../threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
-  - name: Block untrusted fonts in an enterprise
-    href: ../../threat-protection/block-untrusted-fonts-in-enterprise.md
\ No newline at end of file
+  - name: Security baselines
+    href: ../../threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+    items:
+    - name: Security Compliance Toolkit
+      href: ../../threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+    - name: Get support
+      href: ../../threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
+    - name: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
+      href: ../../threat-protection/mbsa-removal-and-guidance.md
+  - name: More Windows security
+    items:
+    - name: Override Process Mitigation Options to help enforce app-related security policies
+      href: ../../threat-protection/override-mitigation-options-for-app-related-security-policies.md
+    - name: Use Windows Event Forwarding to help with intrusion detection
+      href: ../../threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+    - name: Block untrusted fonts in an enterprise
+      href: ../../threat-protection/block-untrusted-fonts-in-enterprise.md
\ No newline at end of file
diff --git a/windows/security/operating-system-security/toc.yml b/windows/security/operating-system-security/toc.yml
index e89ccbd235..a0ee50c4bb 100644
--- a/windows/security/operating-system-security/toc.yml
+++ b/windows/security/operating-system-security/toc.yml
@@ -9,5 +9,5 @@ items:
   href: network-security/toc.yml
 - name: Data protection
   href: data-protection/toc.yml
-- name: Modern device management
+- name: Device management
   href: device-management/toc.yml
\ No newline at end of file

From bac85dd5c35d249ac2494607b88721bae477fffe Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 27 Apr 2023 16:50:31 -0400
Subject: [PATCH 036/107] updates

---
 windows/security/TOC.yml                     | 4 +---
 windows/security/identity-protection/toc.yml | 4 +++-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 538d6ddff5..595706d1a1 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -25,6 +25,4 @@
 - name: Security foundations
   href: security-foundations/toc.yml
 - name: Cloud security
-  href: cloud-security/toc.yml
-- name: Security policy settings
-  href: /windows/security/threat-protection/security-policy-settings
\ No newline at end of file
+  href: cloud-security/toc.yml
\ No newline at end of file
diff --git a/windows/security/identity-protection/toc.yml b/windows/security/identity-protection/toc.yml
index 16b2a51847..f292d2822d 100644
--- a/windows/security/identity-protection/toc.yml
+++ b/windows/security/identity-protection/toc.yml
@@ -64,7 +64,7 @@ items:
       href: enterprise-certificate-pinning.md
   - name: Advanced credential protection
     items:
-    - name: Account Lockout Policy
+    - name: Account Lockout Policy ⇒
       href: ../threat-protection/security-policy-settings/account-lockout-policy.md
     - name: Technical support policy for lost or forgotten passwords
       href: password-support-policy.md
@@ -76,6 +76,8 @@ items:
         href: access-control/access-control.md
       - name: Local Accounts
         href: access-control/local-accounts.md
+    - name: Security policy settings ⇒
+      href: ../threat-protection/security-policy-settings/security-policy-settings.md
     - name: Windows Defender Credential Guard
       items:
       - name: Protect derived domain credentials with Credential Guard

From 3dd83e97f6dc51fe8187faa6cf84e97e4744ef4a Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 27 Apr 2023 17:15:34 -0400
Subject: [PATCH 037/107] updates

---
 windows/security/TOC.yml                      |  4 ++--
 .../application-control/toc.yml               | 20 ++++++-------------
 .../application-isolation/toc.yml             |  8 ++++++++
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 595706d1a1..1a29e97d24 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -20,8 +20,8 @@
   href: application-security/toc.yml
 - name: Identity protection
   href: identity-protection/toc.yml
-- name: Windows Privacy
-  href: /windows/privacy/windows-10-and-privacy-compliance
+- name: Windows Privacy ⇒
+  href: /windows/privacy
 - name: Security foundations
   href: security-foundations/toc.yml
 - name: Cloud security
diff --git a/windows/security/application-security/application-control/toc.yml b/windows/security/application-security/application-control/toc.yml
index 05774f9405..5cea979d61 100644
--- a/windows/security/application-security/application-control/toc.yml
+++ b/windows/security/application-security/application-control/toc.yml
@@ -9,17 +9,9 @@ items:
     href: ../../identity-protection/user-account-control/user-account-control-security-policy-settings.md
   - name: User Account Control Group Policy and registry key settings
     href: ../../identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
-  - name: Windows Defender Application Control and virtualization-based protection of code integrity
-    href: ../../threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
-  - name: Windows Defender Application Control
-    href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md
-  - name: Smart App Control
-    href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md
-  - name: Microsoft Defender Application Guard (MDAG) for Edge standalone mode
-    href: ../../threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
-  - name: Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management
-    href: /deployedge/microsoft-edge-security-windows-defender-application-guard
-  - name: Microsoft Defender Application Guard (MDAG) for Microsoft Office
-    href: https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46
-  - name: Microsoft Defender Application Guard (MDAG) configure via MDM
-    href: /windows/client-management/mdm/windowsdefenderapplicationguard-csp
+- name: Windows Defender Application Control and virtualization-based protection of code integrity
+  href: ../../threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+- name: Windows Defender Application Control
+  href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md
+- name: Smart App Control
+  href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md
\ No newline at end of file
diff --git a/windows/security/application-security/application-isolation/toc.yml b/windows/security/application-security/application-isolation/toc.yml
index 5d2361090b..cd0be21954 100644
--- a/windows/security/application-security/application-isolation/toc.yml
+++ b/windows/security/application-security/application-isolation/toc.yml
@@ -1,6 +1,14 @@
 items:
 - name: Microsoft Defender Application Guard
   href: ../../threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md
+- name: Microsoft Defender Application Guard (MDAG) for Edge standalone mode
+  href: ../../threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
+- name: Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management
+  href: /deployedge/microsoft-edge-security-windows-defender-application-guard
+- name: Microsoft Defender Application Guard (MDAG) for Microsoft Office
+  href: https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46
+- name: Microsoft Defender Application Guard (MDAG) configure via MDM
+  href: /windows/client-management/mdm/windowsdefenderapplicationguard-csp
 - name: Windows containers
   href: /virtualization/windowscontainers/about
 - name: Windows Sandbox

From a0c655227c4e37c719b5297efef254fbe2fcb0c4 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 27 Apr 2023 17:26:16 -0400
Subject: [PATCH 038/107] updates

---
 .../application-isolation/toc.yml                    | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/application-security/application-isolation/toc.yml b/windows/security/application-security/application-isolation/toc.yml
index cd0be21954..fd649d5204 100644
--- a/windows/security/application-security/application-isolation/toc.yml
+++ b/windows/security/application-security/application-isolation/toc.yml
@@ -1,15 +1,15 @@
 items:
-- name: Microsoft Defender Application Guard
+- name: Microsoft Defender Application Guard (MDAG)
   href: ../../threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md
-- name: Microsoft Defender Application Guard (MDAG) for Edge standalone mode
+- name: MDAG for Edge standalone mode
   href: ../../threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
-- name: Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management
+- name: MDAG for Edge enterprise mode and enterprise management ⇒
   href: /deployedge/microsoft-edge-security-windows-defender-application-guard
-- name: Microsoft Defender Application Guard (MDAG) for Microsoft Office
+- name: MDAG for Microsoft Office
   href: https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46
-- name: Microsoft Defender Application Guard (MDAG) configure via MDM
+- name: MDAG configure via MDM ⇒
   href: /windows/client-management/mdm/windowsdefenderapplicationguard-csp
-- name: Windows containers
+- name: Windows containers ⇒
   href: /virtualization/windowscontainers/about
 - name: Windows Sandbox
   href: ../../threat-protection/windows-sandbox/windows-sandbox-overview.md

From 235b631eb81a2ba9bcf4b560ef69e9eaf4818373 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 27 Apr 2023 17:59:40 -0400
Subject: [PATCH 039/107] =?UTF-8?q?update=20TOC=20with=20=F0=9F=94=97?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 windows/security/TOC.yml                         |  2 +-
 .../application-isolation/toc.yml                |  6 +++---
 windows/security/cloud-security/toc.yml          | 14 +++++++-------
 windows/security/hardware-security/toc.yml       |  4 ++--
 windows/security/identity-protection/toc.yml     | 16 ++++++++--------
 5 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 1a29e97d24..fb69d549ce 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -20,7 +20,7 @@
   href: application-security/toc.yml
 - name: Identity protection
   href: identity-protection/toc.yml
-- name: Windows Privacy ⇒
+- name: Windows Privacy 🔗
   href: /windows/privacy
 - name: Security foundations
   href: security-foundations/toc.yml
diff --git a/windows/security/application-security/application-isolation/toc.yml b/windows/security/application-security/application-isolation/toc.yml
index fd649d5204..8c17971749 100644
--- a/windows/security/application-security/application-isolation/toc.yml
+++ b/windows/security/application-security/application-isolation/toc.yml
@@ -3,13 +3,13 @@ items:
   href: ../../threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md
 - name: MDAG for Edge standalone mode
   href: ../../threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
-- name: MDAG for Edge enterprise mode and enterprise management ⇒
+- name: MDAG for Edge enterprise mode and enterprise management 🔗
   href: /deployedge/microsoft-edge-security-windows-defender-application-guard
 - name: MDAG for Microsoft Office
   href: https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46
-- name: MDAG configure via MDM ⇒
+- name: MDAG configure via MDM 🔗
   href: /windows/client-management/mdm/windowsdefenderapplicationguard-csp
-- name: Windows containers ⇒
+- name: Windows containers 🔗
   href: /virtualization/windowscontainers/about
 - name: Windows Sandbox
   href: ../../threat-protection/windows-sandbox/windows-sandbox-overview.md
diff --git a/windows/security/cloud-security/toc.yml b/windows/security/cloud-security/toc.yml
index 7eaefc2acd..a927cf5384 100644
--- a/windows/security/cloud-security/toc.yml
+++ b/windows/security/cloud-security/toc.yml
@@ -1,18 +1,18 @@
 items:
 - name: Overview
   href: ../cloud.md
-- name: Join Active Directory and Azure AD with single sign-on (SSO) ⇒
+- name: Join Active Directory and Azure AD with single sign-on (SSO) 🔗
   href: /azure/active-directory/devices/concept-azure-ad-join
-- name: Security baselines with Intune ⇒
+- name: Security baselines with Intune 🔗
   href: /mem/intune/protect/security-baselines
-- name: Remote wipe (Autopilot reset) ⇒
+- name: Remote wipe (Autopilot reset) 🔗
   href: /windows/client-management/mdm/remotewipe-csp
-- name: Mobile Device Management (MDM) ⇒
+- name: Mobile Device Management (MDM) 🔗
   href: /windows/client-management/mdm/
-- name: Universal Print ⇒
+- name: Universal Print 🔗
   href: /universal-print
-- name: Windows Autopatch ⇒
+- name: Windows Autopatch 🔗
   href: /windows/deployment/windows-autopatch
-- name: Windows Autopilot ⇒
+- name: Windows Autopilot 🔗
   href: /windows/deployment/windows-autopilot
 
diff --git a/windows/security/hardware-security/toc.yml b/windows/security/hardware-security/toc.yml
index a812a513d8..6cd5d10c39 100644
--- a/windows/security/hardware-security/toc.yml
+++ b/windows/security/hardware-security/toc.yml
@@ -42,11 +42,11 @@ items:
         href: /windows-hardware/design/device-experiences/oem-vbs
       - name: Memory integrity (HVCI)
         href: ../threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
-      - name: Memory integrity and VBS enablement ⇒
+      - name: Memory integrity and VBS enablement 🔗
         href: /windows-hardware/design/device-experiences/oem-hvci-enablement
       - name: Hardware-enforced stack protection
         href: https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815
-      - name: Secured-core PC ⇒
+      - name: Secured-core PC 🔗
         href: /windows-hardware/design/device-experiences/oem-highly-secure-11
       - name: Kernel Direct Memory Access (DMA) protection
         href: ../information-protection/kernel-dma-protection-for-thunderbolt.md
diff --git a/windows/security/identity-protection/toc.yml b/windows/security/identity-protection/toc.yml
index f292d2822d..27c8a6dad3 100644
--- a/windows/security/identity-protection/toc.yml
+++ b/windows/security/identity-protection/toc.yml
@@ -5,15 +5,15 @@ items:
     href: windows-credential-theft-mitigation-guide-abstract.md
   - name: Passwordless sign-in
     items:
-    - name: Windows Hello for Business ⇒
+    - name: Windows Hello for Business 🔗
       href: hello-for-business/index.yml
-    - name: Windows presence sensing ⇒
+    - name: Windows presence sensing 🔗
       href: https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb
-    - name: Windows Hello for Business Enhanced Security Sign-in (ESS) ⇒
+    - name: Windows Hello for Business Enhanced Security Sign-in (ESS) 🔗
       href: /windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security
-    - name: FIDO 2 security key ⇒
+    - name: FIDO 2 security key 🔗
       href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key
-    - name: Federated sign-in ⇒
+    - name: Federated sign-in 🔗
       href: /education/windows/federated-sign-in
     - name: Smart Cards
       href: smart-cards/smart-card-windows-smart-card-technical-reference.md
@@ -58,13 +58,13 @@ items:
                   href: virtual-smart-cards/virtual-smart-card-evaluate-security.md
             - name: Tpmvscmgr
               href: virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
-    - name: Windows LAPS (Local Administrator Password Solution) ⇒
+    - name: Windows LAPS (Local Administrator Password Solution) 🔗
       href: /windows-server/identity/laps/laps-overview
     - name: Enterprise Certificate Pinning
       href: enterprise-certificate-pinning.md
   - name: Advanced credential protection
     items:
-    - name: Account Lockout Policy ⇒
+    - name: Account Lockout Policy 🔗
       href: ../threat-protection/security-policy-settings/account-lockout-policy.md
     - name: Technical support policy for lost or forgotten passwords
       href: password-support-policy.md
@@ -76,7 +76,7 @@ items:
         href: access-control/access-control.md
       - name: Local Accounts
         href: access-control/local-accounts.md
-    - name: Security policy settings ⇒
+    - name: Security policy settings 🔗
       href: ../threat-protection/security-policy-settings/security-policy-settings.md
     - name: Windows Defender Credential Guard
       items:

From 9965066fd661026fe945bd75d4488362e3e37cf0 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 27 Apr 2023 18:28:52 -0400
Subject: [PATCH 040/107] updated includes

---
 includes/licensing/_edition-requirements.md   | 14 ++++++------
 includes/licensing/_licensing-requirements.md | 18 +++++++--------
 includes/licensing/federated-sign-in.md       |  4 ++--
 includes/licensing/windows-laps.md            | 22 +++++++++++++++++++
 4 files changed, 40 insertions(+), 18 deletions(-)
 create mode 100644 includes/licensing/windows-laps.md

diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md
index 5f6391baad..8f7e70b8b4 100644
--- a/includes/licensing/_edition-requirements.md
+++ b/includes/licensing/_edition-requirements.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 04/27/2023
 ms.topic: include
 ---
 
@@ -25,14 +25,13 @@ The following table lists the security features that are available in Windows, a
 |**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|
 |**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|
 |**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|
-|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|
+|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes|
 |**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|
-|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|No|Yes|Yes|
+|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|Yes|Yes|
 |**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|
 |**[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)**|Yes|Yes|Yes|Yes|
 |**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|
-|**Local Administrator Password Solution**|Yes|Yes|Yes|Yes|
-|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=%2Fwindows%2Fsecurity%2Ftoc.json&bc=%2Fwindows%2Fsecurity%2Fbreadcrumb%2Ftoc.json)**|Yes|Yes|Yes|Yes|
+|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|
 |**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|
 |**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|
@@ -62,10 +61,10 @@ The following table lists the security features that are available in Windows, a
 |**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|
 |**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|
 |**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes|
-|**[User Account Control (UAC)](/indows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|
+|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|
 |**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|
 |**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|
-|**WiFi Security**|Yes|Yes|Yes|Yes|
+|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|
 |**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|❌|Yes|
 |**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|
 |**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|
@@ -76,6 +75,7 @@ The following table lists the security features that are available in Windows, a
 |**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|
+|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|
 |**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|
 |**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|
 |**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md
index 2d3f2f34d8..9e822cdbe0 100644
--- a/includes/licensing/_licensing-requirements.md
+++ b/includes/licensing/_licensing-requirements.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 04/27/2023
 ms.topic: include
 ---
 
@@ -25,21 +25,20 @@ The following table lists the security features that are available in Windows, a
 |**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|Yes|
 |**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|Yes|
 |**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes|
-|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=%2Fwindows%2Fsecurity%2Fcontext%2Fcontext)**|Yes|Yes|Yes|Yes|Yes|
+|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes|Yes|
 |**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes|
-|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|No|❌|Yes|Yes|
+|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|❌|Yes|Yes|
 |**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes|
 |**[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)**|Yes|Yes|Yes|Yes|Yes|
 |**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes|
-|**Local Administrator Password Solution**|Yes|Yes|Yes|Yes|Yes|
-|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=%2Fwindows%2Fsecurity%2Ftoc.json&bc=%2Fwindows%2Fsecurity%2Fbreadcrumb%2Ftoc.json)**|Yes|Yes|Yes|Yes|Yes|
+|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|Yes|
 |**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|No|❌|No|❌|
+|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|❌|❌|❌|❌|
 |**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|❌|Yes|❌|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes|
@@ -62,11 +61,11 @@ The following table lists the security features that are available in Windows, a
 |**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes|Yes|
-|**[User Account Control (UAC)](/indows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes|
 |**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes|
-|**WiFi Security**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|No|
+|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|❌|
 |**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
@@ -76,6 +75,7 @@ The following table lists the security features that are available in Windows, a
 |**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md
index 080274363c..c1d9f41946 100644
--- a/includes/licensing/federated-sign-in.md
+++ b/includes/licensing/federated-sign-in.md
@@ -15,8 +15,8 @@ The following table lists the Windows editions that support Federated sign-in:
 
 Federated sign-in license entitlements are granted by the following licenses:
 
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|No|No|Yes|Yes|
+|Yes|No|No|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-laps.md b/includes/licensing/windows-laps.md
new file mode 100644
index 0000000000..dd378de2be
--- /dev/null
+++ b/includes/licensing/windows-laps.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 04/27/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows LAPS:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows LAPS license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

From 74966a80bd1df69288213d4a9c086dc00e6c3aa4 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 27 Apr 2023 18:45:37 -0400
Subject: [PATCH 041/107] batch licensing requirements

---
 .../pluton/microsoft-pluton-security-processor.md      |  4 +++-
 .../tpm/trusted-platform-module-overview.md            |  2 ++
 ...rdware-based-root-of-trust-helps-protect-windows.md | 10 ++++++----
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md b/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
index 5274334565..d2d8321257 100644
--- a/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
+++ b/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
@@ -18,7 +18,7 @@ ms.technology: itpro-security
 
 Microsoft Pluton security processor is a chip-to-cloud security technology built with [Zero Trust](/security/zero-trust/zero-trust-overview) principles at the core. Microsoft Pluton provides hardware-based root of trust, secure identity, secure attestation, and cryptographic services. Pluton technology is a combination of a secure subsystem which is part of the System on Chip (SoC) and Microsoft authored software that runs on this integrated secure subsystem.
 
-Microsoft Pluton is currently available on devices with Ryzen 6000 and Qualcomm Snapdragon® 8cx Gen 3 series processors. Microsoft Pluton can be enabled on devices with Pluton capable processors running Windows 11, version 22H2.
+Microsoft Pluton is currently available on devices with Ryzen 6000 and Qualcomm Snapdragon&reg; 8cx Gen 3 series processors. Microsoft Pluton can be enabled on devices with Pluton capable processors running Windows 11, version 22H2.
 
 ## What is Microsoft Pluton?
 
@@ -46,6 +46,8 @@ When the system boots, Pluton hardware initialization is performed by loading th
 
 ![Diagram showing the Microsoft Pluton Firmware load flow](../images/pluton/pluton-firmware-load.png)
 
+[!INCLUDE [microsoft-pluton-security-processor](../../../../includes/licensing/microsoft-pluton-security-processor.md)]
+
 ## Related topics
 
 [Microsoft Pluton as TPM](pluton-as-tpm.md)
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
index 2c2f23d5cb..d3a0a6e2b7 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
@@ -50,6 +50,8 @@ Anti-malware software can use the boot measurements of the operating system star
 
 The TPM has several Group Policy settings that might be useful in certain enterprise scenarios. For more info, see [TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md).
 
+[!INCLUDE [trusted-platform-module-tpm-20](../../../../includes/licensing/trusted-platform-module-tpm-20.md)]
+
 ## New and changed functionality
 
 For more info on new and changed functionality for Trusted Platform Module in Windows, see [What's new in Trusted Platform Module?](/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module)
diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
index 10b4f41000..74e332cb87 100644
--- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
+++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
@@ -30,7 +30,7 @@ With Windows 7, one of the means attackers would use to persist and evade detect
 This malicious software would start before Windows started, or during the boot process itself, enabling it to start with the highest level of privilege.
 
 With Windows 10 running on modern hardware (that is, Windows 8-certified or greater) a hardware-based root of trust helps ensure that no unauthorized firmware or software (such as a bootkit) can start before the Windows bootloader. 
-This hardware-based root of trust comes from the device’s Secure Boot feature, which is part of the Unified Extensible Firmware Interface (UEFI). 
+This hardware-based root of trust comes from the device's Secure Boot feature, which is part of the Unified Extensible Firmware Interface (UEFI). 
 This technique of measuring the static early boot UEFI components is called the Static Root of Trust for Measurement (SRTM). 
 
 As there are thousands of PC vendors that produce many models with different UEFI BIOS versions, there becomes an incredibly large number of SRTM measurements upon bootup. 
@@ -69,18 +69,20 @@ Paging protection can be implemented to lock certain code tables to be read-only
 A hardware-enforced processor feature known as a supervisor SMI handler can monitor the SMM and make sure it doesn't access any part of the address space that it isn't supposed to. 
 
 SMM protection is built on top of the Secure Launch technology and requires it to function. 
-In the future, Windows 10 will also measure this SMI Handler’s behavior and attest that no OS-owned memory has been tampered with. 
+In the future, Windows 10 will also measure this SMI Handler's behavior and attest that no OS-owned memory has been tampered with. 
 
 ## Validating platform integrity after Windows is running (run time)
 
-While Windows Defender System Guard provides advanced protection that will help protect and maintain the integrity of the platform during boot and at run time, the reality is that we must apply an "assume breach" mentality to even our most sophisticated security technologies. We can trust that the technologies are successfully doing their jobs, but we also need the ability to verify that they were successful in achieving their goals. For platform integrity, we can’t just trust the platform, which potentially could be compromised, to self-attest to its security state. So Windows Defender System Guard includes a series of technologies that enable remote analysis of the device’s integrity.
+While Windows Defender System Guard provides advanced protection that will help protect and maintain the integrity of the platform during boot and at run time, the reality is that we must apply an "assume breach" mentality to even our most sophisticated security technologies. We can trust that the technologies are successfully doing their jobs, but we also need the ability to verify that they were successful in achieving their goals. For platform integrity, we can't just trust the platform, which potentially could be compromised, to self-attest to its security state. So Windows Defender System Guard includes a series of technologies that enable remote analysis of the device's integrity.
 
-As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device’s Trusted Platform Module 2.0 (TPM 2.0). System Guard Secure Launch won't support earlier TPM versions, such as TPM 1.2. This process and data are hardware-isolated away from Windows to help ensure that the measurement data isn't subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device’s firmware, hardware configuration state, and Windows boot-related components, just to name a few.
+As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device's Trusted Platform Module 2.0 (TPM 2.0). System Guard Secure Launch won't support earlier TPM versions, such as TPM 1.2. This process and data are hardware-isolated away from Windows to help ensure that the measurement data isn't subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device's firmware, hardware configuration state, and Windows boot-related components, just to name a few.
 
 ![Boot time integrity.](images/windows-defender-system-guard-boot-time-integrity.png)
 
 After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM. Upon request, a management system like Intune or Microsoft Configuration Manager can acquire them for remote analysis. If Windows Defender System Guard indicates that the device lacks integrity, the management system can take a series of actions, such as denying the device access to resources.
 
+[!INCLUDE [windows-defender-system-guard](../../../../includes/licensing/windows-defender-system-guard.md)]
+
 ## System requirements for System Guard
 
 This feature is available for the following processors:

From 05fa995462b2b64cdc4809b666496ff340e515fd Mon Sep 17 00:00:00 2001
From: Amy Zhou <amyzhou@microsoft.com>
Date: Thu, 27 Apr 2023 17:06:20 -0700
Subject: [PATCH 042/107] add bgp instructions

---
 .../do/images/mcc-isp-bgp-diagram.png           | Bin 0 -> 41292 bytes
 .../deployment/do/images/mcc-isp-bgp-route.png  | Bin 0 -> 6361 bytes
 .../do/mcc-isp-create-provision-deploy.md       |  13 +++++++++++++
 windows/deployment/do/mcc-isp-faq.yml           |   2 ++
 windows/deployment/do/mcc-isp-signup.md         |   2 +-
 5 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 windows/deployment/do/images/mcc-isp-bgp-diagram.png
 create mode 100644 windows/deployment/do/images/mcc-isp-bgp-route.png

diff --git a/windows/deployment/do/images/mcc-isp-bgp-diagram.png b/windows/deployment/do/images/mcc-isp-bgp-diagram.png
new file mode 100644
index 0000000000000000000000000000000000000000..9db7e0c6f49610d9a5a7c95a159bfd82f8a704c2
GIT binary patch
literal 41292
zcmX_n1ymc~)Aj-_E^V>mv=oYKad(P4#S0X7hv3BuMM{z2?i2#W-HH{5puviJa1HR~
z_kYj%a?YM)cjw-nJ2Q9Y*_la{x~e=LHaRu`0C*o2WHbQ)<@Ub=6CHWwYlHkI@(aaX
zQ(g+F8l&7po;<UbRFMRLns^+9*>mJMmWzVEI{;8c{&%3nZ=G5KK<>YfGLqUpCP!Hq
zK14dOh==EIzLuJ5)C79fSjcPtQ6!d9!=&0{%cG;kobpr23tRES36RDUl~6!^hS^T{
zSsLr+aYvM=Hf<s6UF(oj!)7z&p!sK32T$#e;HBs_@}d9#BO)cQH0igfuh^<EUM~M1
zKN4}a&P>HT3le!Ny5ar(nEKlEI0+a;9EHZcn9G-^^>%X))pw3a!e9{@VI|iYOzH58
zen+d)j;aGG#4^b+yxiaV@wjiM6$MFi^V-4OEQQwAA+Kh#eA4&@H;<H_B8yq8VwsfH
zj%#vETClp3dm7fRC6+q;9g=?S%@nM2VZ<7z4=XJ#t)PXzkbmJ~-(?iw^~JVumqL59
zb=PCw>p7P-ec!c?D;MMDkY*;eM}uT01G6^ihum;~#cMLK)aVEki>o21B_vY+Z**ri
zkE3_*b!?|;X;B5DV~-4_)^FpR02-GewbGDH?!$kh39DVJZzKBfUqt+*l2+shXD(Wv
z`VA#G)QCwhg5YtsmZUM699Jya$6z9v%nhx`P1Y1@%n_cpH?A-tE%K{--%3=ZFF|J9
z<#;tFN_za%b%e<K&484E1oc;#ck|t+y@g|&dSUQbGQPPYv9MxHb}*0T-Y7#{!vjki
zS7r2nJkaE6cVa|^Wh?E+UAgU?uF-7<a(ck!DvrHHru&OKKUD^F*CG{^BVBfkM;s;i
z9$|&mZj!lc@3>p)cI}yzPR@RG{tZJu0;Raz@h-&Y3MtK4m-UgTx+!0liZEl-pS=^T
zL6J%aMsyqVt=+!|w<+5wkTjC>^T~ET>@_v68T9k%O&C`|ji`|MmS<+g)<4ZhpqT)<
zV*ZV$8h03Le2G)=KYLo~I&#_~I#XTIo5a3`rNU4ze*kb{Qj{8@+TlL<6h0+1NanDn
z=qE-18)hXW<7n9Wgy2My43fl=34^PC%%je2_*80Sj=aw8M~d^egxAlX3ESKh`^DNB
z`B_ApByzp{e(!l*2{m$CNRbbZ`Wb9B`;wWsAHNMXuC*&bG>JK&);rl#(n?pO_Zcu)
zTW!YDo6cPxw=*T8w)r(rxl8yXKVpQtl#82ixE`s4wK>N2G(n9K)^~dj35+Q^*FYEl
znr7=OUyg#Bn>ov3l6nmQ=nN&4uuRpIE4unZ7W^y=94y|I1|5OHH@@sq1AsrdAc0>*
z6xH>oxD*($7VlE5lZMMwFeQ4;izTZg26Q#5M|4_#;BVsI{08Ge8D#ll($dLZai@{^
z95^v(`jG$Z)lez4r}z6r6#k~;{9tl}U#(fb;t>gG3k_(C`1Oj-GJ@ls0kHcK9+s{l
zu-s?!7Zvcq=kvD2%+&u-jWczlK~Eqt`(>rg^5ub2g&``^;1jZ<zNq=~xT_`WT<t16
z3qBugKCxu9hOH9gSP=j&bVkg2Qe)|9ewnPX0N|#&Ev;&Xv<cFDnag!P?{@;gCd17U
z3a}J0#f6E53uH%(ifu6b?lTvas{{Z_8Ln&f1fSH)lpWtX4K{+{_k(TXxFgiSkLQ0K
zTsXafHnP6MQQ_UwZ=@zj1JO-7skKV%?^;4R(M`e!Sy=@cM@;uIk^*M}icwvxP=*0$
zL^IkN4x^PbU#Do`0I>OSN_b|W;VADJ5De+bGHbpXy~(iZ`y6cuoMDqSwvNjgQUig(
z+>v1m&i-M8n6%jRK;XyzqhpaqUh^+#YieI8+oG-8aC90`fg6!M3x`W_kJ;z?<ru&X
z2U+7BojXDBc)^I7qoLyfPcNQCJr&^lEoSjRkWGSy67a_@x^UvFW02cEL;-vWi`rNC
zqAkl=Um(>CSjO4GXt>I^Q2^|}6Z*Bx2pi}L%339(_|oeP8n(bD0B|44IB&8rLG#1`
zg7vyAU`I;uq0+Btz!ya;6~EV-IKh$s08*>o^@%ieU=3HXOl*OHt(l%1<+T$=u)O->
zisL|+`6pa}*3YF|g3J)2ruB(&2JMGE<BWYnmQ~n-VN1Co(rsL6pjt1a>^GmYr#}HM
zEPp@g!Q!}GzbWA%cN!UZUp|-V1)!HWNr3MN2LNw#lWGOIZd5?eY^C}5E8-Ld2yWF#
z$8;<ylq(Sd++uupS{BaaF#w=B$~TwI<1bp5?TGN)8-?dUS8cA<%V5f>F-;?cje}o9
zzB?7r<!58P=a?v$V1y0~K8xdUHWZDg!3Vl1G$Iy@$fsDULS)?E0(>q6zW0Kw%^+%>
z&j0}LYqRCjXXU7JLXn`BPy5v05X)kMP~fCzMQ*lgNJl5VJp;<%G~<kMgN3@a#i20J
zwWHn-g<W;XpHTjg|HoC_PlMK<g$npnRE5+*(qei!g@1T+60ml==5f{F0$tY{Z#^RD
zV$pmFiXKE)wzuTjNrAPXFoX2(7b@Zg-|Sgl9-!SY{k`$ta3LH!%5TR8)*z`xey>Sz
z5%|;iOmD$B0Pq+$C1VRyrHMtwKOs2W7&q<2IOj$K&R#j}UIiquB7X*tn~QrTS%}an
zJOgN*&1o)hxFmxK@;40%PXD`$chwuIaf2cjHud<W#y84h(+%mLGF8!|JtpVRsYg@0
z4m40D=kXK1>&~G9z=ZnSz<g=$lb1xHjcEx(Q#!^-9=b>@13|boXeM#oB-%8g)QLPu
z*H4%F94mAZ4I;_q6Oc@}n1UoDOB(yj)#9OzMS>nIU&HT1jTV11g7jsqR&w!TDqR*X
zw#$5jco880!TGrOQxa|dl$3Ee$o|zZKUUwtMXi&u`ziR^><u>A3FWq=JLd!6pylV2
zuHI_0isB`m)Qh)ygzG_I+Bi=go01za4@!uXPow0qIgRx@bU6YyjQi89GIO%8OF$#t
zNCP9dC49Z_so1E)KTS1DOyz*zA-6~gtk3KJM}ho<&o><$64npD#JvzrOYpHQ;r)ce
zrZ;24`Utj46MW#fFR;bnwWte^A|>cS2_qE4NjBAv%d9F-ifPJD=kf90+4e7sUf)FF
zkk;<bBU;(ywTf~6v1ni+*GB*Jl;!Z=?j%vm?Ez$8pZHHbg6V@if}+%f0XXg!`ye2X
zFZ-Em4gC;Lj0~M%DV%d+y+^^Ku%g_B$<GuK7#)+YFlyM4*RPVklMcGRO`ENPNz4V_
z%C?g~ca0_eLo@Oce+eUox{0bNnwo>mMYx9(Z`+CY3M;YHx55kBWUCZkaUU-}Ikm;I
zw>^6CN^FF>iTGYhm$Ljg#J(E-1-TY>`PZAZJ&bb-14Px$&ht%Ci{5u3<oxzW_30v(
zLd#9QTJ3gyhv6?Uv74y<3gjt72j5(wk2{`l`mAY&@$<dtzro1(Vqie7LQbQa)A@uF
z4t17VZL|T~muuIP=#(0<8Ip6^u^P97VmrUe_~#I>69lq!)w?+OAq9%{cN1$@mS71z
zBbT!`ZHoAL$|c3_uyuBxK#g6)gvE3033+&+1YSmC5!|reyP|x~N#c6hkAoP|`BXrF
zLo$+*Jp#@_$D?8we$Kt#da5q+EE2V<uOl|FrUf0qsEPmI`ec1*uhYectOj+?3;H9p
zLY`W|GIp|s`zaFyw`Y@t;n>ssTWDn;4^*9W)Z2?M_O-?pdgJDdBMbKFFODPW%dA)5
zc-$TOKH8C|mSQ!LAZ74HWR2D;&(7?mD;#s$@9KED6+HjIZq%kMdQVWoaMYrq-kZ|%
z<>|dLU+_=Q?KEa>xz})<co8`rd;XuW7A@k6@ChvfF=ae#qFkJogF(fqP4PP@D3h0h
z|6DKW8?H*}-6e_(US18I$KHn+Y5^dl*_BUF<~JI<><yLPB#qUEl9*ejf#+RRdc@_2
zQuA1l_C?5B=vl}8Zp)Yqn-m1IHmGEtLc7E^bvdwVcE>cS=slc6Cg5y`Kh;;xJTV9&
z!_><qC#$*vDGzbI?5dxa>&N*{m0N|<h2FPzc~0KD7NYc$fs__kEN=ODDSQ~(q9krN
z`>zD|Qoqc3PeY@e1_W<M=b>T|6Q@#FsN#o>E7y}Z<bi2|(pLiR(WWoS%KYnFv=zSa
z354c#qVs%Ad}^v&<|-c1?=ej~UTM!@c%(I_c42Ffi?_84p<1%Y4uutVGB*C<eka#e
zgc)i&XmvdtYsz#uU<Pf|>SUd%c2onIzCN#gj;$FprrsR3de(uO|L2KTr_^NC!!#xE
zY5WQPv`d%3#R(hJy)^JD;?E8WUm;1uJ;p4}0$0GBZzb-3k!B$7={rA&u0+=>&a^jS
zbbc4_gBqd++pmpzg9>&`ZU6<J8(EuQve#cfi}|d%g*BfZy8KQwzLrdYwjF#fA%Ygt
zwV!SBXv?Kmt$b-ddUUUenLFjX3lO`{M-?S;>8xi6zGl<X`GV;In=k)3@Ti?HW6R9k
zutoj2=-Wj2IR|k)nTWJD!tn3vse_+)GhTf{D*mDWqUl#Vh9%2$iuOSWuqKt{VI;1?
zHszXYK38lZNlSoaq~>EJtlE*IepgHc#%$Q0Xa4(n48w2{!aAI*^J#40LM6H7!Y3i}
z%SY2rJP3i)%FIO*>k2&K9!KLEaa&YofA1RqWG!Qr_vb!GqX7S*)E3-*v1h$HHGNH*
zqJpvLg=B-p0_30zMoIA4IX1SvK>ZMoGME24pp9KrKG8mV!0C0wbLoKK;g=Ep)AiAs
z2;+SrpI7w=SLHb9VdTFH{W7=mq3zmqR{PQ$O2!eRRpFezVq=NdzZXvJ_>QDFNCFg(
zOW-OT_E=%fomYoS+KoqQUiZ8<tMMy-=V%~VhhE1khcg;~lQAdZc5`paHN%i85f=g~
zHd$GND!5@XGdM&96Fh&3K0Zy3x`rN>NA<<Ruo^^Bf5+5gX*X}n*?v76IrXKMd~WO@
z=W#BGXUTN6M%5l3)Hc|AVZ6*25ip`%A?uy+(I=hyC0PuCqTYvPIju&sY4vmrq;G%i
zA(Fqo#oMHn#g$H_NZjR!nYd%JMa1WVUH|C&Q%R@TiU*{fv`ZJxbfB`VyVUWxJ?uOb
zU~mzat7)p6UxFk0*?{omlf;|5HV3>`cgv!)H<e7KIvmrUpd*pek#v@0oc=Mi>)fz+
zb5q`hr@qlwDdy`TbYKj(=l?AG<|nG2?l9`fI7cnZC)edc#|Z;W)oTy<&wuUt!`rog
zE31^NH&Th}Z@$51QJ<JF;TTxMaeq4L<tVj<U{1TYD7x#x*9?0Y#P!=%fF|mDfonP_
zZ<n)1#NWJj^iA@f;V*uOghbNPqcwfO*=x~(X~VwgY1lO>H?HHb!V+N)9%ADwindTS
z$}*UP2CrJ*R5$frNevPIRT?8TdwPak%z|z872oZ%OFon}Y5{?`m0g&=y5D9aqbSFQ
z2LYmmbp~xsE-c~lv$SC&Pue10Mh;!Ton`K!$a@omg`rB%$NSxadmIYwwH5!KR(Q>R
zXE=54ljzmE_Q!P!C}M{RT6p~obTH#B%aF&(+XBgDoDo+hrtsnxrTN|nnf=`;=}%ef
zNToAZGrJ}bbS8@0RXHD*=WH#xDcku+KpVf?NutW-Xpwi%rgrwYXd>ZzZ6yhsm3q|g
zdfdA<MY{5p7KmhJ<VfxDxylT~1r&{7vKHlf8Uvo3&k&Hm<+gHs`O0+q970q=n&XpV
z0y-0{z+Tns`tk8bE#xcrxw=u()vbF%k1S*1w9A3uZx%dPWnk%h01BK0+vgEoZ?aJQ
zb4)l!a|Gw@t%Fsq9=x!6a@bv#ck!ac`tkfVFSLFxei)pSO@eOR{*eHL$P3ac{nS5m
zWt0p7I|fsb#CJdCaNemY>J+AgZX?C5Z(G`k1zekp*RkvKt)hx|1)BJHbO6l}R%blm
zUj<hi=1b-9d*wWSlR(3yHX2UcGK&HNBKp%E8ozXMgn*>(p8WxLBISFIk%yU`=pl=Y
zES}aWb!S50Sf0$F<QjEE8h*~$%>VGqEx#I7;y5o2v6+TbD*fjU>0-U>_RdD2P9w~B
z7vClBO!F`fw+rBbrYK0$Ut{rKHFh#=^m|84*k9>r!LS0c3;{sv|DM$A`Opr>z*?S^
zty1J71uG1I8wTu#arfI!FXIvCUFyZ|M*=sh(M=3|YPUuUZC1--2DI(!y-EA=PPy1S
zWuE1JUE&M`qcTErpKfG{kBBWJu<Um|lgE-l@0C&cTmui`b<<8vS0qh<G+P8acjh>;
z9n3H3gO6OZ60rHU;e4VXC?($9|A&aaB$g-M{{&^+>h)04d$Is^ol3!-`7+@TYFm3y
zq`V96xo|C0gjy-b>@~burrW(8c#;q4iMia^Y)*fqGdp%B@zbLo_v(z7i3$pH@>5x&
zrg5x|ft}{~u1Vhg)|AGMo&W6p>#+P&jb7y&I286w;@Hd-XrqmJ)c0gN!CKTO-=)rd
zQB3tLTaxE?YZyFDY8sR=%LEd(EG(8Lnc6_PHdOKY)Zu@T%6SN}Z)k9ucH4Age$@R4
zGGv{LPu#(G$CJf+NR!Xb&1JX18<;t$CtcxG)@K<QT73fA5hF?$$M>e+ULnw?PA&%=
zIk>6S#4en%9e5@#QpZXib80U3N^<^U2FHLhfI;I!;q|^ZjOmcitIbkG>c9zZ`Vftv
zTbN1U?N)1++-S*|mUnvjLN$HQW~|O0cbvbZ6HQQ<qQ8D@bo9^GK<rN`Kgk%SEDt<5
zMXO8*D(Ig)&L0VMY=!4rIwV*3dQMDJ`XM<}y2H3_SIAxLvu4!Gm8DUmXWA}oJN3@?
z<bON_OfbQa5X>fWiR^?Clo%fuSKPP~c&`dB6D}RT5cRSXGba;Gkn|J0_SmuW3TPDu
z59SaS8=rk=CL*`x5-m1q8%4V&R<HO+lMku*kcXexnBio|>rpxaxX4L}{~B9x-=E2q
zjqH?`l6qXJvrR-A1=0ihpu;8_jc{<=UR!*j%T{`Q#M)J`s}guHTlv9ZzPfJ8G%%ob
zxGoE7*)JBF9{(vJZ|I;;&b0U>G++CHAwb+GVcC^i)8(46=3ewdW5^8(S`wOeyx4!y
z9@<g0sBMMGT`qdVAOQ6+HLO1rI)S@w{e5b;947fXga-L)O{;Q^_w4Vffdkq~?!dbf
zR0oy7`>UgiUV`PPD)r{YRby)^+IEAOXxG6_eQ9i>!V($;X>!Htj7!W2)ODZTj@u(@
zuVn;kg+K?D+*oTHrM5VV2dCs0KK<#W&PzA$&o~~&rV`+))Gix$He~(ZLwm*EQZulf
z3nis(O~G^*^+6T(zzL%j0}Uyu{AdRMlW?_FR$Ud(wdULcmL{7V#C3jCf2m>R<gw?X
zhj3h@U5ux4z!iK$>0iZc*V^GlwUnf8@C8`$e~`YVy0{O+%a(HPxZS4WyK;mzbZ>@u
z_tbavFMOO7gYz;rSASXVl@t~^A?N14%@X$3Z1p;tS^>4*WK|{Dm%=h->;$bUwHP2#
zN^?ek19!4Cp?v0vA}PW;%||alhar)r&LLl~EY5Mn6)aIRG#m9#wF^`WVDyUq{?-q7
zmuJGgn<07@G>jPa-6kPNK0bB5XdG{O5?9;(_(#)uzef|Zcs1(8n|T|=8OlFD+bW3<
z)3B0%{scE^;dlzr&a)KX=i?Zv-2cFnEyh9dR>k=H?~*jc+*at`(K>ty3lC3a13tJ)
z%s}9ex*=ml`a)uKI!yoXJ~bvt4i!SjlDOLH4M9A$!aG_Y`sOUB_r1vE-n5r&DOC15
z=hAG`j1iwUuYfk_^wCbY?crLVv*2)-V#}+;g*xkT>RT$avo33OyNFA=I++z>AN2dC
z3!m3r2QGg$H#Ro*x<b%CxNR!vmp`3l{I)fItBXY_x=xYate1YTr6zi*R%<nSeBupj
zbf!_JzG3)#<2$Ms_Ck4-C#=7Jm-<<`PO#p3%n*%;&kuYmAsLJQm;_0S4n(n$0eJBB
zomsaA9QrFj8{&&$d(37~*VMcEy|ef6;U39R<G(T3-s4v@&u09HVHBD-!VEb{NivZH
zG{vVI1Je~fho(NKeL?#Thc1n<!dPg4S+q4TN5bL*rK%+hda>x)Al*})!@}8Em2vAP
z?|D5^KdZrJp42^FO_UKr00+Z+hM<dG4I!_?*Oi8iaf=O(e%IloCO12>wl`Edz2Ygt
z>FqfN*W|KBwd&QMCCk<Gq!vpx3O4J{t`${PBZknPq{(zKAVWGysxMDlGO}Zqh)=AH
z%+B7cX68bn+CrZDM6MEP6B84y4p-|Z7n1|@aBV!NAG3Am<4{{D>b{tGR13$e{!A6m
zSR*#Y{g>Jh9a7&zd76NWoJeZWw{ks5HlJC~GhaM^wt;w>lB6V}RFM;BhxfwLl{Fby
z^&T_JF4XLLM#gAJ`PwClyKmznjXI9qs7V6MZk*ruopgF4PrA%@y4YKcq?q!>i?05U
z@V4v6<#@5jP5cU(A+_VM4~~A|SVOI{Dbv56>2(h#K^w8HAt52Q$ca)0w(W(29!0W5
z{ZdqO#PAX^eB&qP7lc+NyQduIb+c&8sZLOq9M8ZUro|O{kSUH%gw!0wv?PPydCIx-
zfk6pjKl>{|=iyi2!<`1iq`fc@aVjr($;Pqcs0%Ss(W^2_xIg2%`Q)!Gc7^2C?2Ojg
zLii^Ot5<LfdK1ycyQke}DE_EwX$YDigk+=Ba(?I2V}{dehl=;{QeM#Gt$g&;j%8b1
z<3C4Vnp6>h?DMY%dA8rfHO{2nc<5p%%G3-5h-VwsM?RiRgIuM|C}Oz(cd2#dDy3?l
z{0H5{9?A_Tr!P{bbTM28oO+6JHSsF(|8TlWf`^c%l4FMZ(?SD`TB6ba=b&P*cZL_Z
z!TldOPm@||%_4QpQEj*@_5x06F-FH=ECs(@by^Kq&n9uAHP`x5P&pD8t$w|aD7v5a
z9LZW|RaE`h8j?@s%v6DVYb|+EO#UaLp8+dTPdU4jhi)w47ZQp1;}jJO>hEZ!KA&NV
zaipHy*983Wk%)U?V*ZEOS@h6(LyW+j_J6q6&xNMOBWJzG28kgClQ@-r9QQ9v@nW7>
zhJl|~=hc+`?(W@e9EAV*W{;(V1XCSRt{0^JW7biQ*22_PKybYKMt^LrgPp^y@A9U;
zKRa<u3Q9-ps{vUWr}mH*^i=cAQgPy}BV;z7Uf1gb-!zr5*QRaa4!m#$r)~i4sY}3>
zTqw%=TR<G6I@0*Y&+p-#G*<2wp(7Oxo%VC=cgW;e(GbqbJ^EvaCR&!=CA*B}C~%xr
zy8Q0hYakFkgIqX+)34%mi#Ks6Ag%N9?%)T=5I7-dQcpiN-Bq%}xK>o|luQjqzoE}3
zYK>Qk8%-SL;7DuJRe^kM@L3CbZLQe%LkMk&MWa>ln*#=d$jpi0yXK*wmmuGGoB0{S
z_|NU*KRBDjz`M1a`2p|lA3|7>&y+j4O1FW)Sk7ka@aD%cr-AJ~I73cq>fq5ydiS-i
zGaB$1#ihv-0gcKW?_HPsJV-gHg;~pzos!~}VGLiax1XYXnB4R=JQcmQKfBF`LI{GN
z@;zuftIq30Ox!I;F8>?BgIUW~k-XbHAV|^Nnd&bk^>xV<4V~bOsDIDq{N#raZW@{|
z<-Z`=r@I4)Xf!c1)mak=23E-i+xKolm2nr>Bv+)!G{Gz5tmCul1xKhr6lYHrGRx%9
z<nYTOyW`85f2_YKx!v}b{v`|Qk48@Xvf<Do-=uXEPTG;iu-Wr$vkl8cOP))sL~-A<
z!X?$vd-8AYw68G%-<A*Ynj%0kW{$&W`zwbwhu<saXAXz{$1HkPrFyo!-r2%51s1^P
zGY4DhA|K$lOlnd0A=&7kh0pG=O+kz9;hRi@cwh8wd<lllp(zo?Q$Qewb0Sy#3E}=G
zqs+Vlo8M{aM{z}(yDr13<*n-xzdTLsyb=>Qa2UFI%aIe>d-A*coa@4cHPF>j<P?8|
zDmaESWgBuIMEUw&Q>4cbbq(lIM&su8$K$hR53uhaTi3j<jxG6x4vC7*o~x<T6orp(
zT=A^WnFcL0Rpm9`kW%dfE<^#g**MLCu{A{T^Buq!G_&6*QbpmQ@0vHtW@Az7Pq<8?
zUY%DNJi9%RpbEqJUiUQ|N0O&2lJy}^b#n|_;nzy%fs`{d9YpaTZ2*@yJ>R}pM2z&a
z(kouM%KAAx!0uY7nT}5u{vb`%KBl44KvDjP9H?SYOWM|m#^~bN-D#Pv$a+3=3~ZtY
znx@M$Q3K;Bi5OkyH=ed)NI!NwoJT|;;e`6XOGiz<^l^~DV!@d27_|H$LuhMMH(O1<
z8!;lUNs&ZoNFrg*JG1f@=)mNAPTxQ$V?YE@rUu|$aJz<w20T=N29<#z_<BvR9u~Op
z2n37DVn0{!@H>8U3d#3J(Qa~i`S_GAb?Z5-v&EwRscO2w0i1(fc5h3>WR!|}ws+0%
zlsE%Ay?3AA#K9oSmqI6Q2qXZ4ajK~tNvxRis!q9XdZr19#N*D;&V<stcL+H7rEOPk
zaV%|;WU)!}5oBa_635ONwl3?nHxGhHOQb@%Mf-dPG*NVZqv$2gexyf;m~adZf3aN0
zue8>}ALMALVJaHNl@Y^c{L;Z%ap@Mq!{Dshi>z95H5A<<Qwsa!G$EnOUw)<nYaBL3
zCozhr%DM~?jXxusqbYl1X)~bauBd&`813eGPR<!AW7sPZ;P_7oP7kIT&KagbnPAYP
zzr#1(J=jvw(7`NO`IKiWnb$v5e<MRey~VX#O8rVOPA22f4r$uUj)u44Nl!C60H9~V
zihHk~=p{Vdd-ipj@Ksp#^T6-sXL4G4Ba5HHtIUqxS({(1d_FVqY!{IWJRiXXx@7-D
zF@f=7Q-Y$<sU^@PW*{1Za&+@@=2BnhpLG%zXC;W=aJzpWbWHk#!&EE}QJhAElq(lL
zkD4wRB>0*S<LpIx9=YNfep=gPDw$Sq!;#GU365dAcB8ehAvD14<^7s~iP%i7BL$k?
zGTPeCC%=J;?OzZnaDSyeY?d3aqB<Q>+OoUsaPkX~@Ax&VG;xZLEd9(!vKbif7u`Vn
zP}j(R$qjF_B|AZ{4q}P|`>QOnwLu@3(zzzSOlRjHwQlIqv5|EnE|G(*xi(=?i-8|o
zFV=f%G>=@CK{Y0(N63nKcUhcw3ppw>k~T}*IAk7s?-h+MA-f0;Wbc$QP=PaG%%hE^
zOXo6N_G1Sp@ofD$8nA?^wvzG)yO_d1$g3eakj?L<0#-t`=zYyjP*8}}6_Pe_K4Ve=
z&0jSMkNZv!9brT-N{|NKZI-yhe236hNZD>iqb@%{8RSK_7gTntJg!z?BD1<mB32bj
zD8NcE;moD13|2=qv*$~ImcKd+I%;2R)kw8NYV}_b1$@v{lQxe^(ut*DNTx%@#&9uG
z&avmA(}Z!_o=iZO;h@#W73R8Ov>(DQK@AtHHkmEZ-V>jj3z>q(79wDcO~C9-`DM}y
z$_Z|R)`Zmw#i*!*-?O`=%qCzHC6mwh*q8vhDd~3KS0b^N4j6<P6N}Mx@7lA;rAiGD
zSWxo7|1tX=f6U4LoLf!}IRBAM91!pY+JO7LMNw_b_;L{7j~1yyy|IaMg58$?cjbN0
z2@3EBKK*YW6oZ@?=Omih53)~*tkJ)CuXq-YnsnvEK3Z^21yJ`i6pPGN9JUva0>BS?
z)yARP?%K%$6>1<p4}P9<@Z1)%|9}Au61^`!z}Xs?zun9{Q!Fzv#svl)V+!Wn7OXFM
z#`2In!TYfiF#sPd>WbfbZ_jA+fG)jYq~po(Df~;Va|zs#sHXZSNG-7=_t(xi$D>=l
z=pvHY*VJXd<pE^H7U#Xt%GNjyZREIXNvo8@4T4OLAlSMZ@;m60@rIm~1;kKo@O%{&
zXrp+qob5Mv{zSQw5;^fEP86V)Tg8a8pIVM~)x1AI!kA$G4Q0=E&P&AY+0f1984pIk
z<VU2l>~=ie>x9{OmSwE%-(Dn+>VlDzkwq$<i8!cYSq?j%Bg6>`LXjLxF6u`g1U5Rc
z8|~O3n+v+=zf`nj!!~CckmwD_mVKgdvSzAe_vBJcYQ1>&HF63CXrr-KHaYMaAe_N;
z2V4E8$XXZPfIIlC3e^fsAGPv*ci0Eu27jz>Xqfu)n;}84UINQw#rVgtK7956xS)Ek
zY(mgDSs+RcaM0@6O}Q7TAnSl`nPpWwfWT6LiDG3(<Rsdf@6zJ?u?BA%f(c|1933gn
zM}Nh-R*yWSt{`0kEsixUP}#cLuon0l05q;w4_Ryr0&OIX_(c{Ljnqq1M#k8{$@5H`
zL=H_xiIlZ-R|!h?z5+CA<TespXU*ssc7cVU08RsG`yfGZoB84IFC4fuGnYt}-l6i(
zRkwyA-RNv+i|8V<P`veJdXtRL7q<khONo;&tCey8m#dvV60fb<3m6*baOC`|8V9Sr
z7FpayIidFXVtD5)pktgaeX+6O?l=Vkf`=tCM1aST2WYKVr`Zlxtja9ai;WGG6W$4A
z*m-(EPEm4?hf%In8^!f^j4dV}qYFdwzX8%VhnUN7pRkq>8Lv0C44_2-V2bK^2HX&^
z$67$fxoAy9k@%C4fdDvhGcxEso@xmKg601+L(|=$>4jq!>(%dYGh`~P3+ytr`TZG@
z6a<7c0&on7CvKn@aSGfpt7iBELNJuIQ5T=vi&Zzijk#UAgRs7c|GY#8I?{ohaKt3e
z7^#DWuqgaM=4<({n}J}X0jxw0R>jlBrkfs={(l|-z|l=Vx_77QZI<%tKa+&~3mY1K
z<MA9jk&?$W_XRF;3x{V+)~~uXh>&L;BjIS~uPP30+F;aAHeie{zkgVEQ$fS3vkes1
z*~3-=;y@RROT$JM>u3QH(s&XJ0^R$+38nht1E%OyaNtC|ht<-vb4S3lEVQonqTx73
z!5g^Y<Mag(@o_2nEvx6A$U823#xTK=SB31)ft$Dg-6Q0?c6i9XoE~<&7XiAw|3e8m
z{|i6k_z~H9{j0WE-E9B4HogDdd0m|4`Js(1zEMdH^TikmV2Xj%RFFBYv#_CY`t!T2
z|E{gR$4P`xd6qUU;R9=iuX|w(6-u?ie$yrIQ8BG?f+2+D_BD^io_9XGE0C`}1b^np
z8{z0r;R|SM7OykrsA3$=V)8=;kzT>GsZurP1t#%v-4^Hv=e1iq$)sLZ@yn;JamknW
z*3kGk`7kBG|9OB)mb8k?UFxL~F#w!63N%78T*?)8M!l7;<6dryEvpjWS9MTPx~_qa
z2E*d^R{+3S&Qxna>yI^7WR1!yiXaF;1g{N-<);5T?et%EelT72$o^=GBR#IL>Xjv{
z6XA5%?)9hJ-IIZmxq=!M*=-fpFLxl)8q)FsE#~rGRc-<q7%1KlzEZ@Hrxei$_|uSK
z8I&rGoaDIruUC#duN=IMny5pZUEqv%-4Z!`mkxUNlxCipir%{eoM_mEzZa*Vbp32G
z%GC-1A2h3{Ud1?6tg8(xynawg(EldoCkmLLgIA^lgbj?-QTl_gQ&Z6anoyP0(NC#o
zm(c;b6OG1JP0Gpl5LKKwng6JtH};m?H^}}+9db$c-v*%x9&K#k{MYqpKlRruOU1Hf
z#H0D|17~D;eml}>hxkED?!C&93*wZc26942Q&bxFt5rH{vA{<{(?{hK?kF>qwdWwt
zMWp46>@no@ee#V-!057GTjTA1iLqfHx8T{{6OU8o(5T;Br5FG%K+dYRaq@pu2W2z?
zr8Y<3(0INMz*{xS#x<FrdRgNu{&w-&B1f}h$Wl5KAZz`!jV?aFMEVEO*6N}0s(6@D
zA`^zGdo#>vvn%YY0eqH4<N>6b;3$eh^s!|*9{zWqc)j+V4qA%o^wN*vG0cwwId(Dg
z2o{2cjXb}7OC(r`mA2U8LM{jr9=ZUH6LG0roS0wjJP?d$_R6s+Z?MptPU6L2d~?bD
za5rGO$y!EQm1z0&k^DV3;EBP?B`U95j+lN`&g(UfOyCSi-$EfsBuR=No6LVT;qJmm
z0R#(UMJY0C2%87FjZV7qvs@cUtX`&Cl*A<**vyO(wb+{P|Cc$?Dp6CS5^(vE!ftG(
zGqTS+>)DAo``!|nkW@Qo)5eJap@CDgg?V)L8l%7V5*U$^B~98uFuG!Q2mV?M`2BLF
zzGdxSM0RjtfrF)GJ_^_%Rt|ImO;nRXWA)PniELA0mk8v`U7go5I=L`=W{by>YHY>_
z?@#~rM086>PJa#mzNc>f6C@KZ><yoaree|#n$VoKA5usT%2b;{hji*t99;rU1jmdy
z$E#$|{&1o9xVoJAKFJo^_k}5DFiI>x1Hg2l3*UZnsJ+svf3h?Cd434B^T5q&axrd;
z#twRV;IB09OaMKJ1S5MQwz%uD4ipkgluPL3HK9CAR-HZvX62LCd3*Jih0Nk?`RQ~G
z4+h9b(h~k*A))<}a-6^Lo`(|q+lIR9YS0S~l^SHG<-G#pi0!c-=Yi?b8@p!QSt?4Z
zqHkbD3c*dHqlOZ!7543C6=(M_Z-hgWPSLeg`ILP}R>bJ4WYB6yFN9{f%{4UQ>Og+R
zE@I-EO{%uiz>|Ek6%HQM?yf(WDjv<)@+EU>b>=fq-s80@wiD+l$#wOsij>J~7vp$q
zk`);)kafsBHJU8-{wBbUq-OPFp3f;<A`gB2>D4~d8AJc}6|U6O!A|BF_h37`n<GR$
zX#(Xo<xBVF!Cd80GRU=ziRF*rRG7d9r=0&Eb(tSb+^H&?-R|{rj`#HjtMuCS*Qi>K
z^WgHf&tJ>5iYLBB(iDG5a7tnR^uvVx?%52ct+I-Nx0}IbMqQC!4k#kjMm<*@f=k4#
zeb*bm`&XwZYK<ddVOQAV`(C|O(LUOox}&8cY*NHdqM5L3^#x?8_AQkId!5$ce8ZQX
z)kf!x;#OqpOQUg+(iNZYDS3SrUCOtFMnPUlBWuX|#pM`5!E#ijv93+|gvu@Y?pmDO
z$B!R>BTFbR>6m^6VAw&MqNewkTM1-k<c2mfMSP<l5z`$~5}8lGC%&9=lrx18#}ScI
zx^lAnEFB;4-f@)d2as5mdX{%T(Q~H}7LOIJ$yM%c4df7^)6m9>$?YznKHqESU&%vf
z6H=d^I99DNzZANFh7xFnqCVdhDjDZ{#f0&2{U`-3x8PW8_U?2O?b#KUtK@IrW}Wfo
znj!Bv)m7N+wif|Ow6k>$yo5ZT`x$|~kUZ7=<4<wBn+~o@I;D#EHO1%jDl2+b2nHTC
z^Yn7S{rcWik<va{%s2Z_9FLoLy=wfohWoE5GSd@h{az9zy2rVP;X3(UF7g_*I0)jA
zbH}9D+o;5LIB)ZXd+y5g%EuL}WHe6D1kI;C;<-8+^~l!;Qp=*(Mu~7rCw+0AC2xzc
zyD&~FvvLx6XG(d@B<^zY&Tcj@UT3RfrYN6)C@<xD`F*VKZu|9ALC=jii%x%aR`Han
zZth!@Ypu!%N0qrb$Cb24`nYT94g^_xTf<SDsAAE)bI_v-+rTfrb}xDD+9z&o>ehqe
zCYm9UbcuGAuE-Y<$zX-K`T6m`V5xAGfPpyU4^~D3p2ugQwxB&l*E=!4F%e`w^(*N4
z-Zy(gy2l%5NhO+{h{!*%m*f-{%e2$q1XrSbe5RJRrnQ^<`#b!fdp@1Mw_B<UAAmZq
zeKu$f3_ZO4^`<Jh;==687n43!MGC%{fB~5$w`w*%u-5oFDm5zCKe62UH0aIXzxdW}
z#q&qm|2jPwM*Mzp`tseUTob?8M)shTFDqB=bgGG7IBO_!C_MkehbQevapgQ!LzB#?
zksck5+v6}ZG5qbR*(=x{Yf7b~+B1hwG(yAe??+$9(*gE$lTIFN^15`pNO&vtE8oxb
z)?rW>dfV&M-J<62o&1~MX@B&0xRb_G(U_%EZ>O|)97s-EkK_}U?Ts46G_44n4m^!y
zM|PC>HGK>srNOghp-#zac3!PXY`NaIShSd*CKqvdhfFydwQHsZn7k3-=Hh&JwidpY
zU>HO|ULEuGj?Go!KHQfZBQaiUn3|49XCn@67iq%<dSQZwf7C)NPQ_pKKV9@bB?N8s
z?chiee80SV=qS^Sr+$g-kGee{#zlP!$ai_ktXIJGym40!B67<bz<#x3@z|(t*4tr>
zAvZ*QJrcYCQ|Sz?#ink_wv(rBVmh9asGIY9zwQc4yBE{|#bt6Xd{{oOTlC&%!1ias
z3n)j79bV=+`YN<h;bSyiQ~yC*r%ty$i^7`yWh`&pa$Vd%3InyH6VRv(#Fg;tN5M~9
zZ#HU2-*r*ar;dhfE^c@)V^Y^ef5l++{KO`Ao{JZbl5k!&qxKTNO!xcoh52MjnWn^>
z7WzO2hhu|eVesGYq7Q9LRiH%ni>09Nnz@_-d_nBp?jJigODs!$$GIXb0`(g4MBm~*
ziW7*~d>V^hPNRizoo*6O!xPx>jO4lt8uHs$a9-LHdz<T)yF4?pAroX+`jB<bhm06f
zN_v0h(;u);2d-g<(iWr#B1`Yidtxsa(Tgu{S3-SgW&1)G7;}EmS}nLS-=7T=eaZzy
z?;$~2$?2ZE_bFyhdc9VTyU8Wld8Ci`3Jp4~ZnX52+OIy!`9o~i3Gzd41&o#{U!_(5
z_WILt@J4!0^BX6dHLuMI{;g`JP*AeLb<TSA-#J?)HIb7S;lzwKyxuDRq@3GtQQGwo
z79hhfsOx{MNuHjzS)8>BoC=iVhwLV;QFWXrr=4!&H%JB#5E~F!@hY7>dE3wZm{m`n
zXGfPNAwDCsUuV*ItV>--)1gA9VxYRulFXM2q{VxM!WSQh#+9eF<S)l?I5clcCv|H{
zSNF<qHef|}%J(y58?)9EJmbPI2txfv+{?g^h;tGhRy|b)BZIg7ShFl|UHx{p^q2}Y
zaO|d93JfoO%Q(thIuP1>PmgN4)<P9k$eQE{x2#$Yov<#~`h6Cm)Yt7$7fuRl65aRv
zYokJRtlHiu(GK?g5i+-84lCYCi}-1YMPGZ-r;rj*ieJiz&+qf=qj!IJ(KL3wqNKK>
z7o5$Zn;HGhu}PcewTrmu^=_het*7a<g-|)n_HQf90ZKj%|7n3|D*q<aELu^*uN~t>
zd<u>(Y*U&<IVL*)XE@F<IjyR9b6TXlrO4%)w04am+jQMja{0?Ch1AP}b>mLGjsq)O
zd)+&=M+CGuKu^e%p&gQY6Nd(c9QwW9n1jXq;K46cL#9Qj)=^we$Upu))!v_Yu)f<&
zoVuu6{HMSJA_>~w%JIL!;<Z}{Nw3>m=bLdRSA@4e@`<vTxK$?pELbPK7$r4L7}&c#
zS8s9AAj5v!ae#C%PePG5TyI`RE{4faw;5SOXALhStMc!pb+;92?&F5M%~m2Fh=kl+
zi|s_eP`BUoV_Zxnj_Y5}+QT)FT{MN!?WWO>EQ$wePX{l{iG{u?ra)BUiG5SEZ?6j?
z0{+Z#?!p!wmB+0sl=PC`Oi<<Xr3aGgl^qX$TF2EM3=3Pafs9lAv0wvT9~-A}K3vYN
zesDv)D<_BkF!9;cz$SXmJi4pD^x?v+8zA$3QyS>rS~oRwS1hFi%2zkT){+O?%>DaD
zO-g2RL~b!_aC2ZgqSe{r+})q;bjDZX<lnU!zL!kQk<QA_YS7Wo+0m$)=yjo5!@ryS
z^|>X!ir+WHMDL%_O>nN!=O1P?-lbOU+p{&pON9DQQkL)dZW~QNGay{*&^A||Ym5ZB
zab6P4;*Bkr)Y%_{VT7IoM>qBVzVSj`=9$5RzxA-*3;P|JU{ka*8<wx~{4@z@cpVTJ
zWVY}!-ad|+`2rAqhigitf2hcx`I(<6ZNvIeE6J{o!Um+wW8BeGpCyyU@JYGzyArQR
z#C}}ty>Ze$hfAc~B^SU?OTE|omP%-3oNw#q<NmyR@SD;5awB4pOdE&D=Fj^eo4rNz
zJZl-D8;#TJGS>t4hyWutvB&rHVu|5GRqazHkhCb3><ty00WyKNQdZ`#PqPL}8@s$G
z<SQ?E6G^YznmBy~*Ze1=J)w0099lXRFy&45?|<{eL5W*W3qGcS2&VFd+~mCuvZ(mm
zThcA%Im<#f9qHXS3B6ef96A4rxD!9zf=z3M`%{`k5uUe}8z?!LPkZ4moEgY~xzR-4
z{BIBss*oDbV!2R~j`+(4ePbRfiRULjy^~C?*~-P`b?~V&lB4KVj!v$1c$)jsD{!^g
ztL?{rmcFt{HLcwc#Pve^_e_aLrFTiIvv!W4kr9u7`P|sK=YKv;!`Jb7DQn{PBjD|C
zxIdlN7vR6)IW+&Xu_<s?gD@I5ZBwokx~^9$`4kKDDtSfYFC{CRj*JI<4`Rs3q}-)P
zT%LBEk#Lhr6L?2FV>{dJ(Vpf5GanaG>+AE}<)I||n2xwU!X4NZW;I%M*f*5?_nXrf
z<15S$-4){dEi)6tU2Dn2Zgy{nRfmByESnJ#%-VNA!}s2cn|U5aqu$#fs(d~3=U_G9
z$nh?IFi-3rF0b6krFB$HwX1WQ@0y%USLEBbY059E>lV%3q2(V$?H)PiV}jb)8Yx2^
zvu?K`XTdjlO*hvhYvB3NG&lrxT_*|s%ZCV|PJnM)XtQ~gnl0<`8cbRAOhiU0Gt61>
z63IP{1kscjWXTO*wms~aw_oAAVPz|s7)5jVJ)vEkO>=0pn_TUTC}j0l<|n>S9-B30
zaOQhpKh`ebG71lpNPP$)vw?V1y<OHH9KX1WH7(Q1Nhr2WGVwJ0U)yZj3W;q_pbSQ*
zo>Arap3P?kp6P(gyZzR5ZVUCbr{kjiOT#oLi{f!H4i+@Y1-@mg!T}tjAA9vju5xOb
zj#MPf$06{T!-<TxWn~W&hqHBt;qrX6k4(_EVTs6@!rt+Vz4xa2p?<qG?DEh3eyu%R
z=<l5s-=DdejC0_4@3TDiw-&?pW;p9elYJoXMCnXaRXOY3nVJ{wccp7G3AG+Ps|$xZ
z&x-fBU>-DzCF4x=?_6n8${L^fV3LhkNlC$fl!hJP4LGUT3)!(XYh|nxClcV`6pSU<
zmrW;8=_cQIyq_U~6X|t>Ng^H=ah%mZ!z3?8=+xAePRDASYlp;jOEHrxr@O1+;CksY
z&qq{lLS~hRH1OW2-YOye!`m|-L^cWGusFMM+G3ok_57SN?>=8~t#$I4(sF)dY9M$?
zy_d_-IZ}qIE&A#%lWvNF8jYg@(n^5Kuad*9ncTuw83MjIx^yFo^x<Fi$$LFxzr5_x
zY5jE0_?$%hY9m)AGY;ltU4hL@KGdZ~2`H|zkHfi2S~DNhlMfd*rPIB+M7N>7l#eFG
ztxNoW`MKjdY|hrV(a&N#+;`YL$zDjZ1-{;{+iyHjaqhS&_h~)`bEI7b-&(GL*H7OP
zXm0&Taf4w?s%%<63{MFK1>S8Q{PjXMn`LwfT_h>kIGQpnu+y9TegzL=9zR{TQ2Sf_
z?BV-3!;@D{qjLQ4K7WKfR9`Z=FmkP7RY(Jilssnj)~~jPqVzWP(rK>vL2;t6Pboz`
z4Li9E+2f^~?7XOy>i_1z?@zt9WuNdMJ>%n3^F5B%5J$PXO<`X(%|Wjk%Y@<W*>obo
zLu7fhW_yFkO{4;7-86pQ@>K_xll8nQWUPR6GQ+u@tw4!;xx|V0fxVeNkPi`aqmO*0
z_4_t37~-^P)PJt`NqL%H{-Uo@M|oP7-NW_Y!L(XuQE?W=(1$xJjfu&U$;^e#y7|MV
z^!>VhRU}9iCo7F=oQoSz(^It;Y~S(#Pn*JeNDo{Su>M)3Qe}AVeyeAg;a}VdnB43e
zO)k2jw{O%K&Mt5(w2ST8ZGIB7!b9YV+5`&Lm40sE!1)f=`L(=MX7Tq*t!CAJyhFwl
zcENq9RkeLRyK9bES4s@3Z!)7WbX+coDImR;E?n)3QQSyu(8X3WF!hxwSIXdRs%%vK
zBIVy+8o-|(`@M){gKsmPui}3#HFhxeB)eIADP!wnaQVcq`0h>K8bQ*RQFcSvmzA)^
z@(XXgy@T@6(v767;)BjgDmmHkW&%Polr%DuD2|Mv(Xovfm|SJSwK(G2_IM7*dw+9~
zGR*4E*v$~}>n82AR@$%K{hNne$~uS1ZTRBDhuIG*ZrZWJc!jTMlDI4XZ3^J4iKvHV
zlaNhCU6bE)oHk?zT6rpuP1xO^w3bsPPU}C2W#XTo)(ytDiDtAp-u=>ha;@DIW;@0h
zcz*I2sL^3{wqE>K6G7AXm_Lz2SEd6$WuI)Ep_nXKFZw-dybt?v0g^~Py*7>{i<_+8
zkN}+*&Fwj!_N30>i#$M{)IW!+_lkjd;at&*(MGI0Ruta?RsxTxrjI^&QV8`e%Dt2L
zYAIDexVie3;oWK_S#pxDm9kshK#Lo!iV?5s7lr4VT<r-P)DF>a1YX%}bY4}J?5;1<
zZ7+s8&We>!tXpd(TDwNn=J^afA)z19nZ*as4EI6XaFyr+wT^Oj`)2}gwnm(7%@EG*
zk8kQ@zZJ1>q)fx$ZA#O{Dh0@1Cj*tofj#8=&G(W&<8e7=gJI9==7fWN!e%x7H#1*P
zUoZ-nlP-cy{EjWBHTg?2?ykXobmC%+xAn`e9jtnZ*~|_m!d+?M<BEDe_9~77(*=yT
zFVd#>o|e3G+SqH4KF}9ut{eWN7%h^cY2>;^_NO=%HJN71FKLrayZ=iUuv_;2sx*^7
z=fixrOQ>xkV)O9bl0}u3hNS5ALm<643(LqtU}?X40%3siyOtbqnUjE?l^xWQvHj7A
z3k2_-Dn7VetW!#hQeFbT*=Iu)n%@jE@Qmnp?2wR5#9yr<PxC*AO-5!_Rq4Q%F=n%V
zxYXKyp{#!yvCZTtm>VWKs~os9mgN>bx(;uXC*Joid|J`_A;ygO908Jf7q-qaDQ_uV
z3R^04DBC+BzF1UpRtmMQ4KkoSFNp8VZCqtnJ>MQJXlfD&9lB0$?!9RBF;MC8UaI1G
z^RL{eimyEm84Ej-wsw5>_VK1Y7)$Pc8L=(QRzYq*5YEM=lr2D8Oq1oP!Udne<crYs
zzg~d}#~rt48Qh{XIV?P`LJx2Z>U@S}`LwFJ51e)h{*b<a=E{|~aQf*UP;sCCIIUCp
zVHJ$u{AK+y=@GZiZO3<9O!NESsZoUW=4zd^*DN$sa<hO(<B;ST-#GU4(@E%f*~f8L
zuO0W~{&ACvb_a?X!)G2g44pPlItH(Ul0gsw72bkZaCEtM@4*y_7r$Hdi^F87?C2EX
za~<(Z0TsqjD?8Hqp@Kz_x-B6z1CcH2XET;5sC_u2w^wnN%v1;yz}^#O)8eIQjt)!>
z5|GE<7Yi}*-}VI^-|m!wM$@O3ypI+wt<S_qS8VT$+aw+Pcpk*;_#5YPDtP{>>tEKO
zQN0aF(78O=c%?j@cNje_r%ESS3Dv8yF4U8W5-+_}gO(mBfX<T}cj?SFy+p72YO?({
zUCUS6BKHK1i!wS5OK>=fR~X=bFjT~jkbiE1TCL%NO9R0#FYa(4lk(RTrYR#Iq;}g0
zI&*h&KyhLXLqsmg(>v>ZELS7nwM%+GBmb75xjZm9$?9;n14T+_K3&9K5<zSydViB;
z&~wNVr)F~M%W+OUM>!&wbfWqpZt>b4h6Q8v=pliq%Q4W<(5SU~!;8m^TPC#B#8qbO
z_zT$+xGs9X7F5ms3V@c+F@laR`S&Uy9VtcE5BJy8EA4(NDjnmQ%f+jG8Bha}4Rj5R
zs_#DoC<lbpP0?sy><v2v#!V_UrWQ*tXzZPJU!*E{H#cbIbXYO4AAu`o!yb*h0uMz=
z>!{f-fMhHuOOTiz%U0d1aP75aD#3suWCURC_rBPVT`gOlXcpA8Km8&0kk9>~mekWn
zn%K*HvED!v;18EGdd}QnDf-5w+RbxOV}V>{uMC5_Q0$ucha8PAZSdpuNf6V?y;Jdy
z2e|HL4HcK*_ZzxI(`q=jN>r=DWeMfSikHbA_Zc-&qEO@GGU9B6!!lMR-)x4<2?!SD
z3Jsjng-kVs#i%^4b%!RUrYd0IQ|5{V++h+1W@QI%la<fp3VM?B=Cq6}6(0XTlCHw9
z$?ko>ufBqUfC`FIQ<0%`BP}4!Kw4Tvx+F)VQc4Pwj!BO0PNl{`7%;k~Fk&=g#76xd
zzrVlW`JDT?&wcK5-Pd&;YQ35QP@!|dWY=^jm+40~|Mf>DCiP6b7HzMy<Ix#us7q;R
zBObc1T%TPB+kmJxJ^LjaWeqB-RLWLPJ-Zzo7m6qsgoI}5)Zc4g$A`$N^D0R?X6)3s
zZ(_`olXvbh7Mvh10g1zz70=yMtOl{U|Ka;N8ED_KS0=_&Yiej1PiuVCZ`$Q$;0A*(
zS%dkd7FabU6m!_`t*FM!?w9rd!{y#YO%0nw;%$S7N)MBs>J66gJBj2$HIfsy<qEDa
z8^>dEFTKdPS_1KduT^x&tMn3)U8M=r!-Tob<F)0P?7XkjYoXc$OcmTxEre+A4cnJL
zYJq^l`86#t{jqCL?YsWeaV4mUtH;Zn8T5zs$eC!*LRj+}0}2{Ap8jhqBuwg#q|;MZ
zr^<Tn{;9!bPPskcxG-KLSmED)|0RxT@METIxOLkN&GSvXK#zs~p)T7Ha8C9%f7N|Y
ze+h=h1!o!;>C}Ril$21*gng29Txwt^DF8SH#7k#-WE{HIE2m;Li%L7R{E`92Q#3MM
z4=Jbt!8}wsG|%Ik^h&XjQu&l=B%k71(@`;zn9WZXX+Jl-QNn-ILdx(>Z8mZD6!d+q
zCwOI}J_XMQ!uni_TLgB$k3)jU;&-2!g_+Q$IW>vdi8{sJ2_gdWS+oA*ey4pwnA;C=
zZ)C?yD%N_QDTe8`#z4X6YbaL9=Zny4JIfq!5Mm5rX$0dhO`aPcf9+g~j@?-P7)j+`
zkKruf(vALD3qj*!D$ES}9#g*|h`qBR92^yvp4MQxw&-`MU<e<W#CMHMBgeT%1$LEr
z;E;{+XAi!uc7;=Wkq9=k)z*|lnG&!T?@i@}Rw!b((@g=MM9x&dv5&3nBpLFp9bTol
z`Q2tP8HHE$3z4M-p^ag?op0bk9@>U$%?597b_fQ1dQ5AfV~LQC4*YzjmWVW8A|8ew
zYv@(~WAlV^DpmIIhoXK(FlWhew{HtT5PFbp4Btt<JGX%`zn4OkSXg12Q|Xa)CO*ni
zNzcYSZ~%vF&(@PRTnJi$qqxSMX=}*`5v4X#Un1XoKC5`_FL)V56igY0`&)Fpm~Hv>
z1c{2yTw~_%REiCW5|gp>@!DVN4LRw!4#Xlg?JV(X*Y9JCn)I`+g_PpmDA>5ePj};R
ztpCn_2#{pz@(Gkhm~r!Qn^~>Ou_KmrY09Ez_hpLnqd7M-ssv9vC--I&KLF#jWj8Kw
z`*mifp8Zfd1rnyQg#26d)Y4IObHK@p`Z^eWBlVLpdD*f4L3LQiQ;>po^w?2TAc@Ao
zel6et#WYg+$wcqFfbV%rOpoIJEaT1ZoPdzPz;PBs%$&K6X8rjCXa2bfK86$Tac!BC
z4diXsD39RJ)z&a7OzG7q+}%fINtN+OKV3Lz2;b$lm(14Vm(c2X@sG>_HdmkB`SSwF
zgG<ZT09Z0mxG&A!*Y6B1_(k>gu;dCdqjeAPDn-j(`Ww|}BBE(NVH6dz5IrBWTw71=
z(KYKh-8{AZahE>6N*%K$2T~PKIw|>O-vGxHga+x{vgg>^jI?x=$*^!1jebL*B0Qq{
zH3l*&aoh|hc817tVT^-XxKy}r=<)A6_@&9FoD@csu}&arZI{F@?5N~aE%l2OT~sOs
zfFC0o^pnd^`wfBb<-E27K_i*(9HEF)9#F4rI{^nVkN0_*D=%%sxd>HdOf@tmuk_pA
zSsIq9Z1+_p&xwI*K3uSSB#~1F3<Gaw3*ZVG)n~H?IqvXhh~4=757;d<3x%}&Mj_|w
zEmWWC^En;;T>X498}X+)#i6HgP~?|K!ff=Npusd1`>_UUhU&vB1{r~w9jqZ?vzjw1
z3wAq4O+F{zQFP`WBS1G3Jqua9n2O9|<fv_S`h-HTgL1zw?=`RDziQcRLJJ$QXR3wq
zwwpuadx&Smje|<mjYML7p+{Zf>%L82W|x3$(NQs$^77dz-OKZ9y9n^P-Gkv3u2{H$
z(&Tq?3yN~X&_5Q1PUm2o-7^N@gF?;T)_ioG=zte9<bQd#{fX;yO4*4iM^SH8Z$wZ@
zIIZBX*@6_=(C_U<l`@x-qGZ38KlddJx*HaDJaS8~z#4x};t;Mf5c4$-o$mD~Iv#S0
zihu7DOnf)9A;GxSK@s($?Xq_p0=rL#X1&!MzxQ7cWX)DEV22f9h(Y7llNRv~gYq1D
zNbu%17=0?Jm;z1>X4EbnBrfO|?v}9knxILWce4Oab!>m+(;|!3;B;fjd?S=PO;O!+
z!TNc4v3~O`15?Mamy}_~C^vpt7yCuGWo)OSAkE}%t5C+$t=4lkzu%8$oJ(9PvD&AW
zw59an^(p|7?kxti9hbna<nsGQ?pYV^kh@oSk7p^Ei*?s$>pOqPg;+TT=khHL$EQ%k
zYnHl|(Yshs7|M9R;Sahkb83#l;CjpDzy25dmpZD)PrGH)J8rsalpip!VQm%HW;)q!
z@iTV5@vluW&;pDEP7c(^eYThYh?rx)MuvogU7EG~C%I8yg*D2%5thZX^1v8cy~t~v
z_WgYtc#2A4(jVsG(MGw-f<&3ASJRp7BA#nXp_06^kOE}ktNtFvacdvx^XGP!72LM)
zF=<aS(V<eDBzJM5$kuq-brtAqU?rk~-Qh-a!=!@O84^Twr+b>R>^MaR>HQx1OE21Z
zLG5_`q_TNcA74zy7IY}MW^QLQy}V2hw267;8X2OTdSaBsr1Ltz*HunS3RI;AC7GF>
z4j_d!2Cpi$WEh+5lrhzx|Jj+Ywzko92MPEESp`+M=yPCLUhJ^%AVf%j1jBzV3%XMW
zk`9;Do=M2T@kyfgzlBGQtlizvZQb9*SzeS?9_d&le<FG%gy{4}ENI4;7N5*<l>htS
zU2AK<pX~k~yMA7`s-v7$t+ec#?V&vL>oeVheZLaz+GWWS<(!3GK*}HkDZO*|2hL?g
zv*R?8e%#TJ>d-VmJ~g1_r&Ga6f&wpsCI488w?JHB%@h($j*Iq5Z#ujpn&z1(3kvvV
zqA8`?zS_H1Qs`#*cB&TdUyJg5!?sEu!a_PD5#u6nH?eNe*Y8Oa4W3_U*uZd6f;?4=
z&$d4zaK*84Xp9{K|1X#yVxh4+{jT)0*H;9e>xdoGHE&k8RPyUNt@|;V11EX$gRe?;
zxFPXFB^b}#GV_Te%-Er><<wVvi_ck%qfM=3u;Ip?=H%>vo#xiF4q@3hgfx-XfNGR>
zwscxlJ9&0t7~`X-oY*?8I%qEY72A>T5@g&_thD`DES*h{KRDqzvIx>n@_uF7>S7XW
z%qw&i{yC-ev-ys$7{_Pp|GcBC=J>h2)9TbZ>@|{ksv82RfI@8#zC0g)x6v3!b5Zm2
zcQbL(ZNh;|?hSX)q;>gEoT42lr`VlQXgqb=Q{SP>or^IzOmbLKwS5iLf0xEQTQvlm
z+?{MQ!t5sMSK;txDc)S<oUOT>b_sgm5Wli!=_D0zK~F&kgR+nwUNdcQ&PlNhCb=R;
zsUaASNlt_G`<fOo5qB|TSY1__05t8!i64N^9g-X5jU3G$zL-oWR4)b|204larY-o`
zZ2BaIKjW*zS9Y7|-I@-Y)t<F&v@|SX8+%&ry*UXbE!h2kQ7=Uu3{F;CBj=Kw{=@DF
zS%cElc9uST<MP?BX*-e?1yy$uU)yp${B<s2HO|plq@JUbq1ia9-*~KVwXQv2{Dau6
z5j?XJz45CVv7H|;N8)k$l`2^0cVL?u2wsPDT((5x3!q{r)6wHkH*OiQ)WJINtuu}U
zAU#y?Mz|v44s`7Yjt-1BI1|)P-kMQOr23}%4{LvyrKW2!pNlv9Mwb~o#SF==Tx&?b
z{lz3?oG67$_8(r*PNJx2?MrK%nj2#L8?t*q$TD~MURQls4BRZ2GUqhb#2~aw#Dqot
zOpQwq!v7f3Fx&d`2q)d*I7-<a;zUT$?y%Xk#DcX_G=iAlWr^xYHIA)@$jOjKLNX<x
zgB4dV`AjS3v6(yMXp~&3Dc&25PH1Bib0!*Pfn6?ze%Y0)192)LbO$d<I10PAF9-_V
zLAC^Mw(}QRT{ahP3hOqL&DZgimr6lOJ7X31a^ByTKtPob{G7PX4;vi->0N8LOSS;%
z*J#GsKUM^j)6@5ZN+n{1hu3K5>;y=aA#nv?i~b{9jS8l>ZC`;b`Y)CkxAKp*wKF;l
z?;MDDB8{UK{fDbMhR$F_{5nI497h6~PyKzVa+&(Q0>A9x^!1bdWeXcZAa5I;=lb|v
z%qE(5;z2zg-PnC^-e1`3V_D8elpP&O;F?K`l=p_d|86K9rbTPUHAObaq`p}Zj4lj-
zKQ%C-VYY(C{OWO7Z>;bBJF);P-orTYcW_X9niXLxK1%H-@e%>r;#}%>=`*k2J$1ST
z>I;ia?s=L}KzO2*gQ@*|>R?AO;{_zS;hm=5pfl*y45b=>b9CsE&jE5b<b%4A<4ab=
zwipX?f-0*nR+gWh2eQxr2r_HS=WVO-9Z62(9Sg;Jh`F-`D}u4L0O^p?=CF;0t8xF+
zPaOBnS*=G2H^zg9Z>K-G8Q?gt6lDkrUP|^93Bhuh1f6h|Yqq`Apvy#%TD37T<w%FO
zTkcV_fhMlqOpF0>8$+r|+lMZ;9AoHcx@Jh}5j=(N+{YxHMQe>0jGhxRa=Vacx2Dao
zXl<SFSfV9=9~{FjQkkkc?*UMo64l+puCA}+@va3`s*&R%91ZXXq!&Om2ZQ7z=s?+q
z<We_RXjU`wt8$P@c{mWzF-INC0JYSus)C5+CPmTK2n_wD|2LDUPgxyu|JXfms<R{v
zItm3fEL0ve6%cm<b_>eQTPM?Z$X`*B8-amgE&9FogvXd=<DPR7pn_B|NR-tvc{45S
zh&h1(Buy1a$S@IDPz<DD`_`uWd_l7H<cMiyh<!@yxMWG&9?nz0a#z#l)S-19rY+Zr
zDbiW)Jds*UMg^F@UFPwJfu3k)NA_1oY-)C_rusT^O{zFcst7|Z60<f%V0PW`+O<37
zG9F296DvjtVbOKZFIa|V{Gtk7B$VkVL4~8Gcb?6AL_HSIs&^bo#}F67mi1+qo_c4%
zU!JG5sLaK4v2%}wje4#dYo`Meqbueu`M-W0BFj6Ud2|b6oO}?H=qN;G0P^feE3%j9
zbE<?>gYn<_3MWv$+hrXd?)aaaBljK4tyiC^t}%dRl{?Oso-2g+xHYN%>0<aQ2l}fY
zVQW-<@!>V-MYu1sJKr3d@STg0Lq!Cm^D@at+W~9kjnP;<Q*&Q>MUY8*K{vQkO?U=C
z9<{7sOJzuplnxsF3$*lJl{0+G5-G6XT%-#1ZEtWH+)><VBdumYC(BJaI~(cJ1KmpF
z4=yPJ`*F>jZm(azHu)>b=C*8VR$EFdKt@BA%}PQ{q_>Q+d6glNm0yt_2uJT|p&@gR
znA1q0yWS>i=dQs+E_T*O^H!kVleqI|)$aG&QFM#%b>cqS#a88K1a5y06?vU16d&0r
zN<z&IQ+pcS%w}JK%v8Z0#c1-r-^+67&wL&AI^$(`$`0aR>Z8#n8pKoSqcV9p9x0B<
z`HA$vZ)6?`&8x{At!8tyriiw05rMe=1T%3zSD}%J!G*K)dyqJYXuBb_c<Pg)zP0_9
z<*tvJ!Y)-PnirsT7k%|jA;}ml+Q^WxafexJ*zk0RRqPkDzTFnzwS&@2&(+BzD6;cL
zH(6oHvm@}E<vERDICVZK;}4($eb5YVp}Xv$+OIx2PPaTWbdeoo)yIY21#UUVoxhtn
zdZX^P&Xs9&&Sho;zu~Uvt=80na^qqGz-#L4X)hZma{is^J2E$?sRx=QM12Y9S-WTX
zI_gyIF2j@#FsfrIG0%D1JC`|0I6jnv?b_TJNo#xh#{ZtX98l~lxXkM869`@2+aagt
zcWm-?)?R{=XmVT+5<Qi$liN=`6J&OWRC;@{OTBV=B|l@w)RTGqB1^xVNUe_Jf@G>k
ze|zq=lsP^ig5};VD>1dNM2%lJ&j_>y%h{o?nI!odC;wI%HdTr5JmYB}U+3^I-`OO-
z84b~S|C*nv&7S{U#EJ4;`to7yf^VPx&}#PA?ZenY*20g2=9PX@!~J8z-34Soyr#<T
z(}?n<^S3}G_~VV3YL8O!qAiN&DPX<s{kh_ojVmGU2-LiYABpzft=;dwMkL|O1}aAN
zOV;%esaZD#()qJa)>iC|-AWh4PN`gBaQk+L=ASDYZm-LhvG=CB?%sLea^Yeca#`3Z
zwUYk4HuthDh+jFVtq_b35;(bZoG3Z}tF|5kE-AtgjjT~>{&t8<UPEdjtimwwXY`81
zVASc1?C)UzjX#&V^|lM|embs?<UmhO_m7F%FuO6x;+}%v6?eH>5mM0U5ej|Q1@v2+
z&~6INTtKtE|DYaTlObC<_Kj=e;$r82T5G@<0Mk^S)S1DpxtK!Fd@d?*mWIxmxSpCL
zPRe2CADu2Y%2)1{v?Wj<n}2iJGgG=8ALQ4aDYhwI&W;-o2?^O~>;$#HTDt4F*KNNc
z;UeXo-W0A}CZ&`&2^X8V<sLVyr#-Tk`wk>|e4WPRk4daKG&51l)b2@Lx=cnDHzd0k
zY2$F_zR5rPEwGo^GG8Dz8c?K<o(Kt=_LB%2@k?WQkdOi9$2#p-I4Zjx2X6#J8+M<&
zRq`$$o=FYx2eXIQV>5<!hke@TBQK|HK9zSGXZ#YpoFo*(YcrY+L7ov{G@kDmbze5{
zgjK6?Lu~W?T4Y)P1oPa@;81J1$SaMBctOdr({_1r3Z1O9blX<lz<|+N+W=ARV~ake
z5eDJ5SJg7k{`nOD73j$NT*9Qsmj^35)M2)A?}g5*eiuQV79Tmz?{hlrJbLuVVLlqx
z8O;s(8_b}`1DAuE|Ji|^g&z2ez}$p*(;{xbK%6&&=f#ka;EU|qx;N+tOpRX5GAAdU
zMVpHi3~Be(4&sJk8)B`@GKT})<2GaWfF6eZ{Q2$&5r0Fh0cY`8&+@qEjM}Eqq&Byf
zZg`QkzU<?0e;!%&P@@(@y@pJoR2k3BNnTQRmHS^=s8-t9U*_uErpETojMIj^Df@3v
z+cV6grN&)`<+-pSiY8wwxbb;>-2H%4!K2bG;i8H)CSlh?s;A#Y<gfK(<H@uK{uW@4
z<Y<>GO@^AstuV?v{n#v5na<OH#X6-(8Hq^UhJ;SV>Ud|#Wo%xPmN7MQ>Pg1vIN)M;
z1t$>;pXgQ}M`jhEJm)DarrP{G9gYsuscYf&XzBKY$KEWW@v<lD%Tl1gy`QXcKfADs
z8qo6}IDjE0{mQ%~G++YZ_L~rAKKyV8p$86GA9<v%uKqtMx>3oDIG!kceyiO;dYYk9
zr|}DOu~sx~*F5|J;kwY`aCT+C-bp6e+=_6KIBm~xZ|<G#4ij*cx;DRD4*wZR9qTiK
zv+K*sH+C-;d3yo&U*8YGjD#vWj8-ev?T;%Lhd-mnTPj^@#GVf2*yc^@Y<}hy@fuPC
zzM)%8Y+BX_Z#<v)EUP6~saaoPU2j?RZ6h>SuLv8(z*I9(573hsTr`@M87mg`E$P_J
z6zuj-yWa{=T}(};xu5zlu}b@ezoj+H9o>w}$ev>*`#A_rFg3@jU))jzK~0qaEv?_b
zhoe&O2=o8KP964Il6g(3YD36yfHk~`f9}}fKwc9Zib5E+E00E&G#^yG=y2@_mJ{}i
z9`4pC)$m>y2Yhs2rTG5`6apK<nLv~9SdGnKk$fnHP$X$~vl8nv5Fuy7?QNNwxVgdf
zK=Ev;b8jj7vTd)6+Ke|OrIXH*+p?A$BFmpAPD-dwdHVMBZceF)ErtUrx#%J(593v_
z;U|Bfq#FIPeboV9T~LQ7f{Qtj$s-55Z3-W^BlNm+N{ffTPl!AP8$?;-jN)X~O5-m8
z2+8tJL~zW8rks3G_>9wB71NNkGCW2rXV;FcAV&~6pNq=S9$jTOa=1h}c`cdwi?*_x
zkygMQ@D|NEz2F><Q@)XYQ6vQYhmXc0O#za7^s1Q6X*YN_NK|w2YEk7UJuo~olLuq2
z)!G8x)dB^d{K@*C`$38PAx82>x3~u5LdDGfxXJy~6zn&RfW4oT#p+314#0IJWePR5
zi2%c$58q=x`P*+fZ&Fw#*KFv<Kisj4)6ABla_4`uC<g{dFp0Yct^r0f_aZL)7EEZ;
z7ajJyZ*7P;e)N41*KBx@h;x_F(-CcwPnTYEs$4kVM}of01)Zdy%=(rIYcAI3XPj9v
z@y5t-?Uana2Bu2`iR#O~i=?C*MB^0`{R-=A>3;9P<<F}>8M0W)3)7;%UrL*QEAh@!
zeRS1GHwm7s+nL0fudoI}48X!sAd-Qj-x$qC+Zjuc;KhB>O!r?ctfj{UdVNoVyK&8K
z)$jW>ra|-D=?&XAhvvLx^<qr|y1cOSx*5f%_zYR*9l)AYi-P+TDu6;X2$hWTob}n7
z7MwALVX6SX3=9yuCp4YTy<855Cf*77WjbM>Gz47Y)l~n)_|Dq(CC|Xuxwx#q&Jw3i
z1%HPCn}0T!yr$3)*>+TWUO`cdzDjcJQFCMyoKM(q=h3g_D0G&Tiu6UbHe6O8FmR}g
z2hbf__(pGv1$nL1ZE%qB>%`8QD(SH!`QuuSg;!<^q~U&Y<GSoiS2VednDUr@|Cbyv
zndm{fjOC-UfNVykgrkS1eoS3~K|#RQt|i@pOuHL6ww+*a!`A*0?@sO+WFyKcyX9ZD
zlek3Fro;L`O#F961U_FFon3X<GdShR8wfJg#jYR=W`}KHj1LC7#mh}NM0S7hj|T%C
zw9HYdw<#n`sY{=4>At~d&78%-xY74Ij>FM^y*92;x)qGIi;b*x{k9@xD?uzhoC%!T
z+27cOnhwBjAU3w)KPVe=e<2!t_SdT8f8H3Fk;1GHvHVKs*~}duxaW^5Y3EmUq6_8v
zyid2YpxD;IlyjhFV*!I350gk*)^{LYS$;UYlASKCZ3)Yx7qhUdI8neRKd;@GdPX`}
z!!Pwl*XZ3ozQ5X_8eAl7H=GZYzEL{4vlj-XhLBSnOnWDgfI>iJ&xshRc$uSVxj;3*
zSA!terfGbP%8H<2F5H*p2`)Y{@#T6gD+Uh@czPgVZbK*)b1t;n)Gad7<dT_iI#ngL
zJuI~#`AuO9kSyP!l-oJqizA;s-l2lbKGO`2wg#hrzK`J5$h8n&Dmoo^8TY{nagmoa
zh?NLX4ktD^IXiHfrexG9TjYcwlk)1#<^7F%Vyb?r1hOa*;F0?j<1*@WC;F^AM~6%u
zCS6=6-uh4_F~JnP5v+Ogf}HkYPj%L=9a;u|Q|Q~u<qt4jkG5d8B3N8Ow8jAa1F+rc
zBtF~$7(!Ye{!MRtsQ@`cqb9T&VyR&&kri|>)R^xlN8Ibq&u>+qHSGu_i7aMg768MS
z!B5PH<v=spj^v$H2^iG=ejs2iK8%C(O|P&m1+S)~JUR0L^N|6zUKU(v0Q2SHl%>ZQ
z&CbU&VAiC%&>mn!Yp}$Inh#BDoH%~7s@u@289WnFPTZ}Sq`WTi9U0K8^X(}rQp$?J
zGE{--8DhA1n>%2n@qT-@qgTdDtQhl4Q8G`m0nvHS(%V#Zh;uuKEjnJUK9xf=Shqyv
z&{%31GtP@}82wmU_ZUy%qDnGImv%F9851OXwAHjXR2KeT&l}q^{Uxi#K2<2mBatY7
z_U^>a6D>n}`aw#{M2>nzPub9Zj&Z=vtgriF`P?f1y9K_y6^V(j2FT)G+&R$&3%LwD
z)GM2VT%`F#7r$CJA$Put#s^%PDJ4#y6T4%ETt)q~_$3x_#DimONMm7ZW`~F5Af7j`
zpf!{2z<)8Wacaz5tJ8{bCGyHFK6EbfuY^+OQxjakFAJ3dYMvoq4P!BieTHIao^Xf3
zt4J(|mYFXh%4G%0-BYjHe+n`HcXNZ?)=aKr3-uL$o<jZ>zI=~%Bi&;qWYJs~L$R%}
z-Z~IJYa`Y|#z7*2aqtKMEsf7tI;|Xw$OHUKe3Cd>@+PCvC|x<DiN>tFt;*u=wmgRC
zkCcYJro5{Kdc8S?lUV$p2J=bR{A|*EkZwQUAaD&wKSwB{p1}FN47WX*JoFe3C3&3h
z*W``hrRje+g!m?YuRL{r49z&x+fGjJVEk(BDC+>!ZopYZY7ikO72PsU!Df`wkuY>q
ztU3Ds7u$((gB_VY<Rs3dUS+7?uF(Ud-M0hKa;iVCjtymL>|)QVKFjXbeCXJyj*%Qz
zORSypzS}qN_fyAFVEgGrs(+#~k9Of(EKSbaB!*aH@32YMW;O9kP1sxz=grIjtmj&r
zjwwGT<qz`N``kMMkyB2Nf}2l+L@nO2ye#~VEzxJHzsN7H^ZhTvMiMr~-&nC0q<?j7
zOfsXfL5o71>xbZ-Unx%TECY17N)fp#OTQ3nNIqKQ^#K2v7a(=zY-(bu`vqkdgXlFE
zq3Q%Oeu=SE!(}g5Vx{*y4D}auc>WDnn-@{5XRjcp863D}%v62!#5=Vmh3nAxk;X3E
zCtVwRWFjwfkF@}l!jb~UDy0S@NGioX#M>p}o8Lr8;!ZJz;!bf1OdVSS<r0CRuGe9^
z0=w6P7?Tv_Dm(4hGpC#muaTX3j8;GeT3x^Wq#%cdfKg=<Ly6S+a~gBcDCJ6V_2i~z
z$ptPkXvT(r!VQ6~JYm0z7CYf7Q2dZ|-pZ_<is+kO_Y!g0?14k9md&Zlpf`-}y15(K
z;zb<(qgJ(mA6Ag0S(r9q4?K)8*Pn+OiaNakn@W>zM9E<=Wao#J#MvJ*BHn1x^d^}A
zu$=Ak1E%H+5gOBgD2hs1wW}|`kk{^Vt|M%aG+?YwYTzD@T_3vojHzQupxu-|YOz#K
z-mzzZodH&s8n~X>tuMIo^zbei&3Yi>E_E@cC~oiGMU&omTr;m#*-%TTSN|nyrZLm=
zld{__iW2p7>5L|_G4R^K)Mm+S`JkpcVODZ3v2EL9+tZMVPe>KO{BsFcp|42)y0ZzB
za<`K+I+(v&mxu;a|IJHTz(<0-1(5BKInEf+9-stPxphnrt`zp$w#n!`W$>S}dl<A!
z9v;*h+d8qdj~mH16CgdbB6!<oGZY4YQx}2DgBmlRi8|X*0iYZoq+_V8TVGZ;^{gej
zYuZiK9Vrb_sXS9Ey;Cu;&7>v6bGb1Q2sn#8JmQz(3lDznuWN>N2(>z}EB|l!a`12r
z*DRdvn&t|RnOzh%sbFPik7X!0j;n<|d%x~lB4Cd|LM{w)E+Z;x((mD#24bgQI=vm;
zABN82tSR&5<g88}bgfpntp7YYTneTjKvpRKgK3NVbp+pyfi>o&yJiLwhf77Em)^xF
z_hxItBVnzvJp&~EfHu0QPT=8WRqApb&mYDXKFyAaU+*N=0^#+H4m*n);}UO$4^!Jh
zZFk#V4AQ%eBn*a(4ul%ve0n2U3v^j1pkr1fWB%cP0-wcX&uvnc8LH1LZJL&@7JPAn
zhd2E<Oi`9r?`=9mZ&_T^xR9JQN{AWPn~!G7I~s+CLUnrOTiXC1hp=J4mt<%({e3Oy
zYXOoMj8Rrlr5&;u+5K}XW`8rfRKt_iT`qbbVpAK2LS#t8^*CO%8@x~wCKYz!5L+$k
z2ef7glESD|rZ|ao$~T&Oo?^d~eIR0ue8ANDD2c+>hJXo2Rm#d+9>0cQFPaP;?SI`c
z34E1$267k=RKAl$559y6kPN%0Mm20GM>JL_MxZ&u_V}DluM+~V$s^6|Mr#<n<Cw8T
zVmp89gAu2sF`wHr&1{Xs93UgxpQ+ysZhufL64>6P9Bn7^X61(CEx)f^G&AfsgT*x$
zk++ro!hoe&S`pM+22V@=@>-4oshQoOtE)fymbL3cRr8J8J&KTJO6tEhRF=}pX1fxH
z_x@$|hrwG;xp<%Znmb0(gV8#>$zZdbiO9;afgX*zcb9(You?v0)Bc&cVk`w8xx>_e
z`Nz*LTx4&)ZgX%(ShY(6(_>lw7{=XH0a76*v8YUdwCKe5YBPa(ePW<{ed33eeogQb
z-g^b-IE_Yo(noF&DKSziyLdsLOQ-ruZXBlZ&$Dq~#}*VcH2|3UEPHYnTo@kcLLk%T
zOdUrI_1VdqNs&8uXRpGJ>0dHQWMCd>!QcF~$GYGG3%B~+VEISoz?C)z_NdQ4D1OzX
zM^Op|O>&dg3@#0P^uYZr_Ag@)0Hs{eq9&>D6&*K*xoI=by3SJ^Vg*hN)KVNsKcnmH
zvBv4O2MmxokC?|(9GL#Ql*PM=-K$_Z-lT{MSv4%pf_zfMb|MplXH+uvRXM-yWP$aU
zT=c<V{^hdTF37$yQ+ewGb<qq3YPvH8HAc5lUH9Nct@O5gGTIX((;795!KX@yaxm67
zGXpsVO@}KO*nH1o_)AfUjh5LIa~D>QoKYzz_xt*30~g|O)lCJ7EGy426gL=+G(hEt
zZOO-+<Apx^AaZtd*8Y5WzLZmrYaQsj4#RR;zE;i*`0OA3fwmo`%?R%N98g9LSy)L$
zskq5$3!+MXa+>ACIr+XDEe51m@b3$X?g)MDtJKQ>qj9X)>DOAk*46C;28oC!0c8~O
zG4DtxY4o&!qD+!kh`RIDK!IHGpKmY8K4-Vdf~(Tu%FYGH%#cJfmzUTOW5Ib3b;#Hq
zD?%G<Mq9^my9KiHLMd+wE|wZd=g!-n!iJzdh}TK`Y_0D%=FZeKd1!mNytJ(E^y}Xe
zAu~bW)V9k<V=XnA!|zQffOVt@FEP26Huj(XE<E%Cq<$&3|A<c`+*tDX4zDkD3=Bih
zUd(I}YETE!$f>-g>W({$F^f1mDwyTto7tj6@-TSkac)`e+MU42kIU;QD7;|IT0?Ip
z!KV0i_!Pd~ts@CGbp~LJ-dPQU!#F1@n4Mmw<k3R|=9GsMAuA46^Hb|Z0wnV27h<dc
zDZ6x7@AQilp5BVD%wr*WB(vQJKSGjoa6hwY2G;7b8vtPpX@^*gXBPU@#=qiqU*w}6
zgJg4d;5(Q8t4|9sGYg;+O-)m07fWSs5Z>q{JQ4k@&alcS#Q*m$auKa+dF3UOZx%h1
zSa+K%A#gk9`K8d|JwH(23!mDFf(LI{xZ!1dhxeDP*jAZ;(Q)x-NQZ<}hKx#Uu6)jq
z70pW=V}hs^8V6L4j`c9>Vpv5;*G~ER#ZH=~;xL_TAz`14DD*0W+U?(UsTRjOg{ZG=
zMh>8yx*m(`G+yg^;|;d7rqbpJh$@MddpXffUqI%OQv%S#yWmU8iLAiS9rwW4pcRP?
z0UJ=zsNb`oQJV(_8|~?~I~@v?=yUn#Frcw>Cd@B)=$+V>%m?4Q2DN<Qd1RJr^LFOi
z1dbUZr4EW!&q4RG<dOAa!E*KnTr?KmiA?BQwsJf7>(fG_`jCX8f7e7j&L22RtOyve
zK2qOhp9bRM_iw@?iYq`1G_yx2K^=G~XG%fN_7`tMq;oP?=jL(Q&-&7wU5hnjBATje
zM9_3;pcfV*eijv13r;kjii7c|w{(_pi-&`WuIdnM(8Mq<uhH^W!H!<nJQ|q9?^Foa
zz!p+D=GK2AFO}qWP7?~BXy+6llgARRHSDL!R>Zx$`2HKtCb0`ITsU`yQUecBoMFXq
zeNEZNY9&)OFcIzhC%1=iNY)%z?qMAyo^pN8VzcO%_Ga<GcZi6~nvLXp!_>2mL4CW#
zw}e4jb40vC-{{~9rCL2xwboHr=lcV<Qk3V-z#X&ccZ&}kR(WkfwE(bBcfb1R+ZN-i
zfQ=i*vDko#2TW+i|7u6pW9^DDnG7X@<PRdgsey|M`NET9(g;((2^{Hl%=6v*hm*dX
zfCK+nkW{T8fr)J4FI^iOdD}Mqmw5V+aAlfwbY;TrsZiavtK(^3eeFEv@0tMg7*WOh
z9g8@rUm7{exn8qg8@C<rXT3CMWJ9Q0ISV%w3|J8JQhG+OUiy7ieiHL_l`TNh&~d-I
zmw2Lqezm<rUo=zXJ^oI!>?f`iBCFM&TsYuJ-soDN*$Uv%Dwyf|5pSj`PU0I3`#7wg
zOLev3I{Un`sLBpQTAT($$SPE4qf_%y35s8>NeeFWId`fw?rRCgu9+py&WT{cAGqUu
zU*w!2DOy^~oH45^UAhq)Kj#|}Y~p8f|J=Pqb|tL8>Yek^Lht!?HqHvm`C3PIAZ6|*
ztOEXYi119lzwUy&U7tNYr5tn)8+<ugN-YkyG?D#I@8`*0F#htt`-wu1Tl0{y<ImYY
z2Z^YI>ih1))=TloPxPcaV>qZ;&RvvvL4-?FYGGR7`xALbiBPH1tnWL~x+~aw7+7(&
zz^Ph>u0t2OyN2<+TM3lIRvMsc-I!UU%Bybt65W0vWZ)|NOHwLp5m%}u$rtBm=F?Ov
zX?TA*^{UWSLH3=*pMc^(LNRNNt#F_ls<(1G;HiC}G-TQ%;V4@u{p_*TI$RvC-s=>P
zSbFqFKjeqw4E1H(B90TkT4f~aGiN|{9lNm<An?Y9OB5a))&ciVC09y56Bag4&P+5o
zi?u_H-PdSo_S91h?SC>cFZvUAAoQ5mtRGK@@XQojxeHsXGtS%v$#$xq%1C~je?;7O
z5n^Sp{P}Ym^A|}U&-)x;ZYKTa!Ho!rFn_9aXMRjmvgZ=r<9Uhe8G&^I&&$Qh`Aysb
zqOeLq4}Ka8Pvs~G@4GEAf0b0F_Ail7xsIO18mGO;Gi1phh@I2>@;i|si-mV6$Z9|#
zY96FUCvya%+7LBml16JG#7RHCAd3gj7)nF}Q$*Yh5fVuIjfQAL*yY<TosDL~P4Dy!
z1%tk)X&=A#|3`&=B2>v4l6OrKU?N{K1>F^kls%J8mvt5jXQDCHJ~%SZI}ncnSMK^%
zu2YoD28KQs%R=;Z&4)xuXq-=FA(Dmliq6}tMP!d|LZ$<=(}$$g3i{acd=9jAql;CF
zTAEaNwA0U~g5DNy{ovJi9WkV0sfJwvvi8^=al&(ix69!_b^d@_d;ECe#x4B3vR35t
z*kzF^EP!lS%QCW$oxeIX^c5$o)~CfKO#R;9pQSYxTUujVib%OD4wrh-Pl>MtqnA>W
zZm*He&*Y`r=&MlLGk(1$HCff08~28A+_W=6kpUTv8U7z+@g2J9KTpk5Fvog{?;d9U
zj9x0fY+D$I9%=b+MpqW=16teVK9EEI$45l1-;u;csCU6nBa*{2gB>Rxlu`EkOvzu8
zk4yh>)6VkM#dg`U6{=<Mk62CM<m_OU?#YtF8aa;3Nsi}|^ojPr`aJ7|4~;@mwK*x9
z4c}y4#I;LM>%29L7ZS{{#_b?E^>4!&U&aC&3lR3Nw``dBMBZX-n3_p7EQ;87v$vUQ
zRv92O!Sc5MHIXlBbyV=Jw<A3kaD&7-9w8;E;?)yhs<f}FKNBd!N7-&gA()nrUO^zs
z$EcP1E~P?MXXIswI8U7H_U)@MsPN-+zt{QDFPUual1O|~XS#IdT3yy{hl}fn_k6{H
zHx|l+vsUi=(O5$R<7xA1mF7<#lK%Ve>;uV)1OrY9*?a86=Zz=J`>S^>+4W$cy5+v9
z^M*y-#v4AGng@X=-Rh2#qG}Y~4>}&F`D@K-0V=owS|3o5Q6!bj+4mUiMes_WVJQEU
zwV(lW+oB_3f|E7JkzV^%D_*Te(cD;PiRTnU;V2`T@Hjld5p1cR8hBh_S9G4qP(T^{
zGEso^j;VTwr<YY6;M~d>73;$5i3W{H#H6M^+doncs}<Z{2a~KDwOdUhq}?zS8XJ%%
zOU0(h!K__4yL_a(-nK0AzWW*z*Dv$*HUZxuoJx;H{%`lzqOATHAWx!ORfT;l@^d!P
z81X;I_2^NRmp5k5!Itj*J`UqQ6K*gtbO49UZhpjaqh8*7q&|Nj<+XS$x9~MUhB}Za
ztGO8T*{i5XmA+Y7r!dwz`{Eser$d>>y~1I`=s37WbZg;x%<#`l`JG2M8^e5WR}i{?
zM-GEG=)mZyzBT>MDffM(R35jVgfl@8YF?1a-l;w`T`o?_s$nQjJEP2Hu=M_AvC*)e
zDncrP<bIQ}60WCi>}Mm+|E%~kGNBJ0;VPMM3opyH3tc0v%xP&?r3d~FWB&_&JKoKD
zVd-U|Y#Fs&lMYe;{ytiOL|uZ4mrysq=h-7UfeTl7sTSP7AzZgT4GBe|Z$((xjMyev
zO{=a1H@u4ea%#U3H|TYM770aZ$H*wz1XL9I)88qA{*rj`0PVPE2<v>wx&~G|;GXe}
z%|ac#S70-ocA7BelHdyOU`yhOSvUk+He8D72w_!zcKz;*pNFvKLRVh%a&G0$-aaid
z><RX_oIl-4Jv&`U){EUgb(>^i#A*k{exP|QvvlX2D(%IM=jS-$;1o~<to|n8Pto2*
zX87XG^F4_jn_U6vK&`pa(ArU(FyC7djB%Ds!9M|Vx1WS%WW;l~ZzrKQ>}$TTgD;hK
z5B0r?i*xmyEG?$oLipX^YLRXSPxz(fhxR6r#a{%VJ7$QqfC<^bqNR9^BF$qZqF>6j
zuD~hgPk*XVMsTl~bfw<Gf5hQbdRC(M`h;z}B|=e96R)V*VFr#6+EiiLkB%zff$tIl
zS{KT&hOEYPX=eY}1gYYs-`fiA<BpC1J1SUB%hXAf^rd**nQXODwf7%QeO2=ub6{tx
zu)g~bu)lVBbN?^g+Ez0Upy*6K&>lsy>lOXlQv_xP_l&y5)2dP^hT@^kk`Vf|$o{L3
zmm7Xr!9r@gACp~i6`P`c+ws(K(w{Z!uYRtpYIcke+O}ptRD!J$ryAaHbeP^abRyG|
zWxZ%=;FuA#{qn06K<|_dxw;*0eIkEw_3#>Ojq&U8=q=>Ac_z|nx4!b0&?7;YesXP{
z$$e?3<XDsuYyGa4>UfS+ecqkPsd%lV2h)V*J9&=E-~|VPLsh26csk=Wg;-_RZw3d>
zJ7)fuC36Z~6MnJ=Y*oqrJnGfLBuDyqo#nlDqI{kjQGOYvd)T*~qqB+DsTs!2q2<)d
z0S*FJ-g5Cq>bXAm*~9a?ErxBWL*{TdSs-X?b9_1@udVXgj|W~gmltyAjVDJ_z$%|=
zcI<xxxQ;uyz%d*OuUh63y^UPb96~HiJ$EK}hOch7D*%l2M4dBPX74br7}fr2)YSdf
zlyt2{?NKM#LZQXMou2a;^cc?4O+3DXt%`JPa+?x8k@o(2rv&G1l!0Kv1uAFgCL$zr
zlJp66AnHN>g#?0>4Zb*8UFQfw`y*`QR+<j+QvTj_iu>=g@AA)UlIrwNIF=~4V!>#B
z5L{1@<)GpD#r6G4XnZg6HsE}f%veB@%g~Y{9Cw9TmVqr{0X5W~bYIk;o45`9Y#bjd
z{|3r9>HM*WlW{)UW@JgBuRd$rdO87W|58Hx8j?gVFZ_NxL(?wD8dfRvD10M+2I58;
zo7WhM)Cm8ac(PY-R}Q{R6Cn8<XzA9jD|%dEW>Yo_B3f)TKQTzgv3r5h5yQ*mmG^Dc
zl*NZJdBADi1|YyCGaGsguw8!5MaR9|msq!n2M#}+>-=GtRdZA&g07&$*MU45z|Bv4
zv<SkuK6l-<Qcg3;;|*axn63HfY59D@hT#`Go{qJ#n~;lIi%nO+?5xc~N+>6fye=<x
z3vcj2wNXLI-vRRLIqOOt8X!wzEG;U<p$Tzr^dW(*SXjs8LQeJ}Q=fnzTUJq@PEU7@
za6s_CCrZB=(J(Oj@_^(kMU&bZP%QOGFuinV?w71T$8)azhLOWr`a6!rrNX$)>PWeA
zrUb8cWqrc-j)tDY^sJtU@1YvgS5zRunUIvHTQt+7NHqB^;9oxQzBs+R0rOSV?j{)P
zuf-)A6@?(2i&N9jtAA8n#`&Hv6nE<8594M=B>X|gKh_#f4TbgWi4mTLuu2)y^@%ih
z-SoeNNHbCNMkhJOSz{{WY)!5LQIhAQr|3@8J(XREGDS-{6R4LeN4ic*$L$XNW-Kg&
zPkuV5Ngqd9GKNI>a9F-CbyVSaRcukZt$7jZI#@hAeZpM-nD$o@h&4Wyo=+j)(#IB!
zXGcJJcoz<VtDvO?a`5mZyji&Ki$ms3MYpYL#!9}!8$I1HTYih{5)~GqmQ-S%!OeAy
zBj!Nr-34XzA}71$C{hD<esK6$5h*t{HP>_aJW>hE^Z}oBgG~1F*&9#GexvM!#7XK2
z&&EBJsgj(9vMjjdzFLr6uZPFXX@|az0b}2;-YAjt5f3_8HkqOCRIsG>&V*+A+<?W;
zdKkJQfqY`Slk|k9L-}Q*wAd8Y-aIiK6{%^Y8T^|ZT|+73^kbtIh}&~tP6Ot8qrQLF
z+lgT}Bf1r@)mjsHWU=Di^ffMot0`=`-)cLXAanUBP=2C}HLx$*y5Evrd*YbuyXg9+
z;v~cV6uBzo+l_50rTeOby|^-MJzDzlJeS^$!2QBc0@2;@*(v&V$eCS_ZYqcB8YX(8
zfc9-Bd~#WEt2WyA`$y*!=Q6^x&EJe4Evbg8L?x^V<e(GZv)p}2(;f}KFR|wR$C5rc
z_YUTiru5RiO%+fxEDaUH==UvMTRW$36s2D{r%tui`Gx5^J6n~yAjyC9%NQ<W_!fms
zpj6UMQ<yr`L;>q#sbu9DhlyM69Q)7e2Y}W9$H2B~FV2{^5R~+Qq8&8_P(Mc^qCGyd
zly(l|6d%(8Lc0P%=HXYqTQfY6;Kh!?I-z|o-symkw!0m_J%BClL2XQ%g^2Dv+wsV1
zCU9SiT>wKamf1?zhpNJf2A7b|zgz7VOWOS+S*@?spPy8wzH+nbQL(vF6pDGJ#W{of
zJGR0Y!+;6ZVm!u_clk~9^lpQ|QSal0m7J*yqkwLAXA!uo9UicGy%KaYAW~t)PkiZ7
z$~}JdZ@!Pd6^FBYuw)y4=D5T-c)MrtB(mR}@Uo{p{FVP65G&|j`M_;86(?ozqJyYZ
z?=X(CQcgum`vSOFx-*k>9PbB(ZBWx!Na3#^T6&wL2ZlcTQnPHn?0_up`|+A<#si!L
zsDC=vtG=3`rNKy)_PoCqkWq5JhYzTtRKJ(ZQ(G3H#=FPedY^@&D77^>vc27^1V}nv
zzg1jrbC5(OVeyhroIuZg+S$RKkMUgP(ofWhQd&AEv+s0rJGXR!?HbH%z}lQd!Kaan
zy*Qb(F}WKOR}#CZJ`p~R>)f%+0m{8Ag$kHh0m_O>;9`53AA+WW(cHzaxmu0*g!2kd
zw;kg7QpQ=8-m%?rTWph15%swYJ_1}gS+IQ$zHfr!Xn!w!X8hopAw6jBwtuJG?trnm
zi)itH_MycO&o)q}{*tv(&X|Jz?t$JwjEq^M$-5=^1m_d1tK4qU1g?9P?RLRlt=Hl4
zT%FiHqoW|Z5>sG*Pxm;q;4LAxkPD1`zu```RU5bHB=B+3>3M>BLn@y-{#o7mG$j3r
zX2-?1C*(IhIud0StFNsJ^OkM2&-!5Wctimwo-qqGm0ps1_BA%eo|w$7dv)r1_h2E4
zf8H~BbxT?aCdQWY@4@j%QEE4zD5>SP`?xc~)#_-jc%!JCK{ANHoPpvTI?IYk@;#EI
zF-dq?{}SJx{@if+hSal{EGdu<a+A#dVIEzM#4qaGc<X-<Fy}L%FHOT}CtPIT8e~ys
zm>l!%98BRyeu-~4P(%lW7qc+-9Ac*YbbROL!z@`IiMc{lpZ}0qQRa-R;7~uT&rKZb
z3Y)1#HD(2+nhZ&59vqwHa(6BiO0@Fp1?lAOwkimcb`czEuu8_D7%rlj63{6sx=k=C
z?uw_XLJ(|8Ki`Ahq*T1aQ6bV?O2bN)E<IXg*L7O5>$Fx0s2L9QAO)7e+Tx^i;G6?-
zX$Egia_dS6l5Qk3Fx7I&GfAtQZAyi74njIszR8SxSDf%2(CKa#2ZXD+rGOV6`_p-6
zKtDuONNQ3;vvLXo&|{0^mi7mKGzgcUX`XomP5%mFcyjco<PuB|)uG&PKFB<Od$}-%
z3(cclEEn=fIo9U7BJ?u9mToS;wTPy^mjkjP;W$qDqm$&()r;gRR@~Xpl64j(-4jkM
zz#~~&xQ2oax<nt`M9g^g;x;w4a!Ss{bgR`B@di1Kp?%bOvI?epu2jo1Dl|ZrTrMZV
z^!<L@a$((ITVFszK6Kv3?>|-GH9M4vHyjAvJSo7qms>X!IIl5{a0DA>spznY25`pW
zikkNwa{*)B93ID7c!m`^%gSRK3dg=Cp>)d&cW%#WxF|h?$4bAGro1w%F%<sgfDBJz
z$=%=7eQL6WJUy^WmG1Z4yIGCD$Q&Bp@7rsbngBdlS*39m>MzIYHxkqwXb@n%!8Fvk
z!d;^^H#wisNlr@`T#gY85_%Ti0ngOjjd(d0ZF7o2LJ)(r{-$9l?N}-8*g}p$dr#@R
zt|a*6DBzca5tpmTG3jp9LpCGBQP_rb053!q>v##p-U5UELT&F|jv#<dwu-TqZoKiS
z{d5UC->z>;0*Ze&C}NVeMO7-^ydd9G9KXdMGB#w|_+^cJc8H$yI+}%hNK{&;yq8ZV
z0*|C<ce8Gfol8){@au>wPp)*@fBd3_mhVVS-BPxcc}(&VwpuS&Dqb|i#%Sk!|Du9F
zEmmJ^<GR|YD`Pe3&B<EGtKv37WMy1G#YYyPplKnWI(BL@Wp}GoOVmTC>obCWy&*_P
z%4D4NPirt#pK~eoncw9g9Y_fIL1}aTT5&&)30n0K;ApEp&Nli5yiqN#mk>Fx#M)x&
zq(ES;=$dk}YSZ<`2H@3<{VT=s*C%dMpjnAx)G+un%?^A_xBgq4jw8SNHbCGhh|kbY
zDVcVvzxf&9t#NhXn5kf(cKjWs8=-bIVSk@sxwPi_AXmyaL_uy|k+>!M&qIxYST+B&
z$a#Z!%{I*Y4XYXDN{7sqn^~k4ejSg_XPT$?C+<;zq~!%k#!~#RqK#F6xm~~RDe&J$
zTfN!w3;sI#g@Zy8v~WmArGTp#>BkLcf|`i!0Y`e%a>@927Q?A-!0Ol|CSk|pxn5bd
zyPN@F(Ea{{n+oS-2~##vrM?I^=VA*==-w6?nhDaOZ8mMVWD-sH_$GD(wq{el%8~>|
zTd&DE3nVNS398$R1kD6L5=|@Vx%cN>u}2nQKfu6pK7$<TbqDGCT9S)Dfsg&`+tBP~
zIc$aSrS*je3sl_uasT~4nPHLh&kRn~99S9i`)U2kb~NHfOTtRM{;XoXcF0%}H#CQ%
zl(>@N)WPdhHz~dxBQDxxa@iq^BSX;3bm?7FJ4dP@#)8zdlk${j{!^mG^5oCZzy8v6
z=foPmv=_tAlUTbHuY9H9idPLfY28Ojt$b_Hi|haFm;RiuV`YzD<lUhfRR$6aR~RZ}
zE$~mET+f=lO&owK7E{D0!OK#mclESW1C^`@G+<7ho`yjY?_=O2PGg)!e~qal-<P+n
zqO9&QhN(|c_M&u*g3zz>U;VSvy2f_rl52qRML0F%pUd56-z*!=3_7lauSoW}V$Z_M
zHd7ymQ|rBuT_6V#^d22fYZ`9KFDgFpNbwC1SZYiQ`sN=s)@H%_QmylVa8TozjYNyz
zDu9+#%0kDieOoCodPNHPZwU#&Y<8EVM8)Bk+9v*c%*&{eABMmz0Iu7Tavdx4#F__I
zH=}@ueaQdK4kpU|IQw@nWvH)7G>U=mCCQsV(ue1K@ab`5kYCoxO#&ZKB>Z2FZKu=I
zVlS-r1ts=rN_T7M>z=JdY-J+p$LuN4GJDN1w(dF6boZD6m3&p8-3$)5-8v7qrJ@;w
zh*HBSvme^w`Ix<cXE5@&O7pu_q2=#gS_aQkTh|bvaV3e!`A4-WUr>(iyyWd9Mu~Hq
zcf`ROlS;lTewk6riOG{ul3tCAxNeVRDG0q7ynx>5B42Us;=2~L)~oFs>imHbQz3E(
z_mlJ>!Efj9rq}N>7Rw7FtOx>r@t?e=Vw=is&9M|eWOjo7;iXK~aZN;x4&M7}c~)Nz
zR+qCg+?-JQr~eT&sSB3a+@3A9=+4|;*bHc+RxI5x5#8cNGcgPfgtj((*|NTvnIH)z
zRWXuzVwq1-E_n?Wi3+%BglLVDM}YXzh}N8HcS(L9E0Bcst4!x#rWvR9&5Z!%Z9lYr
zpkh{~k*}7EbuOj+{lBsm+k^Ra*Y+j;x5ys@jd}D=2GrW*(11V3CO)5lp`*h@y5iKk
zdH)DGakwXNo~}QMTJ%d=-Ra~L^%Vu)aN3nHOW1LAC_gb$cN_MTTrdC^G#4DaW&FRA
zt~-$G_xr!EnKF_Qxz<NU%iiM>AwtSZM&`Bmo}r>LE|EPm%E$<pYhIgdvT||DwfD$~
z_&vVA`xoaq@8>+@Jn#2;o^zh_it(Pe_4yeZlxJcZ@MNDxzh@!EVA@t7EM?eeV#OT<
zIpO)g$Ee--4nATJ*tJ;T9`D1y>WSL_vwL25{_V7R0Y|5cY<T)1t8VRfzr3r7{Uq5|
zr0?NOtcl>UY}lPq6O}t}9PC`!B>aK`0>ydrdoE3T`>`_tp!Qwlw<2`UvUP&g<7phy
zv`n1H`3-nS-N<UF)YttzlURuwerUe!|0kNZpmF2d-JZuYK_4064g6w(jfcsB9W642
zos<70>{V~xY$NQEm1_8i?c3R9YWe(`pPv!_SC5KLnqVv8R9zYBMF!qaDB_+MR`E-T
z7AOcd{NDsxeK(lDhWG;d1*{YQyJ{DP`WNX(^*S%}6Gc!%`*IVuPg<!8f3fg0X*A7!
z{{gP9oEdo$W{q0nBKXPQu-muJ5%Xk8xa!pvcbV<_NzHf#%t;PN+4643NgklNU4!&u
z0^K~vwthx_d65{`A~J5zGrci3X!w;J%M1qe@&cz%H7~0c3;KXEx+eXjJ&2k|UW$Ja
zxE%gtJ9>rZg=+F?h#v2PH^zEbPh}kdS5Ca*qEnqf#ng-+0jC7Dl$uXI=h{KFrs|$!
zokNttR>2cz1XI`SU+gjW2XzU@6EAVh<CGJTQiFs{uBxW&RLA1|%4akomAXu64Y9@B
z%~`?wTI~gu``|)pDu{1X`%P6ydQ!@)5j?aS-#%S|v)c`AJA9(;+xiFpMTy1X4exaS
zd(!wp8N$sO>%3cQ<I^`hGc|mo<2x1vO@mbU+}1}w*EoQvBY-hN_-~<$=d8@#*WF#y
z{DA6HyxsV$LzON#Y&zJyLl)2e?JqrWA`IL%NDIW5H|l!eTIL*7*`#TOIXT;Ix8vUu
zpZ}nkTM3RwY1A57@1rlT+Q9(MRa^ZS;a>k(zB5)bVSqGr2L??ofP_WFnAft_6MD}R
zJ$39?sdIZg9-lVdd0IG=P7jWhMK!OHWd+4Q76X1rp_5U2Ro1%yom}{<F+UB$Wgcbk
z1Z>ug5*#8m9(>&<u8}{?2{D1J-u)ZG!28&<7!Z;P)X>X<f!FOa@$;oa?&jNfjpAJp
z{{+P{yk9@pkXMiXd{d{=F2e4pPG{;~&*zFB1NNYhuw3dH%6A%XM{4SAREA!^LXj%3
zpBE43H989&^Td1WxVDGNgmU?e8$6~6d1(fhPAcK|qI0H*p@F*jM+k2!${se|60`c(
zA=*z^Q(?<12N9$bBk}rT>E%hQkJa-E-4-v>5Lru=HKu@#ljgtTzenxzVO%sFq^fM5
zb(qqhwf!!n%J8E~(;sJ5rjgW`cESli;z2a;2Co~g>UOSowm0n&``;W7jIdgIFrP_s
ze#r&03v7~*>tmYpF~UV%xyxkM>0VF7*7f{@%BLnvJUWH!21E53Nl)gNAEct^KPAi(
zu5UFf_EKNkn{$uqER(Z%@d1T!uirgtKVB`YBsIvNfH&I&ZG3s<v!*E<JMK2XnOd=t
zFv>IM@I+WF-4n0nYSk()*0m*L=+HNiG^PXLUod@6>?a*uC`bRK2y$IDgia~Mk8iaS
z41i(NKk4NaiQHuf->9GQn5w8Bi*U+4l>XoC@KNCC(TOiq8^MX$@id!l8Kz?7K6ZA%
zKW*yNJW1dN{_Eao&D1ZM(yF?w^&2n8RJNE|;j}MRn8e1il4HlswXS)kBxwXCvF5H!
z501PiPO=>a!AR~-MaHwv`q#vgecztIPU+~I&QYuL2YtVP!v4fUN9-73&jChuxH@@A
z^M}G7nxB4aX-#P>qni#TJm+pGCVQEax1u1Z8t0p!!Y{8N-;cWwQeb~(t30ghCpZ-%
zynRrq^M{?^>{UB?$KOeBKYIA1W$sxE?aAPtdqw~I)p_qfp%t%WUsY(c=JNNGDq0FW
zdkhD7QvmXUAndpcuSYC)mpv8nX3@yp=Xrq~Vk~0)$iZ8i(s=SAqjiEcSBp+!^pI=(
zX?0WYN|)b>M?V1u@wlqW^gCeY14?NbS)ApBiq-*W4M=8#2{kJ8wrb75ceh7^<PI;3
z#W<y$sut4MZEcF3MGmy5*dhxT@m>W^;OhvvQ^Y98Z&qStZK5i^pM?RniS4}<e=g>@
zSy46CiZ`tE<auE?X?i(Ez1Bo#b%?#1muFnh2lE+sM93;qzBy|rd5=3fU~;cqs!<rO
zNFGnlak%|VuQ9yo`|Q1zT^MBeL|*!jx%qy;s+LBBi1#R|-L9Aldv^A=QjHQ1ypE1O
z&Q{upVbJ~1#Mi<xx;w8vgE3#-a^ebr@QB#Cs3^GgMrjj3?}@rNJEW*QuYBUUyVZ)@
zy8M-qIpl7@?_h~d06QMnlVq>?P@ScGv1ANqz6<$Yoi6f6wdeh!_F1{^1`BnAwq?P4
zo<}^j_VDGZYQ!;e|5xG|7u|W0#KOa$gpKQVFcw(=Gd5^eQj`UJ;t&S$kR8Hn`6kw<
z#;N(F4kG-MK;8kG5b_~|u?Rz1$>L8m143YZ!@UygNir8UKYs+_Ul4((v*_<y=2vbB
z{i%Q>3kWKGZG$OhOgS|g%4@6PsxbygSFtQi#jB0k+flazpi_{Y^8>jnL$J2)Z+S2q
zxTuPv*(<VR&#bpvsEHuRCx;UA=%=x_qlF&;f5MJ2S&jv$ZPYqJ|BR!*6GISmL;=6A
zzo%1nBegUu7@a}tA$>s|z~+1NHyUZqrY*jqs1~g;Wnw`9G6avv{pt4=bz3UdX#5J{
zcHjj~QU$<V4Jb91s~F3Ru(slWR4C@xF!K_;<4yqS#eb$TO>G$lD4?C#J#2{-poGxm
zi29s#mz3gSvQ2DlOO(O(0Q^KG#e?cx3W^>z(mSgT`C#Y0$u7vrZKM{(Jw|na&J<H!
zY$B-IcG1WXxsAJn1uPBPAm_hV^z~PMi!fIfa4EMSB=AuCEabmD{$2a`B!ue|DOr~p
z4x-mcIShot-@E_;K(Kw-!7z-5V19X_Iimlb$?=ti?sYKhKgAaBXivIoU}Qf}0E-g~
zKcV&s1@LOvNf-_7wnAp^!(WOCbL~H-B%S(yFoW+Q8c7M*qM3q5dS!4^zelC$A@>;3
zZU7@U*|E4N9uGjDP{o5GSOUzItMi5nd-`67<W5i&SR~D=cRFmW+fzY$E4}=*oEhmc
z$5BnwueV~qtHR!l41Sz)>mTaFjmJ7^&c@9%-lA7HE?MjFVi05-opK<?3j7LlsgwU}
zJ14fu{nqz@gXR-c#;~uGn#9_^Qwg$|IcLDkkJTm3`NK+A(n(=88S;dYKUQG$`J1SL
zVu|CZ(w-mKuP3(5wAN|s#w<|qJ0VwN7q3DZ3(B!2B{_0fHzFpvfmy$;*Xm_I-=7rX
zAPU?%?)?-pP>xI_30!-te&KxAYkK?{0QiWQAPbo@r-Z%il?d;*e!bIs)Xk&-xreun
z{TbP>%`2u$Yj~GqFNxe0@6!D^{Krby0tCGFqkDc;!|*<?p%OFKRlht6Vro87gsh@x
zIr@hvAG<hj-tMt^vr&D!t5@~dQ*R9bzV%={{GFg926T(dQRSc|Wz77%9vvhZUj4(~
za(|?|L)a*Of>OsW3++;m<XUv96!nV_s%#w~R9h~W&iMz4Pvp5go<I-#FB@&$r!J*}
znp<7c%Kv0g2L2~507-S3C8m0k@lwszX(hN~c<by_^>wPJ1n$HqW%Um@=v<z#)L%18
zRI8}x$!KxNW0853t`j_P26`ZI<YnX8%*218rB-y!S@~m3@Gf%lvkUc{;&@E*R%Fpa
zJCz)uk4fN>tDfh3quN^sQXp>@46Hnf1E-x}_#&&*9^l@+*2(tA&#YD4Qd0i^i+TNu
z=*vP!WPzeLC}iI0a4^GxzoC~rj}w23MdkZFXaQ32F9=gl8^Uu$QOO6O@RX!E#(9a4
zuOAd`tDcIhG*)Jd(m)V4OS|CN;C#MswBRGdwP<|W$m~-MlZ#d!v30JD?YZ7EC6*uo
zlH|=Cfxjr<mx{lUrC5A-NbrIuIP_W_tL9L_B(<1A2pkZaUT@rVT-GSf%~&w^)2U*4
z?OFq<fuz>ma9MC!2a~<lO$vIrO`*-Q!C^ZH%J7dSsZ-{kSaJ|YDXk8P&;n6DuV^i_
zEE>!i0T2^lFqu?wcCzu)Hz5`#QCbBQUl}IhB;u$HCjLvg04VLEA-<X3iL+!`iZ(L5
z<*ZMyGqRKd(-MMYBZHznh`p#>nNGGt@&UdqsD0^DboA)44p?fEn&4X7OtglI*CkMZ
zx@K=zy2tH_?xj_y&siI1`R>GV!OyELd#f=OM3n295Pzep@p|U+rBBR!{bKZS5ygw6
z|M*NzF1u5rk{&l#xB=KJ2;%Tj2px@fO^c}D<qA6o&Ff}$<jtl4z<Z@I{#Vn8Dwe1L
zYQX1y#gcbh*OSQSdgrnt6B<ykjgy0gVZU(BZQf{hw(o!f)e=wJ{~emN1)X5&)DEk$
zB5+<Xjxq6SD82n-d_RR=f!&FZdV>p4jo%9`Qx&avFig)LEU$o0Vf7|E3%V#h*szjF
zTFhO*BGuJ|mSn5$$ZVA?fo*UDiaXf^<>!;je}nw!t<`_(&Jd@3{omN7zjAmz`tQLd
zu3A~thEhvI6W~o(z9qUE(R)vS0zz5Jlu!?E1ES<Br#%5w9Jwh`_!t=UZvN%&4dO}a
z;<i|z-jJdBbv1_BUyYMXokNHVg@d0AOn)Ig@CS&5UNn>*XW%;^7{M$3=<o_#c=VaE
zDJtkBu&D3r#q{0iq@K2oIJ}i`aJ*JW{?^V85cwvx*jemXib`RKR~tuu?KMD%*^5i<
zzP?!<P0~C7E*DHdnfY9L+TB1{KL!!)hQP1ARicC-zXULh8SEVVjW5jPAN<FxbQ5r*
z%;n`}?Y;kzotTj?zXf&qk>;ZqiDr+)(4p?WvT~pm=i$YKXx5FpU;6(TMD3AWF`oqM
z;pm=hPgDhl(M{)+ZC*p^(*qZZrxSpA`+7p={!ZQgS)HKogQ~rN1ag;QIbZ6a$cL&x
zl^-)Hjn7^qt-H2*1AoXTw;Asx0ELgkppa&>^fnSPwBI%E)nU?^$k^M{E}*g_e%yq*
z%l2}>$A}8{=hsoDNuZ8g*LNl^+f2%&>%6zIO#VQm)OuHISN0GYy(1T=+p-dPuqpKE
zonrPYsN{VtS-sG{;02feI@MX&v+x{uEXh29G&z$I0w8cF)IVeyn`-MAAv(wC%+JN7
z7we6WtPF)De??AhLHUW}H766GiA_cnD{G73Nz`>^bBFgxB!Cdv$ZLHX?4^mhQy=vv
zi0~W-zg*1s0k7IRRc7u~3;w=%%N0=HEbOu=_FlF<P)FG-soJ4NLR$pdFQpff_!Ghs
zD@afSL)e8$nh6E1YY>EcXBdAgT#UE|mP-y6SW6%NNf^0vm#htQ(ZwUNI@;MpY@~V*
z!P9JJ+t@qWQHX&><=4Z+kb?IUp0wevPhGY=`1^g~UKj9n4nScf-~V%T7xcxGCNs+w
z6!urrH#J|KVZW+CdWBx_Z4$%f+AKCc-Q*vdBCl(H&0DFia=Md%`-KMab&{&vLdPfM
z^mlD*1x}}iPd+ejA`q@3aGzP*ZP_VGi(z7c`$B)G>aHg+aG8!ojNJ>#YD0bi`3J>6
z-2M2`P1+wWvhX9p@8$H~5+T{K6vz{W3vlho(Z9@So#`USC;<0lUQ&&x9WOGT*!2B|
zXf;j>B@+iVzj^d-N_3%5aC(-rFnme$%@u}EM29mrKC=4WnwhAT^~PTte)2mn6KhY7
zIIiP4-8x10h$z{7CCn>`9Zi4gHdLKaurwT5@`^tKuld^5No0Lr`OLU^;RJ!c=$#Fp
zSEG)V6*iE)Dxj5n?PPbUW?IE0@fPS?H|hEn<sLqI*jz|Nz@)x>4)MDeIp~)x?PT$K
z(*j#dA+$!Q9+i9-k3n^J7xG^l{Tf5#vcP+b?pla?tio+u+4odmZ|!1`xW0GaoDSAt
z#K57fmL@KWPXE8OXr6hC(Q-Bk8M3uYt8P>uRBlDhp~qXM9LmM?RMiKN6Y)>Nd%(Cj
zKVT+yq3h5}SjN1dgAl3#kA!xJSYAoHdLg#$9I3eKH}ENDa_CC3HNL+i(&uGmCf$WS
z)5s9`SM%~2f!w{ilOwF=Bq~(Z|I#T`nJtB*W0x|>>Of0RQ*kS<Rm?c;BE_ys3Heoj
z$K6&{pSpqO_N?a0hWW6w*HSo_ijF((YGi(yA_)#VzA6)$-pY7HZ(lfkTcUd7Ickd^
z1iZ#QS-i>1Q|6r3<kGTkb5)nw^>8PY1&@)7vSaVW63cfqE&U^nYrB_IN{R@vU)7g-
zuD5=3e7?SyAi~AV;{tHFHXj$9)Pq*ONxtqZ`18_{)PdYq$9dx7>T~?UBzkRESi(%M
zsVpT>D^1vO@axtcESPAla<Wf(r0NEDH;e1a3|fip=SmQ1@%`Eg%?W?%7b1S4<}Xa~
zl+@|d<(bzdm8hFpTwi-9D#T?nt1|ASvpt+s$W&a3wGleKdX;mq_(`$%*KZqogKJZw
zjvwQ1TRXFLFDGx_AWAghs%n%kN>`Li();Ui(L~a1jr2}YDzT3oD7qUmt&6ImSSi!@
zUwg{$mk)oVoz~|{>v^Z;?|p*2>5LdERSNW`C>1_l{{hnbmY-!}fPRwmy-Dm4w`2Y}
z2aDyS6P+X*Xu<89hHqTG8-H+ow<9Gq>c7gBi}YnXZYE<*>$l?#Q1kR?o)Y=+dKAsK
zcfx0KQ?bDnzqrC!A?XCH)KQMF5Sq;Vj(Ctb)oe_J_s%(zJJ8E8{0q14EkwBKUoWKl
zo8djbcJ^YkT@Iynn^+|nX$YlI+3s({6v2WYR|G};#2rmD4ZSeZiPIda(IQ-v+dqns
zGKI)wC-B6hgsSh}Va!o4$+4X4GG%<f*oS4tatZAmj#N^`BMrHe;+*B~_QtDc`hMdC
z5$AZHKRcnXl2O#}=~ft}sfh7{>P!zU(``0`2FLzlxh8MC&Ry*K!X5MqZky(FX?o3K
zA&)DwSOX!$oYJ>h0XhhWNUuW1Z~gwr(WtEyIm6s(jb6E;>20SoOH&hz1>rKhPJ5-o
zetKGQDHLEjIOq}(N@x#P*LJNa5+aVSN!1?94i10aO$!I%0sZSX6SAx=;>2<BmP^~x
zR42PcHsx|PYRHZYm3T$mMULiMLAmYIe3oCPrv&iHgK8eCNeW(9@W_TKf{EWcoUOOK
ztg@Pc`iHkwH9`kxoc8+#pV&Ke#S$%!4613_Fg=LJm4AvW_LfI(tSVB^4?NAQNpAT1
z4mmG#<6w!@9~Tsu9fr6McF1f67U#qdPM+~+dmnuJo-*KpZt*ZSd|y>x3I}}x{@M4~
zl(+66I641D9awqtgO&(U>Wnq0+pAAzp+dXJhs)kZrWk%tZLx}xL&UNFksi9|T~G00
z+ie?v?DUP=sYb8Eojp-?GZuO_X!~}bOoyvc5HaYAqNAqDy$qXoPK(%-Yqt86`sT$v
z8BXrc|F{?x<KLzfiTy`rElN2w(>3VfN^ZLO&_+Y)8J{48XRy-k2xmKTZW*`wCVYQ7
z3f5a9osm>=EMtj4=j$X+Rb+5}=5Yzo3~c^pKVIJd#VV1)9khUc<8ID>8RhqG=6%|y
z4w0~!H6+XTzn+_#dEfYHjhM}uBeK;#*+^!;Yhm7P5!<)z$6O|o#=)Cwnbwj56G>tI
zH02#gDRT7JQAF`{s-)fNK<-D7NIPg9T{3F?{<I8a`nXeW``$A1nzUoIHXY05q}TnF
z$@!Z$?+q7Qn5A^2tDO+tF~Txg_O%7S1LBAOnOi4@4uKcaKSnL~gfCubH;E6*oH?)S
z7$EH0li!cJrcYyCde|l1SNS=)at9w8e*C7l=k}cWqlHKtS{)(ty=Wt=tOwnmk>YD)
zqjCqlcY-6Hj@rnK=3l!{XGa7fE}w^Ncx>P-#UIWP5g_r@KK1Ck{9-cC{eKkwX6;ef
z_RDY*m=H{39yFA4cRoWPH5vUYj**7}7d3@G6>}M{;HRz*fR2d2qi_~`#0J5HFP}Up
zj1{f8Y(&f}p45MOo{Td0HWrugqRR>`ODlVE!oORODYx3#oIio%I42rbVop|G7a75z
zQ!?sM2YKb24&wg5i1Dhf%Z4XfwI#G8r!Xk^a!n)f?V;O{L#8w#Ww{U9sx~6q-rpaS
zh5RV^G2l{m+D)<x$jJ$9qMwsmJZ-;C_n7vm6*84q-nht{CO#rg{sr*ARfG;{710?E
z!<*F5kU3jTs&$-R2n20$T6);z%&<acik+dt&jbS?S*o;}U6$$%oi@dK83+p#7T|7w
z`=Fq<jvIh#cjItzFmlN1RbPLwP#+s45s$%iwcuco6giScVe<n9ldE$V!cy@eUBvV6
zMHW-WZ9}niKMgY(nz;wG+W;e*qS{+w;S;NhCRo@igeNg(N!)R{t#?)c%vS^RN&}+R
zWWD(pSJwi1M*wCn+!`ra*<<<4*gXP649QZmU`B#%#RoD)pkZNP8fu&EiPOmU{-(XV
ztW6GW3n$bb$qI!}-IOfpxKu&0d-vPp$aIO;^}`&iaG?QK2v5f+GMn<I*E;|EEx{*s
z<bJSx_1U|nvTJpx_p%MIK=^pRik<7zHy!;ux?}60BRch$44J)hxzF!a;6~uAx-jVM
zzW*niap%FhkP*3UzXT}`;njy-iUo`ieu;yV<cy>y_fD=xUnjb<_Qxy(^D{_cHjJ(@
zO6I=`$zej~@g<0;;YzU2M_TTly2CO3N@XMit0oLm;0b5;(XwdS4z+m_C8ygE!Auoo
zc`M)BGY?q*bP47vvXlaq*RD~r6R20VELFIapUIw5<$D7>)633leRb;e;WWmN>MD#p
zw^F`}TGA-e_<?=PEp<ni%v!G8g8)X}hDd9oXe}))v+tMB!hg9ci+mXe>n0VJ&AlE2
z%a>nSEfyo;q0+V^>PCgVq?=15lc1Gl{CtUtn)%QB2@*@Nk3eCCnpi~w6L$Bc)t9tN
zslJyStI|cW0;Bt~VZJ~F!FpUxU8kWB?y4B$`|FH6O(d;u<TF<#+Dj8|pE4JrP*p(;
zh1BHU+`VsqOTN-OP}7(W%N<1hJd7C|NR=OtB>v-PGgeyq&L-fBGJt-D0$Dpqe4{*&
zaR-jpv;{3W-o$UToz^s6RWu5#e~JGoNwpWvsRFysU>e?S$7||({At1ZtYxA*-l;p0
zPjmBM`#-?**PcJ{ua;q{<JwqB9l8mIQX#u)$-`yMmeVHcb;np+Wj?LjB5ZgdomXzY
zqxv3BDrR~ZQ<*pQPn^!hA#PBihdz4|80iXRwyZS?6{7<;s2>Tj=Fb=;D2}1e8jSxM
zw6?m7$)H^EAEY9L76S;jUiGHwv~(xEmJ9}iU|hjTiRG9OOF}MdL!VV9#ls|*j}JZ~
zXnt1j4T&_V8sBN18;*-XG2d!@_dv+g^F7#x#YVcW$j(fDGZOCC2$V%Q`xjtM|5Apn
z<yqT{-U?!>a&W5>c$ND*2L=E1>=<Et0A%2+`4-Fei6n01RqCCe{a0$S^i;|xd>*~W
zk$iCgdESno%hq$LOy4+NQnS;fd7m&$F6agdI3A4zWICvqAtv%93@08Ii%&$R-K=s@
ju({X^fuDO;z~=Ewfu`z#`|r-!E+}fsS`SJU&BFc<eO1xe

literal 0
HcmV?d00001

diff --git a/windows/deployment/do/images/mcc-isp-bgp-route.png b/windows/deployment/do/images/mcc-isp-bgp-route.png
new file mode 100644
index 0000000000000000000000000000000000000000..de0bd886956f126810d67da607c5b52a94fb06f4
GIT binary patch
literal 6361
zcmdT|c{G&m-yg}AM3IJUrO4VaSxO8Ql08e=2}8Cq$&$5bH<ql~!y`)=ON^bN29GUe
z8;ps`K4VGNG2^{?dfwl=ocFxvIp_W7{bR2Co^zdZ-QVr=`Fy|ED<cDKjwAd>Kp+r@
z&dnRQL7+o8;Jt*E8CWYn)iMDO2A|v7*FdGc0`tJ1!!8>78X!=44EwIb{wACEO$#3o
z=vdqSkD(n=-~<AJy>xD9m<HHV2t-|*J3H;GyDT&)>hLvI@C7j=t{{gC1&7c5XpLph
z6FKkAbxWb!l%4y;O>&eat2|eHq+%P_QC4xIU-t@5F|pj{INbNy{;kn5;^Sj&0mlQH
z`YfsK7C{u@C9ws(c!OQp%OG@Bm;ig<cFo3>{QSd!L65mm48TJZvhM*877VOLhaG`c
z{rErFXy-!tJ0Z(->kKiYwUMIoG!G>*;y&F`M@&0#x;4d{ylp!#TzfIiA<QxK0y1+c
zlcAPQcuj6%XL%UzZ&eYHYgjrFX=}!|?B_f^WV97jsG~Y=b9s4f6fi_`VJjSIr=OHr
z+VSVN^C?0Q288+yo$r|O7!1{MnL8CGoQQ8uMN0j24b{S-yFY0_SaBip+ahyzU&~yh
zYkyHJm8YCM)WC^dr}8H*zFQi0-pQF*Q}V@g`U}3__8y?0fdu>O^Y=t}Bd7{lhMj|b
zTF$FxH6&Hr(?Ar=1nnR~*0EYO+UD+xbNVn&%&^OkIJTOqDfN?wN!jLH@v4u0=4Dd9
z@mX+grauj&IJtOzL)Y^c1=<0&Yfo-PtYS-x2Lkh`InOQX4_|AeJY~a}O!_qyi&Q^=
z!oVyHe%EG%qILFCWcf0Q{f$8ttMA0_T+AF)qriw#cMzAm<XXR|)$)6NFy}J3$UZ*=
zLD1Ya-)jd_j#jJA`nz8~(<~dmghcZ?-Nn3UMt8+q+Ia`}#dgyhT<Rm-ReEYC$Wc!M
z@SV?|$XSfDM!!NM*P5>KFMgwc_vdYl)`s<Uc*ksS7avWd2G@&K-U%c>>J3p7i?My4
z|Hh^;Oi41Ca@TW~>a;tVMA0E6)0P(-6?3~ohLW5~6Rr?kEl@S;Dj6O8Bz8vbpL3cY
z&)J(S{hFtzNdX=@LDXUi>tpi84hyX%<UAhZfO=D_H*jz;hH^P@dZ+Ou-or!3hA}0h
zBwA?i6tiQaTct#dUhHrSZBE}L6|wHyF!<Qtc+;j<W-;o$2Q0H}wt)_5jIKM$9FMJ`
z?#AlD2yr;H?$5-_cfcE*6N=8HrN_1i^`+gm`iYhV>5??Zq=;z=mmH#g07pnhd|xX3
z#Yvjl4nnqbCQ{!b^$X0%V6!8y>3E6_A&!!-Ft60EzsvJ{r*53D{^I(nKmsmxy!Ku+
zXX%@|i}jz{f;^p<*HF(Vw-xR;6u7G^4TA@XC8~^o|6}Pb{3Pd;%F4Hm^0e`8fznQL
z{^&9@36icQbEHrM;zd!Sj8{=BRu$(qnKZs|Soo$WR>mP$*o%qsm3fXoKasDV1G{)C
zg+ewJ&g!Du1al@InYLRalVUzKtbmyvmBtZah(j(sLf@d%*!4K~kJIaM)`M%mhzi2N
z>}a{VV*jrv#xXuw%@frc%F4Jed*)(q>$+^MCzi!jBeH@$^8g&heG0pFHSMM~VDCE{
z19;SGy+Vqj!w7Q$<i-Xex;f;U?cP0@HRfmX8<Yrd$d;FWHRrZSs<3_DaapS}T}jIm
z49lwF$g+%nc}BP&#BW*R<kLpVj?&C-?_$OHTHr8iUZ^nNaJ6F&HFP*3iUlgK_Ensg
z#iT2vCv_S{TvUUG?g4P1e0gp!U2!^Ov9$qH{p$<gpZ5wy3SiT{;H-Wmy!P{&L{QJF
zaISCJ<dqpyE-z0OXl`!BuObQk%7(LUDOdt~#PV@eB>Y~)nt(oJqTy7xwISLIKkTzY
zo`a)&mgDV@0&Fq06~1~3<9xksaHFm{p>^b&I((?!PiL<x#lG`1iHYh^oy&pa4{uhO
z^(c|E&EgzlY`5FqfLoNNl_^5bOI`GHT0?7uodu7j7;%G@oSoN`MeN<aH$4=!j-kSJ
z7Xl}0=d6@Ys9gnjxi@NauaK(hrLd#p(A=LLvhm8P_5zK)_;tbixW%xHJt4)djgGAd
zeTy*jVaJBWroNC90H>;JrgywpuGnJ{4yvGy1Yh)8d_#NIr{%P}RN?W${bdaB>1l>F
z#}b6)9AE6}w%ruxEZ^9Sm2__!z4EIaRVS%|&+$>MG--x0Vn(P<y|KAmgv8k2n3bq2
zs_-c8QI<9rYEYwXoA+ptD#y<#*XKK~;pHJ2SuDf}<dRQ_Drdub^URnua~r)s?;*rI
zY)g#|kg#`WqtAeW;s9m5*pDLULbx2TzGDTpK#$KJ?7aSev9Z!W^5!#EcD{75&9m<V
z6Q3I4eEf$=MUY6gJT`!49`n#0+e9zpTe^=AQ4}3!2@m}yJAOCrIi;}c54=BIFSDUa
z<=%SglCU*vJA=B)_7jC-8)KDyA};AzsxPB90;>4^x~V95dGDNE#(ex@F5}k_PaVHD
z!q5)N`s=mO?KEe+$ECd0#n;`m>3k=MBBd+KiMYfL$gHWhAEYUG^VIz&{F|P3lLy;+
z$<{l5GUPBjKybIX5?OInShUV&O9*~<Hl#K<a9`#83UIrz%tSVe&U76%qP3TSYx(jU
zbSC8)706oAITbKx-}2M3vx~%yo16L23L!5HxpSw{xOP0ZJx%9v=9v^)t=Zy6Smqmt
zF@N)&=JYq{CU10Zd#KX6Q<on4XD!FCBE&!9s>6{+cI{3Z7q35%9VHfbkrP+gGHl&<
zEH0U4&(^6((q?<A>VCAgc;X@TcJy=c{ab5|KL=yx^Fu*jBqRatcb-puJ{FWV(RT*g
zmaRz}|DI6XaFx|xD@Q3=22ZzT-_7TL*LMCS;O8JR0D$gTGB?mLOtY+g@-W;W($D(L
zT<xzJ?s`DzzGNufwUKr}_l6@mi)1x{!ImP2_0^<HM32tgSGK3^<FR*_NmQBg!F57v
zx9!osO(Ns{s{--t{Z60V^xKbh{8}iTXfGXTZbYNc2HWK7R?y6s5so@=VT>&|=wa#x
zizC$)aU;o=C9R%Q>o(#TOVr5}p{wrfThFARw`0W5r7I=-r#)~{ry@#6{xaEE0L5u5
z+qIQ%+3Y3QlyH`{Qb9F>zIz=)qMozWu0HRxiYm8Vdrc?HLWAyS{+Z{3B9XET=Qm=d
zn~q>|sk;u^8+(e`AsQWOFSEXT{+T{RSdzjx)2d)d22e&m1skw7@tD_2rufy6=r`C4
z#(OLk^-UtAkkK&Xh)S96iQ+CarfP1}t)D0gW-N#$+mnYHeTJ91o^PI+YI$-gb0TT=
zjoSR4^bXepF4Q7%uFq~fnPUI$0oo*a9%}Pon_BX&Yh?&rf2O{QP?ul8q%dTav<kV3
zW?Rp~h{+B??HEB1pDVJE6jEp(bxV8G+Jk$_JUgcpWE!|TIlp~Y4Cf^2!<0_jLd?_r
z6<qDo<K{1}3jnE1j1@#ha1!qmg3@4P{M`e`I>|fHm-f<*R*n(VUNLP#!AmIQ)>=>E
zyRMFOIWH!XeeI1!Hrw|RHm74L-4!PGxfaVyh^a~j_4fM+2>sD5*>gf;OdjQGPzT{<
z1)%|_2cZ^2c5`X%k#*gKxxpsmN560=Jr<Iy&a;ep5g-&#r}B6-!>3PNm&ar)l$DG5
zcmI5Oq5C;E6RqkbKD1JF(O>&VdP+YBx^gwc!em@L-VhV+h-QM;*J1<gmUY`Gd8gSc
zCRoKJ7l<<WJkKZ=6M0ON6w4kVo+7M8R+Uj)crZIt;o)8e+ZukYmnI$vI4xKlg$*#w
z)N?&fsh8>1rW|UXND7sixFbxywYHsL9VINBnW$@r>YUR0^@<FX(u&jsK%zyHw21Ns
zo5<$#Q{&%J(s=x+`CCG$GH<ZSrxc;uP=p1Xu-Gsbr){@^N2Jd!@g>%_L!aqNpdwD`
z$_s@c8Zy^@CU;dwD`pLyAfn{9b1iO_OZbR3Vz+xR_r_~_ZXW>&me7Qo_6c0_@&6r9
zFGPf|?kR-j_q$%=kJ8HRA03T80{y3waEnSEYD(YP!Q6mS)tG@0f<Ory`LoSqysH=$
zzJrOQR&Q?I<t3+k27ki77=bRB`kB{|Yl@1rAhsnsoAae*gMSDud3AGMrdDyt-V`OX
z4>*4%qcyc}w9=|MI;TE(W6TCvK<yIw@J7qn$@IE};)s%+w-Q(TR(1_)a?c}$FiA55
z#Dofxsdvf45dHCpO_d7^j9)?zlj85a_LN*<*30geT+uSR;a=fN*XQXMv=AW2bq;!e
z<6SFwd1{@ZWwjG+p>fw>Ag@NuEekr7DVlFP<j#Mg3SqprzW82M7V44ejyXi`M?r_}
zZlW+J&{74TS3`K$843<7t!TlhJ(NXL&ttgvpcxhulR1)7q(I>zPq^L*gn$89c7gFR
zcWjY`7?0Ss_l3Iic=N7a)>C_Ohy}R3soP!s0o50F+$IY0rheAae1Alls`|Hj8w)>n
z>p0RJ>O;L^78HTJYu$5H`xk4E%$y(dx$!Ke%Al<@J#V3)i5xYMGJ~_b`HV1`&oQJh
z6&}-nMP;NYzr;s)9fkbFiQ{u14un|^NA7@3HO;ry)5eAiM^B^lv9cGw%38gI!nt-2
zWtf%qsI6%k0}&QKWA?&>_2EJ$p_dg$uMr4^R1fQB5IHj5FFnuR{!(TIPoEtASv=~s
zkwOImY;@9Mav0%dm+uw^*=Y5mANATGeI7{D>m^63x)=+C(jOPYzU1m08f(pW^@3El
zCs<p?@}angeUf7Fi&q#1h|vjxr`FnJp*Z#YuHW9CPr9AJj<cvdav7_PG+5RbL34r(
z)Zq|=o4rY?t6@K4HcdGcd@qWF^A|n+^rclw&r5-WNTfjP0hV`?6|HFEc$0zI6Hek~
zCZ*K^BlZs_-D_~YBQDobH=f7<i6Hskg%~{jg6fR8+gt2*<x^_x!eHZ^ax-(C!U#o5
zMK($9%^UD0%fh9{xBiZQT15GA9?EyQ9IKlI8kY3gX_CXKsdFSpP;jvk$paLRTo=_*
zt;qM4k^3P>YqVw0bKF<#-ID{VK`>;NNkn6dm7leUC|Jq|(SLb2NP536e}}C|eSa)h
zPfX-!IKWNtz+Vm7=<ep;k9b&ff{ERp`A9byT5a-AruBof)I*FQ^gg=KKCbuSJv8KJ
z`c@A3+&{SmFd8LdHl_!Lo6o1>H{}3M271PiFx5Rm^~+{L=Yg>u&ezbe>%n&y2j1x&
zc#~aG+3MVGW~LCn>ZV_3=>M!lY~9=6F|-4Z_Vm`^PYEe;Jmi~#qCR&5rtmSz{haU&
zWm#6->jc`l-a_5aRlVGqE&-w9<Na~UF($fe3y52Iq-2eGU6a@nc2BUNfdu*}jNSU<
z?Y%|b`!6KoESM&mYLztydB1H5s8lGA01cs^sPv5S@r(Osb3biLl}-)g&W5mdy{h9G
zuFSDaHbvhb8EDd^4WrXGYEUBl*7YZE#K6;Q>DTTxBnH@M$aoQ4ut<<3mZPD+?*M~9
z4M;?9V+VM4wt8}2W}Ij1a||_TKq@=b6zrF$q-ko)Th^5KveQqmV}_<7zED1t!o!)T
z^QQWGgB?bAWVutU;_daT#}h>7Ng&hf|3YHhlp9<*r`_F40|OPAq+b_a)kH`aDy4kC
zy3wE+0`fj|48ZUi`8c_u<f8i<;F8LSlEBd`{_-zFxAyT}vybmRQyXzGqgmp~P}<Cf
zZ_x&`qe&V2>yKT$Qw=Go>qn~bE)y4C?|{Ca`(q*YPFpwyWlxUjnq+YdY8==msJktA
zfm1m->YZ_Xp)!3%6u2-JJje52fgOm$@&?1CXS<t5d;r>OVe8moR82isCKLR6hMClD
znJfwgi<izypQ#-7Z7pmTlu(hKVX=mzo){$mHtUvj-i1@Bc&2YW)NbT^d-2}+Mz$XZ
zCmqGHb*2oA1810B*C%wb;pPL=Y`D9k-8+xqCbmpf6<KlWX3o#-nrlNciVg`k`5f_@
zGS23`ng3QCt|x!UH}cM7?#~z?5z#~ktn%?|k#06KD0lOh3J%{s1ob0BIUc%~joks*
zRrI?UZkowGT+YbsZ~uHCis3neSG69p=hVXj8o;M)P3#FxWuG;Ncqy*Uo49>eY?lTa
zp;+)>`HcdZBHz4-a>;_AjnFBzeCD7h7;=reUyH&fZ-%IE3@;X3P*l9KsDweAnEi#8
zKmTO5J(#uB-2Q^4C!HGhvop)?&q8#Vlm{HeH&*!1r!ch(;60bHnBUOWa(7pe?Ea@i
z+y%<A74^ZwBJo5InF>C*CNvt&%G~p^`b1oEIxzN!eD-kG8MR_xHzTnF>>J@NCM!rq
zMf})+DltNSeXDtVU`@Ro><4*Ru|_1SyJ<-7Nu3@p<a))H<hbWaAiKyTi-s~5<v#|)
zkIoL{O<B&e^+B&Tb1%8-q_-F5Jz7`FBP*Y@ma?(q-i+N6tns}}r89gy^)Gbi;F%t1
z^UhjnR@wSQ7H@F)b^dUxxgYt+^b;Uy-?t8Dm%Xpj-Rog}wvX)_6d&BE&yN9JE0({N
zyO)!cRO=_zBGjYoLwoiqKx(xv+){wx;%FOoarN%<Cd0cE<1MFY<o%RYT?VI3y%pBe
z&%S6TppT7u{V_#O=RbnHZoNz1S3-5n4bL|@1)I?)=rKETq+WKoV)mc(+wk!8AHUo|
zU%dV<G6dvU<cE~Wj=-mI7xh+}Cba%lcv@gQ^0mi-NVY|k-}z?!U-WzLP0Dw9(%Dc*
zFDvyu-DPM!9Cj4+QU71e@wbK(@XuC8eyrk|#>h|v&pv0Ixb54)d?SAe|Gy#K?g}`K
z3ftWU8Cd>(t}v=m`~EhxX1kKLI#z48^R4l#K8yX%KxC2g;U;H@NmsYY#{uD8+mde5
z@W)^4>F1p`>I{_EF`~}xpLa#9;W%a1i9#4F$n@IpBPGida;zb}smPbgP|p93ds8Sq
zW_LBSDEs}=^kLG&#-7qw&h1rBOpb`)93gQ#=;MXX-<<)ITJS8-_@~@!G6@E9hTU)H
zYBcj(#9T}o4y9jc+V^|+7(4D2SE}42F5R9Q=C5alo*JN+ruEO&{3Y!(ERKob<l@gW
zncUfY>eEiY38e=+!ur~81>7(5#}fVf>b(yuyz3HHA9F*OqjL8-#o`K><&0dB3n1^U
zP6zVd@juGD<>uR98d5idTV3Vf`RbqpHZxaT*}ohDtr!DC9w5SQYs9^HL;CJ*gAkgP
z1Jtp5#NeOb(XVS@w_wzuznXW~OO{q+{ao8&D3<r|2q#Te;42^<O@kYy*X+ap4Rl4f
Ab^rhX

literal 0
HcmV?d00001

diff --git a/windows/deployment/do/mcc-isp-create-provision-deploy.md b/windows/deployment/do/mcc-isp-create-provision-deploy.md
index ecc4cf8379..52602d6b5f 100644
--- a/windows/deployment/do/mcc-isp-create-provision-deploy.md
+++ b/windows/deployment/do/mcc-isp-create-provision-deploy.md
@@ -53,6 +53,19 @@ You can manually upload a list of your CIDR blocks in Azure portal to enable man
 
 BGP (Border Gateway Protocol) routing is another method offered for client routing. BGP dynamically retrieves CIDR ranges by exchanging information with routers to understand reachable networks. For an automatic method of routing traffic, you can choose to configure BGP routing in Azure portal.
 
+Microsoft Connected Cache includes Bird BGP which enables the cache node to 1) establish iBGP peering sessions with routers, route servers, or route collectors within operator networks and 2)  act as a route collector. The operator will start the iBGP peering session from the Microsoft Connected Cache side using the Azure management portal and then start the session with the Microsoft Connected Cache node from the router.
+
+In the example configuration below:
+- The operator ASN is 65100
+- The ASN of the Microsoft Connected Cache cache node is 65100 and the IP address is 192.168.8.99
+- iBGP peering sessions are established from the portal for ASNs 65100, 65200, and 65300.
+
+    :::image type="content" source="images/mcc-isp-bgp-route.png" alt-text="Screenshot of a table entitled BGP route information showing how each ASN corresponds to a specific IP address." lightbox="./images/mcc-isp-provision-cache-node-numbered.png":::  
+
+    :::image type="content" source="images/mcc-isp-bgp-diagram.png" alt-text="A diagram that shows the relationship between the cache node and other ASNs/routers when using BGP. BGP routing allows the cache node to route to other network providers with different ASNs." lightbox="./images/mcc-isp-provision-cache-node-numbered.png":::  
+
+To set up and enable BGP routing for your cache node, follow these steps below:
+
 1. Navigate to **Settings** > **Cache nodes**. Select the cache node you wish to provision.
 
     :::image type="content" source="images/mcc-isp-provision-cache-node-numbered.png" alt-text="Screenshot of the Azure portal depicting the cache node configuration page of a cache node. This screenshot shows all of the fields you can choose to configure the cache node." lightbox="./images/mcc-isp-provision-cache-node-numbered.png":::  
diff --git a/windows/deployment/do/mcc-isp-faq.yml b/windows/deployment/do/mcc-isp-faq.yml
index ddcf91bb1e..a69163e35c 100644
--- a/windows/deployment/do/mcc-isp-faq.yml
+++ b/windows/deployment/do/mcc-isp-faq.yml
@@ -85,6 +85,8 @@ sections:
         answer: If a downstream customer deploys a Microsoft Connected Cache node, the cache controller will prefer the downstream ASN when handling that ASN's traffic.
       - question: I signed up for Microsoft Connected Cache, but I'm not receiving the verification email. What should I do?
         answer: First, check that the email under the NOC role is correct in your PeeringDB page. If the email associated with NOC role is correct, search for an email from the sender "microsoft-noreply@microsoft.com" with the email subject - "Here's your Microsoft Connected Cache verification code" in your Spam folders. Still can't find it? Ensure that your email admin rules allow emails from the sender "microsoft-noreply@microsoft.com".
+      - question: I noticed I can set up BGP for routing. How does BGP routing work for Microsoft Connected Cache?
+        answer: BGP routing can be set up as an automatic method of routing traffic. To learn more about how BGP is used with Microsoft Connected Cache, see [BGP Routing](mcc-isp-create-provision-deploy.md#bgp-routing)
       - question: I have an active MCC, but I'm noticing I hit the message limit for my IoT Hub each day. Does this affect my MCC performance and should I be concerned?
         answer: Even when the quota of 8k messages is hit, the MCC functionality won't be affected. Your client devices will continue to download content as normal. You'll also not be charged above the 8k message limit, so you don't need to worry at all about getting a paid plan. MCC will always be a free service. So if functionality isn't impacted, what is? Instead, messages about the configuration or edge deployment would be impacted. This means that if there was a request to update your MCC and the daily quota was reached, your MCC might not update. In that case, you would just need to wait for the next day to update. This is only a limitation of the early preview and isn't an issue during public preview.
       - question: What do I do if I need more support and have more questions even after reading this FAQ page?
diff --git a/windows/deployment/do/mcc-isp-signup.md b/windows/deployment/do/mcc-isp-signup.md
index 960485c7cb..9ae3e9ed19 100644
--- a/windows/deployment/do/mcc-isp-signup.md
+++ b/windows/deployment/do/mcc-isp-signup.md
@@ -21,7 +21,7 @@ ms.collection: tier3
 This article details the process of signing up for Microsoft Connected Cache for Internet Service Providers (public preview). 
 
  > [!NOTE]
- > Microsoft Connected Cache is now in public review. Instead of submitting a survey, you can directly onboard by following the instructions in this article.
+ > Microsoft Connected Cache is now in public preview. Instead of submitting a survey, you can directly onboard by following the instructions in this article.
 
 ## Prerequisites
 

From 8f6bab708501b22bf3596671c05ceb7a33032752 Mon Sep 17 00:00:00 2001
From: Amy Zhou <amyzhou@microsoft.com>
Date: Thu, 27 Apr 2023 17:20:16 -0700
Subject: [PATCH 043/107] add period after faq sentence

---
 windows/deployment/do/mcc-isp-faq.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/do/mcc-isp-faq.yml b/windows/deployment/do/mcc-isp-faq.yml
index a69163e35c..375036f62d 100644
--- a/windows/deployment/do/mcc-isp-faq.yml
+++ b/windows/deployment/do/mcc-isp-faq.yml
@@ -86,7 +86,7 @@ sections:
       - question: I signed up for Microsoft Connected Cache, but I'm not receiving the verification email. What should I do?
         answer: First, check that the email under the NOC role is correct in your PeeringDB page. If the email associated with NOC role is correct, search for an email from the sender "microsoft-noreply@microsoft.com" with the email subject - "Here's your Microsoft Connected Cache verification code" in your Spam folders. Still can't find it? Ensure that your email admin rules allow emails from the sender "microsoft-noreply@microsoft.com".
       - question: I noticed I can set up BGP for routing. How does BGP routing work for Microsoft Connected Cache?
-        answer: BGP routing can be set up as an automatic method of routing traffic. To learn more about how BGP is used with Microsoft Connected Cache, see [BGP Routing](mcc-isp-create-provision-deploy.md#bgp-routing)
+        answer: BGP routing can be set up as an automatic method of routing traffic. To learn more about how BGP is used with Microsoft Connected Cache, see [BGP Routing](mcc-isp-create-provision-deploy.md#bgp-routing).
       - question: I have an active MCC, but I'm noticing I hit the message limit for my IoT Hub each day. Does this affect my MCC performance and should I be concerned?
         answer: Even when the quota of 8k messages is hit, the MCC functionality won't be affected. Your client devices will continue to download content as normal. You'll also not be charged above the 8k message limit, so you don't need to worry at all about getting a paid plan. MCC will always be a free service. So if functionality isn't impacted, what is? Instead, messages about the configuration or edge deployment would be impacted. This means that if there was a request to update your MCC and the daily quota was reached, your MCC might not update. In that case, you would just need to wait for the next day to update. This is only a limitation of the early preview and isn't an issue during public preview.
       - question: What do I do if I need more support and have more questions even after reading this FAQ page?

From e4af1e423979c84e492a010d271d19565eb0bbb4 Mon Sep 17 00:00:00 2001
From: Amy Zhou <amyzhou@microsoft.com>
Date: Fri, 28 Apr 2023 15:58:14 -0700
Subject: [PATCH 044/107] start the new overview pages

---
 windows/deployment/do/TOC.yml                 |  4 ++++
 windows/deployment/do/mcc-ent-edu-overview.md | 12 ++++++++++++
 windows/deployment/do/mcc-isp-overview.md     | 12 ++++++++++++
 3 files changed, 28 insertions(+)
 create mode 100644 windows/deployment/do/mcc-ent-edu-overview.md
 create mode 100644 windows/deployment/do/mcc-isp-overview.md

diff --git a/windows/deployment/do/TOC.yml b/windows/deployment/do/TOC.yml
index 5bcf7b6dbe..f93adacfb0 100644
--- a/windows/deployment/do/TOC.yml
+++ b/windows/deployment/do/TOC.yml
@@ -31,6 +31,8 @@
       href: waas-microsoft-connected-cache.md
     - name: MCC for Enterprise and Education
       items:
+      - name: What is MCC for Enterprise and Education?
+        href: mcc-ent-edu-overview.md
       - name: Requirements
         href: mcc-enterprise-prerequisites.md
       - name: Deploy Microsoft Connected Cache
@@ -41,6 +43,8 @@
         href: mcc-enterprise-appendix.md
     - name: MCC for ISPs
       items:
+      - name: What is MCC for ISPs?
+        href: mcc-isp-overview.md
       - name: How-to guides
         items:  
         - name: Operator sign up and service onboarding
diff --git a/windows/deployment/do/mcc-ent-edu-overview.md b/windows/deployment/do/mcc-ent-edu-overview.md
new file mode 100644
index 0000000000..26a73b14fb
--- /dev/null
+++ b/windows/deployment/do/mcc-ent-edu-overview.md
@@ -0,0 +1,12 @@
+---
+title: What is MCC for Enterprise and Education?
+manager: aaroncz
+description: Overview of Microsoft Connected Cache (MCC) for Enterprise and Education.
+ms.prod: windows-client
+author: amymzhou
+ms.author: amyzhou
+ms.topic: article
+ms.date: 12/31/2017
+ms.technology: itpro-updates
+ms.collection: tier3
+---
\ No newline at end of file
diff --git a/windows/deployment/do/mcc-isp-overview.md b/windows/deployment/do/mcc-isp-overview.md
new file mode 100644
index 0000000000..e4236fdb8f
--- /dev/null
+++ b/windows/deployment/do/mcc-isp-overview.md
@@ -0,0 +1,12 @@
+---
+title: What is MCC for ISPs?
+manager: aaroncz
+description: Overview for Microsoft Connected Cache for ISPs
+ms.prod: windows-client
+author: amymzhou
+ms.author: amyzhou
+ms.topic: article
+ms.date: 12/31/2017
+ms.technology: itpro-updates
+ms.collection: tier3
+---
\ No newline at end of file

From 5468c14b648ca127bfb442a5f20bd45245c8a492 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 1 May 2023 09:16:11 -0400
Subject: [PATCH 045/107] added licensing info

---
 .../identity-protection/credential-guard/credential-guard.md  | 2 ++
 .../md-app-guard-overview.md                                  | 4 +++-
 .../windows-defender-application-control.md                   | 2 ++
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md
index af00a1aef1..d8fd5081a5 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard.md
@@ -21,6 +21,8 @@ By enabling Windows Defender Credential Guard, the following features and soluti
 > [!NOTE]
 > As of Windows 11, version 22H2, Windows Defender Credential Guard has been enabled by default on all devices which meet the minimum requirements as specified in the [Default Enablement](credential-guard-manage.md#default-enablement) section. For information about known issues related to default enablement, see [Credential Guard: Known Issues](credential-guard-known-issues.md#known-issue-single-sign-on-sso-for-network-services-breaks-after-upgrading-to-windows-11-version-22h2).
 
+[!INCLUDE [windows-defender-credential-guard](../../../../includes/licensing/windows-defender-credential-guard.md)]
+
 ## Related topics
 
 - [Protecting network passwords with Windows Defender Credential Guard](https://www.microsoft.com/itshowcase/Article/Content/831/Protecting-network-passwords-with-Windows-10-Credential-Guard)
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
index afc6aaef79..f6a9150ebc 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
@@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
-ms.date: 09/09/2021
+ms.date: 05/01/2023
 ms.reviewer: 
 manager: aaroncz
 ms.custom: asr
@@ -49,6 +49,8 @@ Application Guard has been created to target several types of devices:
 
 - **Personal devices**. These personally owned desktops or mobile laptops aren't domain-joined or managed by an organization. The user is an admin on the device and uses a high-bandwidth wireless personal network while at home or a comparable public network while outside.
 
+[!INCLUDE [microsoft-defender-application-guard-mdag-for-edge-standalone-mode](../../../../includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md)]
+
 ## Related articles
 
 |Article |Description |
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
index 2ba7d43f84..9f1f0f96d3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
@@ -73,6 +73,8 @@ Smart App Control enforces the [Microsoft Recommended Driver Block rules](micros
 - Microsoft.Build.Framework.dll
 - Wslhost.dll
 
+[!INCLUDE [windows-defender-application-control-wdac](../../../../includes/licensing/windows-defender-application-control-wdac.md)]
+
 ## Related articles
 
 - [WDAC design guide](windows-defender-application-control-design-guide.md)

From fdb06c1b36fd40336c506872a3d6e0422d2e1f8c Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 1 May 2023 11:59:40 -0400
Subject: [PATCH 046/107] added licensing info

---
 education/windows/autopilot-reset.md                        | 2 ++
 windows/client-management/config-lock.md                    | 6 ++----
 windows/client-management/mdm-overview.md                   | 2 ++
 windows/configuration/kiosk-methods.md                      | 2 ++
 windows/security/identity-protection/toc.yml                | 2 +-
 .../microsoft-defender-smartscreen-overview.md              | 2 ++
 .../phishing-protection-microsoft-defender-smartscreen.md   | 2 ++
 ...by-controlling-the-health-of-windows-10-based-devices.md | 6 ++++--
 .../security-policy-settings/account-lockout-policy.md      | 2 ++
 .../security-policy-settings/security-policy-settings.md    | 2 ++
 .../microsoft-recommended-driver-block-rules.md             | 2 ++
 .../windows-firewall-with-advanced-security.md              | 2 +-
 .../windows-sandbox/windows-sandbox-overview.md             | 4 ++--
 windows/security/trusted-boot.md                            | 2 ++
 14 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md
index adc2f3d815..15b7d22d04 100644
--- a/education/windows/autopilot-reset.md
+++ b/education/windows/autopilot-reset.md
@@ -20,6 +20,8 @@ To enable Autopilot Reset you must:
 1. [Enable the policy for the feature](#enable-autopilot-reset)
 2. [Trigger a reset for each device](#trigger-autopilot-reset)
 
+[!INCLUDE [remote-wipe-autopilot-reset](../../includes/licensing/remote-wipe-autopilot-reset.md)]
+
 ## Enable Autopilot Reset
 
 To use Autopilot Reset, [Windows Recovery Environment (WinRE) must be enabled on the device](#winre).
diff --git a/windows/client-management/config-lock.md b/windows/client-management/config-lock.md
index 2e86f60f6a..d32bed289c 100644
--- a/windows/client-management/config-lock.md
+++ b/windows/client-management/config-lock.md
@@ -26,11 +26,9 @@ To summarize, config lock:
 
 ## Configuration Flow
 
-After a secured-core PC reaches the desktop, config lock will prevent configuration drift by detecting if the device is a secured-core PC or not. When the device isn't a secured-core PC, the lock won't apply. If the device is a secured-core PC, config lock will lock the policies listed under [List of locked policies](#list-of-locked-policies).
+After a [secured-core PCs](/windows-hardware/design/device-experiences/oem-highly-secure) reaches the desktop, config lock will prevent configuration drift by detecting if the device is a secured-core PC or not. When the device isn't a secured-core PC, the lock won't apply. If the device is a secured-core PC, config lock will lock the policies listed under [List of locked policies](#list-of-locked-policies).
 
-## System Requirements
-
-Config lock will be available for all Windows Professional and Enterprise Editions running on [secured-core PCs](/windows-hardware/design/device-experiences/oem-highly-secure).
+[!INCLUDE [secured-core-configuration-lock](../../includes/licensing/secured-core-configuration-lock.md)]
 
 ## Enabling config lock using Microsoft Intune
 
diff --git a/windows/client-management/mdm-overview.md b/windows/client-management/mdm-overview.md
index ecc058a048..65a8d393da 100644
--- a/windows/client-management/mdm-overview.md
+++ b/windows/client-management/mdm-overview.md
@@ -56,6 +56,8 @@ For more information about the MDM policies defined in the MDM security baseline
 
 For information about the MDM policies defined in the Intune security baseline, see [Windows security baseline settings for Intune](/mem/intune/protect/security-baseline-settings-mdm-all).
 
+[!INCLUDE [manage-by-mobile-device-management-mdm-and-group-policy](../../includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md)]
+
 ## Frequently Asked Questions
 
 ### Can there be more than one MDM server to enroll and manage devices in Windows?
diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index fca2b5ab94..0fdc2d15c1 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -71,6 +71,8 @@ There are several kiosk configuration methods that you can choose from, dependin
 >[!IMPORTANT]
 >Single-app kiosk mode isn't supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
 
+[!INCLUDE [assigned-access-kiosk-mode](../../includes/licensing/assigned-access-kiosk-mode.md)]
+
 ## Methods for a single-app kiosk running a UWP app
 
 You can use this method | For this edition | For this kiosk account type 
diff --git a/windows/security/identity-protection/toc.yml b/windows/security/identity-protection/toc.yml
index 27c8a6dad3..3190bc8236 100644
--- a/windows/security/identity-protection/toc.yml
+++ b/windows/security/identity-protection/toc.yml
@@ -7,7 +7,7 @@ items:
     items:
     - name: Windows Hello for Business 🔗
       href: hello-for-business/index.yml
-    - name: Windows presence sensing 🔗
+    - name: Windows presence sensing
       href: https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb
     - name: Windows Hello for Business Enhanced Security Sign-in (ESS) 🔗
       href: /windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
index dbb586c517..cb05a5d266 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
@@ -50,6 +50,8 @@ Microsoft Defender SmartScreen provide an early warning system against websites
 > [!IMPORTANT]
 > SmartScreen protects against malicious files from the internet. It does not protect against malicious files on internal locations or network shares, such as shared folders with UNC paths or SMB/CIFS shares.
 
+[!INCLUDE [microsoft-defender-smartscreen](../../../../includes/licensing/microsoft-defender-smartscreen.md)]
+
 ## Submit files to Microsoft Defender SmartScreen for review
 
 If you believe a warning or block was incorrectly shown for a file or application, or if you believe an undetected file is malware, you can [submit a file](https://www.microsoft.com/wdsi/filesubmission/) to Microsoft for review. For more information, see [Submit files for analysis](/microsoft-365/security/intelligence/submission-guide).
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
index 8597ee9893..58dea5e41a 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
@@ -39,6 +39,8 @@ Enhanced Phishing Protection provides robust phishing protections for work or sc
 
 - **Easy management through Group Policy and Microsoft Intune:** Enhanced Phishing Protection works with Group Policy and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Enhanced Phishing Protection, you can customize which phishing protection scenarios will show users warning dialogs. For example, the Service Enabled setting determines whether the Enhanced Phishing Protection service is on or off. The feature will be in audit mode if the other settings, which correspond to notification policies, aren't enabled.
 
+[!INCLUDE [enhanced-phishing-protection-with-smartscreen](../../../../includes/licensing/enhanced-phishing-protection-with-smartscreen.md)]
+
 ## Configure Enhanced Phishing Protection for your organization
 
 Enhanced Phishing Protection can be configured via Microsoft Intune, Group Policy Objects (GPO) or Configuration Service Providers (CSP) with an MDM service. Follow the instructions below to configure your devices using either Microsoft Intune, GPO or CSP.
diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
index b6fcd28bd2..a29c0cb634 100644
--- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
@@ -1,5 +1,5 @@
 ---
-title: Control the health of Windows 10-based devices (Windows 10)
+title: Control the health of Windows devices
 description: This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows 10-based devices.
 ms.prod: windows-client
 ms.date: 10/13/2017
@@ -11,7 +11,7 @@ manager: dougeby
 ms.topic: conceptual
 ---
 
-# Control the health of Windows 10-based devices
+# Control the health of Windows devices
 
 **Applies to**
 
@@ -327,6 +327,8 @@ For Windows 10-based devices, Microsoft introduces a new public API that will al
 
 For more information on device health attestation, see the [Detect an unhealthy Windows 10-based device](#detect-unhealthy) section.
 
+[!INCLUDE [device-health-attestation-service](../../../includes/licensing/device-health-attestation-service.md)]
+
 ### <a href="" id="hardware-req"></a>Hardware requirements
 
 The following table details the hardware requirements for both virtualization-based security services and the health attestation feature. For more information, see [Minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview).
diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
index 03d4f6bba0..301d74416d 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
@@ -32,6 +32,8 @@ The following topics provide a discussion of each policy setting's implementatio
 >[!NOTE]
 >Account lockout settings for remote access clients can be configured separately by editing the Registry on the server that manages the remote access. For more information, see [How to configure remote access client account lockout](/troubleshoot/windows-server/networking/configure-remote-access-client-account-lockout).
 
+[!INCLUDE [account-lockout-policy](../../../../includes/licensing/account-lockout-policy.md)]
+
 ## In this section
 
 | Topic | Description |
diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
index e5a2bba1d9..5cac6b5f49 100644
--- a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
@@ -71,6 +71,8 @@ The Security Settings extension of the Local Group Policy Editor includes the fo
 - **IP Security Policies on Local Computer.** Specify settings to ensure private, secure communications over IP networks by using cryptographic security services. IPsec establishes trust and security from a source IP address to a destination IP address.
 - **Advanced Audit Policy Configuration.** Specify settings that control the logging of security events into the security log on the device. The settings under Advanced Audit Policy Configuration provide finer control over which activities to monitor as opposed to the Audit Policy settings under Local Policies.
 
+[!INCLUDE [windows-security-policy-settings-and-auditing](../../../../includes/licensing/windows-security-policy-settings-and-auditing.md)]
+
 ## Policy-based security settings management
 
 The Security Settings extension to Group Policy provides an integrated policy-based management infrastructure to help you manage and enforce your security policies.
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 161e563a19..a03dd12363 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -59,6 +59,8 @@ The blocklist is updated with each new major release of Windows, typically 1-2 t
 
 Customers who always want the most up-to-date driver blocklist can also use Windows Defender Application Control (WDAC) to apply the latest recommended driver blocklist contained in this article. For your convenience, we've provided a download of the most up-to-date vulnerable driver blocklist along with instructions to apply it on your computer at the end of this article. Otherwise, you can use the XML provided below to create your own custom WDAC policies.
 
+[!INCLUDE [microsoft-vulnerable-driver-blocklist](../../../../includes/licensing/microsoft-vulnerable-driver-blocklist.md)]
+
 ## Blocking vulnerable drivers using WDAC
 
 Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this setting isn't possible, Microsoft recommends blocking [this list of drivers](#vulnerable-driver-blocklist-xml) within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can cause devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) and review the audit block events.
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
index 282125d3bd..a5468a9a20 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
@@ -23,7 +23,7 @@ Windows Defender Firewall in Windows 8, Windows 7, Windows Vista, Windows Serv
 
 The Windows Defender Firewall with Advanced Security MMC snap-in is more flexible and provides much more functionality than the consumer-friendly Windows Defender Firewall interface found in the Control Panel. Both interfaces interact with the same underlying services, but provide different levels of control over those services. While the Windows Defender Firewall Control Panel program can protect a single device in a home environment, it doesn't provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
 
-
+[!INCLUDE [windows-firewall](../../../../includes/licensing/windows-firewall.md)]
 
 ## Feature description
 
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
index 74e81b1a05..8f3d7bd7de 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -32,10 +32,10 @@ Windows Sandbox has the following properties:
 > [!IMPORTANT]
 > Windows Sandbox enables network connection by default. It can be disabled using the [Windows Sandbox configuration file](/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file#networking).
 
+[!INCLUDE [windows-sandbox](../../../../includes/licensing/windows-sandbox.md)]
+
 ## Prerequisites
 
-- Windows 10, version 1903 and later, or Windows 11
-- Windows Pro, Enterprise or Education edition
 - ARM64 (for Windows 11, version 22H2 and later) or AMD64 architecture
 - Virtualization capabilities enabled in BIOS
 - At least 4 GB of RAM (8 GB recommended)
diff --git a/windows/security/trusted-boot.md b/windows/security/trusted-boot.md
index ad5c50ecc7..8790964196 100644
--- a/windows/security/trusted-boot.md
+++ b/windows/security/trusted-boot.md
@@ -29,6 +29,8 @@ Trusted Boot picks up the process that started with Secure Boot. The Windows boo
 
 Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the Windows 11 device to start normally.
 
+[!INCLUDE [secure-boot-and-trusted-boot](../../includes/licensing/secure-boot-and-trusted-boot.md)]
+
 ## See also
 
 [Secure the Windows boot process](information-protection/secure-the-windows-10-boot-process.md)
\ No newline at end of file

From cd60fff77a3cf01c75426bd235415de88c32779b Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Mon, 1 May 2023 14:40:00 -0400
Subject: [PATCH 047/107] April CSP changes

---
 .../client-management/mdm/bitlocker-csp.md    |  63 ++-
 .../mdm/bitlocker-ddf-file.md                 |  48 +-
 windows/client-management/mdm/defender-csp.md |  52 ++-
 windows/client-management/mdm/defender-ddf.md |  41 +-
 .../mdm/devicepreparation-csp.md              |  43 +-
 .../mdm/devicepreparation-ddf-file.md         |  25 +-
 windows/client-management/mdm/dmclient-csp.md | 179 +++++++-
 .../mdm/dmclient-ddf-file.md                  | 121 ++++-
 windows/client-management/mdm/firewall-csp.md | 417 ++++--------------
 .../mdm/firewall-ddf-file.md                  | 302 +++----------
 .../mdm/policies-in-policy-csp-admx-backed.md |   7 +-
 ...in-policy-csp-supported-by-group-policy.md |  13 +-
 ...-in-policy-csp-supported-by-surface-hub.md |   3 +-
 .../policy-configuration-service-provider.md  |   3 +-
 .../mdm/policy-csp-admx-sharedfolders.md      |   4 +-
 .../mdm/policy-csp-devicelock.md              | 161 ++-----
 .../client-management/mdm/policy-csp-start.md | 126 +++---
 .../mdm/policy-csp-stickers.md                |   4 +-
 .../mdm/policy-csp-textinput.md               |   9 +-
 .../mdm/policy-csp-userrights.md              | 106 ++---
 .../mdm/policy-csp-webthreatdefense.md        |  52 +--
 .../client-management/mdm/policy-csp-wifi.md  | 103 ++++-
 windows/client-management/mdm/reboot-csp.md   |   4 +-
 .../client-management/mdm/reboot-ddf-file.md  |   6 +-
 .../mdm/windowslicensing-csp.md               | 345 +++++++++++----
 .../mdm/windowslicensing-ddf-file.md          | 195 ++++++--
 26 files changed, 1428 insertions(+), 1004 deletions(-)

diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index b34bc4709f..16889b4db0 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the BitLocker CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -21,6 +21,9 @@ ms.topic: reference
 >
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
+> [!IMPORTANT]
+> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview.
+
 <!-- BitLocker-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it's also supported in Windows 10 Pro.
@@ -40,6 +43,7 @@ The following list shows the BitLocker configuration service provider nodes:
 
 - ./Device/Vendor/MSFT/BitLocker
   - [AllowStandardUserEncryption](#allowstandarduserencryption)
+  - [AllowSuspensionOfBitLockerProtection](#allowsuspensionofbitlockerprotection)
   - [AllowWarningForOtherDiskEncryption](#allowwarningforotherdiskencryption)
   - [ConfigureRecoveryPasswordRotation](#configurerecoverypasswordrotation)
   - [EncryptionMethodByDriveType](#encryptionmethodbydrivetype)
@@ -149,6 +153,63 @@ To disable this policy, use the following SyncML:
 
 <!-- Device-AllowStandardUserEncryption-End -->
 
+<!-- Device-AllowSuspensionOfBitLockerProtection-Begin -->
+## AllowSuspensionOfBitLockerProtection
+
+<!-- Device-AllowSuspensionOfBitLockerProtection-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+<!-- Device-AllowSuspensionOfBitLockerProtection-Applicability-End -->
+
+<!-- Device-AllowSuspensionOfBitLockerProtection-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/BitLocker/AllowSuspensionOfBitLockerProtection
+```
+<!-- Device-AllowSuspensionOfBitLockerProtection-OmaUri-End -->
+
+<!-- Device-AllowSuspensionOfBitLockerProtection-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting allows suspending protection for BitLocker Drive Encryption when enabled and prevents suspending protection when disabled.
+
+> [!WARNING]
+> When policy is disabled, some scenarios will be blocked and prevent those scenarios from behaving normally.
+
+The expected values for this policy are:
+
+0 = Prevent BitLocker Drive Encryption protection from being suspended.
+1 = This is the default, when the policy is not set. Allows suspending BitLocker Drive Encryption protection.
+<!-- Device-AllowSuspensionOfBitLockerProtection-Description-End -->
+
+<!-- Device-AllowSuspensionOfBitLockerProtection-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-AllowSuspensionOfBitLockerProtection-Editable-End -->
+
+<!-- Device-AllowSuspensionOfBitLockerProtection-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- Device-AllowSuspensionOfBitLockerProtection-DFProperties-End -->
+
+<!-- Device-AllowSuspensionOfBitLockerProtection-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Prevent BitLocker Drive Encryption protection from being suspended. |
+| 1 (Default) | This is the default, when the policy is not set. Allows suspending BitLocker Drive Encryption protection. |
+<!-- Device-AllowSuspensionOfBitLockerProtection-AllowedValues-End -->
+
+<!-- Device-AllowSuspensionOfBitLockerProtection-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-AllowSuspensionOfBitLockerProtection-Examples-End -->
+
+<!-- Device-AllowSuspensionOfBitLockerProtection-End -->
+
 <!-- Device-AllowWarningForOtherDiskEncryption-Begin -->
 ## AllowWarningForOtherDiskEncryption
 
diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md
index 206cf3acd1..a5b1dd75f5 100644
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -772,6 +772,52 @@ Supported Values: String form of request ID. Example format of request ID is GUI
         </MSFT:Applicability>
       </DFProperties>
     </Node>
+    <Node>
+      <NodeName>AllowSuspensionOfBitLockerProtection</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Add />
+          <Delete />
+          <Get />
+          <Replace />
+        </AccessType>
+        <DefaultValue>1</DefaultValue>
+        <Description>This policy setting allows suspending protection for BitLocker Drive Encryption when enabled and prevents suspending protection when disabled.
+                         Warning: When policy is disabled, some scenarios will be blocked and prevent those scenarios from behaving normally.
+                         The format is integer.
+                         The expected values for this policy are:
+
+                         0 = Prevent BitLocker Drive Encryption protection from being suspended.
+                         1 = This is the default, when the policy is not set. Allows suspending BitLocker Drive Encryption protection.
+                         </Description>
+        <DFFormat>
+          <int />
+        </DFFormat>
+        <Occurrence>
+          <ZeroOrOne />
+        </Occurrence>
+        <Scope>
+          <Dynamic />
+        </Scope>
+        <DFType>
+          <MIME />
+        </DFType>
+        <MSFT:Applicability>
+          <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+          <MSFT:CspVersion>9.9</MSFT:CspVersion>
+        </MSFT:Applicability>
+        <MSFT:AllowedValues ValueType="ENUM">
+          <MSFT:Enum>
+            <MSFT:Value>0</MSFT:Value>
+            <MSFT:ValueDescription>Prevent BitLocker Drive Encryption protection from being suspended.</MSFT:ValueDescription>
+          </MSFT:Enum>
+          <MSFT:Enum>
+            <MSFT:Value>1</MSFT:Value>
+            <MSFT:ValueDescription>This is the default, when the policy is not set. Allows suspending BitLocker Drive Encryption protection.</MSFT:ValueDescription>
+          </MSFT:Enum>
+        </MSFT:AllowedValues>
+      </DFProperties>
+    </Node>
     <Node>
       <NodeName>Status</NodeName>
       <DFProperties>
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 4f3b9bb084..9ec146c353 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the Defender CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 04/26/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -63,6 +63,7 @@ The following list shows the Defender configuration service provider nodes:
     - [HideExclusionsFromLocalUsers](#configurationhideexclusionsfromlocalusers)
     - [IntelTDTEnabled](#configurationinteltdtenabled)
     - [MeteredConnectionUpdates](#configurationmeteredconnectionupdates)
+    - [OobeEnableRtpAndSigUpdate](#configurationoobeenablertpandsigupdate)
     - [PassiveRemediation](#configurationpassiveremediation)
     - [PlatformUpdatesChannel](#configurationplatformupdateschannel)
     - [RandomizeScheduleTaskTimes](#configurationrandomizescheduletasktimes)
@@ -1808,6 +1809,55 @@ Allow managed devices to update through metered connections. Default is 0 - not
 
 <!-- Device-Configuration-MeteredConnectionUpdates-End -->
 
+<!-- Device-Configuration-OobeEnableRtpAndSigUpdate-Begin -->
+### Configuration/OobeEnableRtpAndSigUpdate
+
+<!-- Device-Configuration-OobeEnableRtpAndSigUpdate-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+<!-- Device-Configuration-OobeEnableRtpAndSigUpdate-Applicability-End -->
+
+<!-- Device-Configuration-OobeEnableRtpAndSigUpdate-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/OobeEnableRtpAndSigUpdate
+```
+<!-- Device-Configuration-OobeEnableRtpAndSigUpdate-OmaUri-End -->
+
+<!-- Device-Configuration-OobeEnableRtpAndSigUpdate-Description-Begin -->
+<!-- Description-Source-DDF -->
+This setting allows you to configure whether real-time protection and Security Intelligence Updates are enabled during OOBE (Out of Box experience).
+<!-- Device-Configuration-OobeEnableRtpAndSigUpdate-Description-End -->
+
+<!-- Device-Configuration-OobeEnableRtpAndSigUpdate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Configuration-OobeEnableRtpAndSigUpdate-Editable-End -->
+
+<!-- Device-Configuration-OobeEnableRtpAndSigUpdate-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- Device-Configuration-OobeEnableRtpAndSigUpdate-DFProperties-End -->
+
+<!-- Device-Configuration-OobeEnableRtpAndSigUpdate-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 | If you enable this setting, real-time protection and Security Intelligence Updates are enabled during OOBE. |
+| 0 (Default) | If you either disable or do not configure this setting, real-time protection and Security Intelligence Updates during OOBE is not enabled. |
+<!-- Device-Configuration-OobeEnableRtpAndSigUpdate-AllowedValues-End -->
+
+<!-- Device-Configuration-OobeEnableRtpAndSigUpdate-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Configuration-OobeEnableRtpAndSigUpdate-Examples-End -->
+
+<!-- Device-Configuration-OobeEnableRtpAndSigUpdate-End -->
+
 <!-- Device-Configuration-PassiveRemediation-Begin -->
 ### Configuration/PassiveRemediation
 
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index 4a653a572d..09e0cb692e 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -1920,6 +1920,45 @@ The following XML file contains the device description framework (DDF) for the D
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
+      <Node>
+        <NodeName>OobeEnableRtpAndSigUpdate</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>0</DefaultValue>
+          <Description>This setting allows you to configure whether real-time protection and Security Intelligence Updates are enabled during OOBE (Out of Box experience).</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.3</MSFT:CspVersion>
+          </MSFT:Applicability>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>If you enable this setting, real-time protection and Security Intelligence Updates are enabled during OOBE.</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>If you either disable or do not configure this setting, real-time protection and Security Intelligence Updates during OOBE is not enabled.</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
       <Node>
         <NodeName>ThrottleForScheduledScanOnly</NodeName>
         <DFProperties>
diff --git a/windows/client-management/mdm/devicepreparation-csp.md b/windows/client-management/mdm/devicepreparation-csp.md
index e32d2c6c9a..a6be4ec54b 100644
--- a/windows/client-management/mdm/devicepreparation-csp.md
+++ b/windows/client-management/mdm/devicepreparation-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the DevicePreparation CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -31,6 +31,7 @@ The following list shows the DevicePreparation configuration service provider no
     - [ClassID](#bootstrapperagentclassid)
     - [ExecutionContext](#bootstrapperagentexecutioncontext)
     - [InstallationStatusUri](#bootstrapperagentinstallationstatusuri)
+  - [MdmAgentInstalled](#mdmagentinstalled)
   - [MDMProvider](#mdmprovider)
     - [Progress](#mdmproviderprogress)
   - [PageEnabled](#pageenabled)
@@ -194,6 +195,46 @@ This node holds a URI that can be queried for the status of the Bootstrapper Age
 
 <!-- Device-BootstrapperAgent-InstallationStatusUri-End -->
 
+<!-- Device-MdmAgentInstalled-Begin -->
+## MdmAgentInstalled
+
+<!-- Device-MdmAgentInstalled-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+<!-- Device-MdmAgentInstalled-Applicability-End -->
+
+<!-- Device-MdmAgentInstalled-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/DevicePreparation/MdmAgentInstalled
+```
+<!-- Device-MdmAgentInstalled-OmaUri-End -->
+
+<!-- Device-MdmAgentInstalled-Description-Begin -->
+<!-- Description-Source-DDF -->
+This node indicates whether the MDM agent was installed or not. When set to true sets the AUTOPILOT_MDM_AGENT_REGISTERED WNF event.
+<!-- Device-MdmAgentInstalled-Description-End -->
+
+<!-- Device-MdmAgentInstalled-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-MdmAgentInstalled-Editable-End -->
+
+<!-- Device-MdmAgentInstalled-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value  | false |
+<!-- Device-MdmAgentInstalled-DFProperties-End -->
+
+<!-- Device-MdmAgentInstalled-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-MdmAgentInstalled-Examples-End -->
+
+<!-- Device-MdmAgentInstalled-End -->
+
 <!-- Device-MDMProvider-Begin -->
 ## MDMProvider
 
diff --git a/windows/client-management/mdm/devicepreparation-ddf-file.md b/windows/client-management/mdm/devicepreparation-ddf-file.md
index c2a8a4aa4e..9d1713e298 100644
--- a/windows/client-management/mdm/devicepreparation-ddf-file.md
+++ b/windows/client-management/mdm/devicepreparation-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -286,6 +286,29 @@ The following XML file contains the device description framework (DDF) for the D
         </DFProperties>
       </Node>
     </Node>
+    <Node>
+      <NodeName>MdmAgentInstalled</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Get />
+          <Replace />
+        </AccessType>
+        <DefaultValue>false</DefaultValue>
+        <Description>This node indicates whether the MDM agent was installed or not. When set to true sets the AUTOPILOT_MDM_AGENT_REGISTERED WNF event.</Description>
+        <DFFormat>
+          <bool />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <DFType>
+          <MIME />
+        </DFType>
+      </DFProperties>
+    </Node>
   </Node>
 </MgmtTree>
 ```
diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md
index bdae4f4a67..ff2a647808 100644
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the DMClient CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/28/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -16,6 +16,9 @@ ms.topic: reference
 <!-- DMClient-Begin -->
 # DMClient CSP
 
+> [!IMPORTANT]
+> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview.
+
 <!-- DMClient-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The DMClient configuration service provider (CSP) has more enterprise-specific mobile device management (MDM) configuration settings. These settings identify the device in the enterprise domain, include security mitigation for certificate renewal, and are used for server-triggered enterprise unenrollment.
@@ -37,6 +40,10 @@ The following list shows the DMClient configuration service provider nodes:
         - [Lock](#deviceproviderprovideridconfiglocklock)
         - [SecureCore](#deviceproviderprovideridconfiglocksecurecore)
         - [UnlockDuration](#deviceproviderprovideridconfiglockunlockduration)
+      - [ConfigRefresh](#deviceproviderprovideridconfigrefresh)
+        - [Cadence](#deviceproviderprovideridconfigrefreshcadence)
+        - [Enabled](#deviceproviderprovideridconfigrefreshenabled)
+        - [PausePeriod](#deviceproviderprovideridconfigrefreshpauseperiod)
       - [CustomEnrollmentCompletePage](#deviceproviderprovideridcustomenrollmentcompletepage)
         - [BodyText](#deviceproviderprovideridcustomenrollmentcompletepagebodytext)
         - [HyperlinkHref](#deviceproviderprovideridcustomenrollmentcompletepagehyperlinkhref)
@@ -624,6 +631,176 @@ This node, when it is set, tells the client to set how many minutes the device s
 
 <!-- Device-Provider-{ProviderID}-ConfigLock-UnlockDuration-End -->
 
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Begin -->
+#### Device/Provider/{ProviderID}/ConfigRefresh
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Applicability-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/DMClient/Provider/{ProviderID}/ConfigRefresh
+```
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-OmaUri-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Description-Begin -->
+<!-- Description-Source-DDF -->
+Parent node for ConfigRefresh nodes.
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Description-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Editable-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Add, Delete, Get |
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-DFProperties-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Examples-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-Begin -->
+##### Device/Provider/{ProviderID}/ConfigRefresh/Cadence
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-Applicability-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/DMClient/Provider/{ProviderID}/ConfigRefresh/Cadence
+```
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-OmaUri-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-Description-Begin -->
+<!-- Description-Source-DDF -->
+This node determines the number of minutes between refreshes.
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-Description-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-Editable-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[30-1440]` |
+| Default Value  | 90 |
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-DFProperties-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-Examples-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-Begin -->
+##### Device/Provider/{ProviderID}/ConfigRefresh/Enabled
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-Applicability-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/DMClient/Provider/{ProviderID}/ConfigRefresh/Enabled
+```
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-OmaUri-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-Description-Begin -->
+<!-- Description-Source-DDF -->
+This node determines whether or not a periodic settings refresh for MDM policies will occur.
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-Description-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-Editable-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | false |
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-DFProperties-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| true | ConfigRefresh is enabled. |
+| false (Default) | ConfigRefresh is disabled. |
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-AllowedValues-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-Examples-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-Begin -->
+##### Device/Provider/{ProviderID}/ConfigRefresh/PausePeriod
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-Applicability-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/DMClient/Provider/{ProviderID}/ConfigRefresh/PausePeriod
+```
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-OmaUri-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-Description-Begin -->
+<!-- Description-Source-DDF -->
+This node determines the number of minutes ConfigRefresh should be paused for.
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-Description-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-Editable-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-1440]` |
+| Default Value  | 0 |
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-DFProperties-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-Examples-End -->
+
+<!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-End -->
+
 <!-- Device-Provider-{ProviderID}-CustomEnrollmentCompletePage-Begin -->
 #### Device/Provider/{ProviderID}/CustomEnrollmentCompletePage
 
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index b5ef6feff0..4de7f3bf11 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/24/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -2947,6 +2947,125 @@ The following XML file contains the device description framework (DDF) for the D
             </DFProperties>
           </Node>
         </Node>
+        <Node>
+          <NodeName>ConfigRefresh</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+            </AccessType>
+            <Description>Parent node for ConfigRefresh nodes</Description>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <DDFName />
+            </DFType>
+            <MSFT:Applicability>
+              <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+              <MSFT:CspVersion>1.6</MSFT:CspVersion>
+            </MSFT:Applicability>
+          </DFProperties>
+          <Node>
+            <NodeName>Enabled</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Add />
+                <Delete />
+                <Get />
+                <Replace />
+              </AccessType>
+              <DefaultValue>false</DefaultValue>
+              <Description>This node determines whether or not a periodic settings refresh for MDM policies will occur.</Description>
+              <DFFormat>
+                <bool />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME />
+              </DFType>
+              <MSFT:AllowedValues ValueType="ENUM">
+                <MSFT:Enum>
+                  <MSFT:Value>true</MSFT:Value>
+                  <MSFT:ValueDescription>ConfigRefresh is enabled.</MSFT:ValueDescription>
+                </MSFT:Enum>
+                <MSFT:Enum>
+                  <MSFT:Value>false</MSFT:Value>
+                  <MSFT:ValueDescription>ConfigRefresh is disabled.</MSFT:ValueDescription>
+                </MSFT:Enum>
+              </MSFT:AllowedValues>
+              <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>Cadence</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Add />
+                <Delete />
+                <Get />
+                <Replace />
+              </AccessType>
+              <DefaultValue>90</DefaultValue>
+              <Description>This node determines the number of minutes between refreshes.</Description>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME />
+              </DFType>
+              <MSFT:AllowedValues ValueType="Range">
+                <MSFT:Value>[30-1440]</MSFT:Value>
+              </MSFT:AllowedValues>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>PausePeriod</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Add />
+                <Delete />
+                <Get />
+                <Replace />
+              </AccessType>
+              <DefaultValue>0</DefaultValue>
+              <Description>This node determines the number of minutes ConfigRefresh should be paused for.</Description>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME />
+              </DFType>
+              <MSFT:AllowedValues ValueType="Range">
+                <MSFT:Value>[0-1440]</MSFT:Value>
+              </MSFT:AllowedValues>
+            </DFProperties>
+          </Node>
+        </Node>
       </Node>
     </Node>
     <Node>
diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md
index c5b31e1372..dd6206ae17 100644
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the Firewall CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -16,9 +16,6 @@ ms.topic: reference
 <!-- Firewall-Begin -->
 # Firewall CSP
 
-> [!IMPORTANT]
-> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview.
-
 <!-- Firewall-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, and the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network.
@@ -99,11 +96,11 @@ The following list shows the Firewall configuration service provider nodes:
     - [HyperVFirewallRules](#mdmstorehypervfirewallrules)
       - [{FirewallRuleName}](#mdmstorehypervfirewallrulesfirewallrulename)
         - [Action](#mdmstorehypervfirewallrulesfirewallrulenameaction)
-          - [Type](#mdmstorehypervfirewallrulesfirewallrulenameactiontype)
         - [Direction](#mdmstorehypervfirewallrulesfirewallrulenamedirection)
         - [Enabled](#mdmstorehypervfirewallrulesfirewallrulenameenabled)
         - [LocalAddressRanges](#mdmstorehypervfirewallrulesfirewallrulenamelocaladdressranges)
         - [LocalPortRanges](#mdmstorehypervfirewallrulesfirewallrulenamelocalportranges)
+        - [Name](#mdmstorehypervfirewallrulesfirewallrulenamename)
         - [Priority](#mdmstorehypervfirewallrulesfirewallrulenamepriority)
         - [Profiles](#mdmstorehypervfirewallrulesfirewallrulenameprofiles)
         - [Protocol](#mdmstorehypervfirewallrulesfirewallrulenameprotocol)
@@ -111,12 +108,6 @@ The following list shows the Firewall configuration service provider nodes:
         - [RemotePortRanges](#mdmstorehypervfirewallrulesfirewallrulenameremoteportranges)
         - [Status](#mdmstorehypervfirewallrulesfirewallrulenamestatus)
         - [VMCreatorId](#mdmstorehypervfirewallrulesfirewallrulenamevmcreatorid)
-    - [HyperVLoopbackRules](#mdmstorehypervloopbackrules)
-      - [{RuleName}](#mdmstorehypervloopbackrulesrulename)
-        - [DestinationVMCreatorId](#mdmstorehypervloopbackrulesrulenamedestinationvmcreatorid)
-        - [Enabled](#mdmstorehypervloopbackrulesrulenameenabled)
-        - [PortRanges](#mdmstorehypervloopbackrulesrulenameportranges)
-        - [SourceVMCreatorId](#mdmstorehypervloopbackrulesrulenamesourcevmcreatorid)
     - [HyperVVMSettings](#mdmstorehypervvmsettings)
       - [{VMCreatorId}](#mdmstorehypervvmsettingsvmcreatorid)
         - [AllowHostPolicyMerge](#mdmstorehypervvmsettingsvmcreatoridallowhostpolicymerge)
@@ -1791,7 +1782,7 @@ Specifies the description of the rule.
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Direction-Description-Begin -->
 <!-- Description-Source-DDF -->
-Comma separated list. The rule is enabled based on the traffic direction as following.
+The rule is enabled based on the traffic direction as following.
 
 IN - the rule applies to inbound traffic.
 OUT - the rule applies to outbound traffic.
@@ -1935,7 +1926,7 @@ If not specified - a new rule is disabled by default.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-IcmpTypesAndCodes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 21H1 [10.0.19043] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-IcmpTypesAndCodes-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-IcmpTypesAndCodes-OmaUri-Begin -->
@@ -2087,6 +2078,7 @@ An IPv6 address range in the format of "start address - end address" with no spa
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-LocalPortRanges-Description-Begin -->
 <!-- Description-Source-DDF -->
 Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the default is All.
+When setting this field in a firewall rule, the protocol field must also be set, to either 6 (TCP) or 17 (UDP).
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-LocalPortRanges-Description-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-LocalPortRanges-Editable-Begin -->
@@ -2166,7 +2158,8 @@ This is a string in Security Descriptor Definition Language (SDDL) format..
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Name-OmaUri-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Name-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-DDF -->
+Specifies the friendly name of the firewall rule.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Name-Description-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Name-Editable-Begin -->
@@ -2194,7 +2187,7 @@ This is a string in Security Descriptor Definition Language (SDDL) format..
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-PolicyAppId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 22H2 [10.0.19045.2913] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1880] and later <br> :heavy_check_mark: Windows 11, version 22H2 [10.0.22621.1635] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-PolicyAppId-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-PolicyAppId-OmaUri-Begin -->
@@ -2205,7 +2198,7 @@ This is a string in Security Descriptor Definition Language (SDDL) format..
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-PolicyAppId-Description-Begin -->
 <!-- Description-Source-DDF -->
-Specifies one WDAC tag. This is a string that can contain any alphanumeric character and any of the characters ":", "/", ".", and "_".
+Specifies one WDAC tag. This is a string that can contain any alphanumeric character and any of the characters ":", "/", ".", and "_". A PolicyAppId and ServiceName cannot be specified in the same rule.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-PolicyAppId-Description-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-PolicyAppId-Editable-Begin -->
@@ -2431,6 +2424,7 @@ An IPv6 address range in the format of "start address - end address" with no spa
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-RemotePortRanges-Description-Begin -->
 <!-- Description-Source-DDF -->
 Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the default is All.
+When setting this field in a firewall rule, the protocol field must also be set, to either 6 (TCP) or 17 (UDP).
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-RemotePortRanges-Description-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-RemotePortRanges-Editable-Begin -->
@@ -3122,7 +3116,9 @@ Unique alpha numeric identifier for the rule. The rule name must not include a f
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Description-Begin -->
 <!-- Description-Source-DDF -->
-Specifies the action for the rule.
+Specifies the action the rule enforces:
+0 - Block
+1 - Allow.
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Description-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Editable-Begin -->
@@ -3132,68 +3128,27 @@ Specifies the action for the rule.
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-DFProperties-Begin -->
 **Description framework properties**:
 
-| Property name | Property value |
-|:--|:--|
-| Format | node |
-| Access Type | Get |
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-DFProperties-End -->
-
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Examples-Begin -->
-<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Examples-End -->
-
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-End -->
-
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Type-Begin -->
-###### MdmStore/HyperVFirewallRules/{FirewallRuleName}/Action/Type
-
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Type-Applicability-Begin -->
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Type-Applicability-End -->
-
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Type-OmaUri-Begin -->
-```Device
-./Vendor/MSFT/Firewall/MdmStore/HyperVFirewallRules/{FirewallRuleName}/Action/Type
-```
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Type-OmaUri-End -->
-
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Type-Description-Begin -->
-<!-- Description-Source-DDF -->
-Specifies the action the rule enforces:
-0 - Block
-1 - Allow.
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Type-Description-End -->
-
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Type-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Type-Editable-End -->
-
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Type-DFProperties-Begin -->
-**Description framework properties**:
-
 | Property name | Property value |
 |:--|:--|
 | Format | int |
 | Access Type | Get, Replace |
 | Default Value  | 1 |
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Type-DFProperties-End -->
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-DFProperties-End -->
 
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Type-AllowedValues-Begin -->
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-AllowedValues-Begin -->
 **Allowed values**:
 
 | Value | Description |
 |:--|:--|
 | 0 | Block. |
 | 1 (Default) | Allow. |
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Type-AllowedValues-End -->
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-AllowedValues-End -->
 
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Type-Examples-Begin -->
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Type-Examples-End -->
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Examples-End -->
 
-<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Type-End -->
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Direction-Begin -->
 ##### MdmStore/HyperVFirewallRules/{FirewallRuleName}/Direction
@@ -3212,7 +3167,7 @@ Specifies the action the rule enforces:
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Direction-Description-Begin -->
 <!-- Description-Source-DDF -->
-Comma separated list. The rule is enabled based on the traffic direction as following.
+The rule is enabled based on the traffic direction as following.
 
 IN - the rule applies to inbound traffic.
 OUT - the rule applies to outbound traffic.
@@ -3385,6 +3340,45 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-LocalPortRanges-End -->
 
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Name-Begin -->
+##### MdmStore/HyperVFirewallRules/{FirewallRuleName}/Name
+
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Name-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Name-Applicability-End -->
+
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Name-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVFirewallRules/{FirewallRuleName}/Name
+```
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Name-OmaUri-End -->
+
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Name-Description-Begin -->
+<!-- Description-Source-DDF -->
+Specifies the friendly name of the Hyper-V Firewall rule.
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Name-Description-End -->
+
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Name-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Name-Editable-End -->
+
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Name-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Name-DFProperties-End -->
+
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Name-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Name-Examples-End -->
+
+<!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Name-End -->
+
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Priority-Begin -->
 ##### MdmStore/HyperVFirewallRules/{FirewallRuleName}/Priority
 
@@ -3402,7 +3396,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Priority-Description-Begin -->
 <!-- Description-Source-DDF -->
-0-255 number representing the IANA Internet Protocol (TCP = 6, UDP = 17). If not specified the default is All.
+This value represents the order of rule enforcement. A lower priority rule is evaluated first. If not specified, block rules are evaluated before allow rules. If priority is configured, it is highly recommended to configure the value for ALL rules to ensure expected evaluation of rules.
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Priority-Description-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Priority-Editable-Begin -->
@@ -3416,7 +3410,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the
 |:--|:--|
 | Format | int |
 | Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Range: `[0-255]` |
+| Allowed Values | Range: `[0-65535]` |
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Priority-DFProperties-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Priority-Examples-Begin -->
@@ -3679,255 +3673,6 @@ This field specifies the VM Creator ID that this rule is applicable to. A NULL G
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-VMCreatorId-End -->
 
-<!-- Device-MdmStore-HyperVLoopbackRules-Begin -->
-### MdmStore/HyperVLoopbackRules
-
-<!-- Device-MdmStore-HyperVLoopbackRules-Applicability-Begin -->
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
-<!-- Device-MdmStore-HyperVLoopbackRules-Applicability-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-OmaUri-Begin -->
-```Device
-./Vendor/MSFT/Firewall/MdmStore/HyperVLoopbackRules
-```
-<!-- Device-MdmStore-HyperVLoopbackRules-OmaUri-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-Description-Begin -->
-<!-- Description-Source-DDF -->
-A list of rules controlling loopback traffic through the Windows Firewall. This enforcement is only for traffic from one container to another or to the host device. These rules are all allow rules.
-<!-- Device-MdmStore-HyperVLoopbackRules-Description-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- Device-MdmStore-HyperVLoopbackRules-Editable-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-DFProperties-Begin -->
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | node |
-| Access Type | Get |
-<!-- Device-MdmStore-HyperVLoopbackRules-DFProperties-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-Examples-Begin -->
-<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- Device-MdmStore-HyperVLoopbackRules-Examples-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Begin -->
-#### MdmStore/HyperVLoopbackRules/{RuleName}
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Applicability-Begin -->
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Applicability-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-OmaUri-Begin -->
-```Device
-./Vendor/MSFT/Firewall/MdmStore/HyperVLoopbackRules/{RuleName}
-```
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-OmaUri-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Description-Begin -->
-<!-- Description-Source-DDF -->
-Unique alpha numeric identifier for the rule. The rule name must not include a forward slash (/).
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Description-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Editable-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-DFProperties-Begin -->
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | node |
-| Access Type | Add, Delete, Get, Replace |
-| Atomic Required | True |
-| Dynamic Node Naming | ServerGeneratedUniqueIdentifier |
-| Allowed Values | Regular Expression: `^[^|/]*$` |
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-DFProperties-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Examples-Begin -->
-<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Examples-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-DestinationVMCreatorId-Begin -->
-##### MdmStore/HyperVLoopbackRules/{RuleName}/DestinationVMCreatorId
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-DestinationVMCreatorId-Applicability-Begin -->
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-DestinationVMCreatorId-Applicability-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-DestinationVMCreatorId-OmaUri-Begin -->
-```Device
-./Vendor/MSFT/Firewall/MdmStore/HyperVLoopbackRules/{RuleName}/DestinationVMCreatorId
-```
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-DestinationVMCreatorId-OmaUri-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-DestinationVMCreatorId-Description-Begin -->
-<!-- Description-Source-DDF -->
-This field specifies the VM Creator ID of the destination of traffic that this rule applies to. If not specified, this applies to All.
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-DestinationVMCreatorId-Description-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-DestinationVMCreatorId-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-DestinationVMCreatorId-Editable-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-DestinationVMCreatorId-DFProperties-Begin -->
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | chr (string) |
-| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Regular Expression: `\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}` |
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-DestinationVMCreatorId-DFProperties-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-DestinationVMCreatorId-Examples-Begin -->
-<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-DestinationVMCreatorId-Examples-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-DestinationVMCreatorId-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Enabled-Begin -->
-##### MdmStore/HyperVLoopbackRules/{RuleName}/Enabled
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Enabled-Applicability-Begin -->
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Enabled-Applicability-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Enabled-OmaUri-Begin -->
-```Device
-./Vendor/MSFT/Firewall/MdmStore/HyperVLoopbackRules/{RuleName}/Enabled
-```
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Enabled-OmaUri-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Enabled-Description-Begin -->
-<!-- Description-Source-DDF -->
-Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true. If not specified - a new rule is disabled by default.
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Enabled-Description-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Enabled-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Enabled-Editable-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Enabled-DFProperties-Begin -->
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | bool |
-| Access Type | Get, Replace |
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Enabled-DFProperties-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Enabled-AllowedValues-Begin -->
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| 0 | Disabled. |
-| 1 | Enabled. |
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Enabled-AllowedValues-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Enabled-Examples-Begin -->
-<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Enabled-Examples-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-Enabled-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-PortRanges-Begin -->
-##### MdmStore/HyperVLoopbackRules/{RuleName}/PortRanges
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-PortRanges-Applicability-Begin -->
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-PortRanges-Applicability-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-PortRanges-OmaUri-Begin -->
-```Device
-./Vendor/MSFT/Firewall/MdmStore/HyperVLoopbackRules/{RuleName}/PortRanges
-```
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-PortRanges-OmaUri-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-PortRanges-Description-Begin -->
-<!-- Description-Source-DDF -->
-Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the default is All.
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-PortRanges-Description-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-PortRanges-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-PortRanges-Editable-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-PortRanges-DFProperties-Begin -->
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | chr (string) |
-| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Regular Expression: `^[0-9,-]+$` |
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-PortRanges-DFProperties-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-PortRanges-Examples-Begin -->
-<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-PortRanges-Examples-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-PortRanges-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-SourceVMCreatorId-Begin -->
-##### MdmStore/HyperVLoopbackRules/{RuleName}/SourceVMCreatorId
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-SourceVMCreatorId-Applicability-Begin -->
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-SourceVMCreatorId-Applicability-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-SourceVMCreatorId-OmaUri-Begin -->
-```Device
-./Vendor/MSFT/Firewall/MdmStore/HyperVLoopbackRules/{RuleName}/SourceVMCreatorId
-```
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-SourceVMCreatorId-OmaUri-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-SourceVMCreatorId-Description-Begin -->
-<!-- Description-Source-DDF -->
-This field specifies the VM Creator ID of the source of the traffic that this rule applies to. If not specified, this applies to All.
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-SourceVMCreatorId-Description-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-SourceVMCreatorId-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-SourceVMCreatorId-Editable-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-SourceVMCreatorId-DFProperties-Begin -->
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | chr (string) |
-| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Regular Expression: `\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}` |
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-SourceVMCreatorId-DFProperties-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-SourceVMCreatorId-Examples-Begin -->
-<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-SourceVMCreatorId-Examples-End -->
-
-<!-- Device-MdmStore-HyperVLoopbackRules-{RuleName}-SourceVMCreatorId-End -->
-
 <!-- Device-MdmStore-HyperVVMSettings-Begin -->
 ### MdmStore/HyperVVMSettings
 
@@ -4026,7 +3771,7 @@ VM Creator ID that these settings apply to. Valid format is a GUID.
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-AllowHostPolicyMerge-Description-Begin -->
 <!-- Description-Source-DDF -->
-This value is used as an on/off switch. If this value is true, applicable host firewall rules and settings will be applied to Hyper-V firewall.
+This value is used as an on/off switch. If this value is true, applicable host firewall rules and settings will be applied to Hyper-V Firewall.
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-AllowHostPolicyMerge-Description-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-AllowHostPolicyMerge-Editable-Begin -->
@@ -4075,7 +3820,7 @@ This value is used as an on/off switch. If this value is true, applicable host f
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DefaultInboundAction-Description-Begin -->
 <!-- Description-Source-DDF -->
-This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.
+This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DefaultInboundAction-Description-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DefaultInboundAction-Editable-Begin -->
@@ -4125,7 +3870,7 @@ This value is the action that the firewall does by default (and evaluates at the
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DefaultOutboundAction-Description-Begin -->
 <!-- Description-Source-DDF -->
-This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.
+This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DefaultOutboundAction-Description-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DefaultOutboundAction-Editable-Begin -->
@@ -4213,7 +3958,7 @@ This value is the action that the firewall does by default (and evaluates at the
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-AllowLocalPolicyMerge-Description-Begin -->
 <!-- Description-Source-DDF -->
-This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.
+This value is used as an on/off switch. If this value is false, Hyper-V Firewall rules from the local store are ignored and not enforced.
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-AllowLocalPolicyMerge-Description-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-AllowLocalPolicyMerge-Editable-Begin -->
@@ -4263,7 +4008,7 @@ This value is used as an on/off switch. If this value is false, firewall rules f
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultInboundAction-Description-Begin -->
 <!-- Description-Source-DDF -->
-This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].
+This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultInboundAction-Description-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultInboundAction-Editable-Begin -->
@@ -4313,7 +4058,7 @@ This value is the action that the firewall does by default (and evaluates at the
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultOutboundAction-Description-Begin -->
 <!-- Description-Source-DDF -->
-This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].
+This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultOutboundAction-Description-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultOutboundAction-Editable-Begin -->
@@ -4363,7 +4108,7 @@ This value is the action that the firewall does by default (and evaluates at the
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-EnableFirewall-Description-Begin -->
 <!-- Description-Source-DDF -->
-This value is an on/off switch for the firewall and advanced security enforcement.
+This value is an on/off switch for the Hyper-V Firewall enforcement.
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-EnableFirewall-Description-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-EnableFirewall-Editable-Begin -->
@@ -4412,7 +4157,7 @@ This value is an on/off switch for the firewall and advanced security enforcemen
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-EnableFirewall-Description-Begin -->
 <!-- Description-Source-DDF -->
-This value is an on/off switch for the firewall and advanced security enforcement. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.
+This value is an on/off switch for the Hyper-V Firewall. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-EnableFirewall-Description-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-EnableFirewall-Editable-Begin -->
@@ -4434,8 +4179,8 @@ This value is an on/off switch for the firewall and advanced security enforcemen
 
 | Value | Description |
 |:--|:--|
-| false | Disable Firewall. |
-| true (Default) | Enable Firewall. |
+| false | Disable Hyper-V Firewall. |
+| true (Default) | Enable Hyper-V Firewall. |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-EnableFirewall-AllowedValues-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-EnableFirewall-Examples-Begin -->
@@ -4548,7 +4293,7 @@ This value is an on/off switch for loopback traffic. This determines if this VM
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-AllowLocalPolicyMerge-Description-Begin -->
 <!-- Description-Source-DDF -->
-This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.
+This value is used as an on/off switch. If this value is false, Hyper-V Firewall rules from the local store are ignored and not enforced.
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-AllowLocalPolicyMerge-Description-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-AllowLocalPolicyMerge-Editable-Begin -->
@@ -4598,7 +4343,7 @@ This value is used as an on/off switch. If this value is false, firewall rules f
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultInboundAction-Description-Begin -->
 <!-- Description-Source-DDF -->
-This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].
+This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultInboundAction-Description-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultInboundAction-Editable-Begin -->
@@ -4648,7 +4393,7 @@ This value is the action that the firewall does by default (and evaluates at the
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultOutboundAction-Description-Begin -->
 <!-- Description-Source-DDF -->
-This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].
+This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultOutboundAction-Description-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultOutboundAction-Editable-Begin -->
@@ -4698,7 +4443,7 @@ This value is the action that the firewall does by default (and evaluates at the
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-EnableFirewall-Description-Begin -->
 <!-- Description-Source-DDF -->
-This value is an on/off switch for the firewall and advanced security enforcement.
+This value is an on/off switch for the Hyper-V Firewall enforcement.
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-EnableFirewall-Description-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-EnableFirewall-Editable-Begin -->
@@ -4785,7 +4530,7 @@ This value is an on/off switch for the firewall and advanced security enforcemen
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-AllowLocalPolicyMerge-Description-Begin -->
 <!-- Description-Source-DDF -->
-This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.
+This value is used as an on/off switch. If this value is false, Hyper-V Firewall rules from the local store are ignored and not enforced.
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-AllowLocalPolicyMerge-Description-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-AllowLocalPolicyMerge-Editable-Begin -->
@@ -4835,7 +4580,7 @@ This value is used as an on/off switch. If this value is false, firewall rules f
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultInboundAction-Description-Begin -->
 <!-- Description-Source-DDF -->
-This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].
+This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultInboundAction-Description-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultInboundAction-Editable-Begin -->
@@ -4885,7 +4630,7 @@ This value is the action that the firewall does by default (and evaluates at the
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultOutboundAction-Description-Begin -->
 <!-- Description-Source-DDF -->
-This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].
+This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultOutboundAction-Description-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultOutboundAction-Editable-Begin -->
@@ -4935,7 +4680,7 @@ This value is the action that the firewall does by default (and evaluates at the
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-EnableFirewall-Description-Begin -->
 <!-- Description-Source-DDF -->
-This value is an on/off switch for the firewall and advanced security enforcement.
+This value is an on/off switch for the Hyper-V Firewall enforcement.
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-EnableFirewall-Description-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-EnableFirewall-Editable-Begin -->
@@ -4957,8 +4702,8 @@ This value is an on/off switch for the firewall and advanced security enforcemen
 
 | Value | Description |
 |:--|:--|
-| false | Disable Firewall. |
-| true (Default) | Enable Firewall. |
+| false | Disable Hyper-V Firewall. |
+| true (Default) | Enable Hyper-V Firewall. |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-EnableFirewall-AllowedValues-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-EnableFirewall-Examples-Begin -->
diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md
index 4eb6ee5f96..6fd0b6982d 100644
--- a/windows/client-management/mdm/firewall-ddf-file.md
+++ b/windows/client-management/mdm/firewall-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -2855,7 +2855,7 @@ The following XML file contains the device description framework (DDF) for the F
                 <Replace />
               </AccessType>
               <DefaultValue>true</DefaultValue>
-              <Description>This value is an on/off switch for the firewall and advanced security enforcement. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.</Description>
+              <Description>This value is an on/off switch for the Hyper-V Firewall. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.</Description>
               <DFFormat>
                 <bool />
               </DFFormat>
@@ -2871,11 +2871,11 @@ The following XML file contains the device description framework (DDF) for the F
               <MSFT:AllowedValues ValueType="ENUM">
                 <MSFT:Enum>
                   <MSFT:Value>false</MSFT:Value>
-                  <MSFT:ValueDescription>Disable Firewall</MSFT:ValueDescription>
+                  <MSFT:ValueDescription>Disable Hyper-V Firewall</MSFT:ValueDescription>
                 </MSFT:Enum>
                 <MSFT:Enum>
                   <MSFT:Value>true</MSFT:Value>
-                  <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                  <MSFT:ValueDescription>Enable Hyper-V Firewall</MSFT:ValueDescription>
                 </MSFT:Enum>
               </MSFT:AllowedValues>
             </DFProperties>
@@ -2888,7 +2888,7 @@ The following XML file contains the device description framework (DDF) for the F
                 <Replace />
               </AccessType>
               <DefaultValue>0</DefaultValue>
-              <Description>This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.</Description>
+              <Description>This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.</Description>
               <DFFormat>
                 <int />
               </DFFormat>
@@ -2918,7 +2918,7 @@ The following XML file contains the device description framework (DDF) for the F
                     <MSFT:DependencyAllowedValue ValueType="ENUM">
                       <MSFT:Enum>
                         <MSFT:Value>true</MSFT:Value>
-                        <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                        <MSFT:ValueDescription>Enable Hyper-V Firewall</MSFT:ValueDescription>
                       </MSFT:Enum>
                     </MSFT:DependencyAllowedValue>
                   </MSFT:Dependency>
@@ -2934,7 +2934,7 @@ The following XML file contains the device description framework (DDF) for the F
                 <Replace />
               </AccessType>
               <DefaultValue>1</DefaultValue>
-              <Description>This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.</Description>
+              <Description>This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.</Description>
               <DFFormat>
                 <int />
               </DFFormat>
@@ -2964,7 +2964,7 @@ The following XML file contains the device description framework (DDF) for the F
                     <MSFT:DependencyAllowedValue ValueType="ENUM">
                       <MSFT:Enum>
                         <MSFT:Value>true</MSFT:Value>
-                        <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                        <MSFT:ValueDescription>Enable Hyper-V Firewall</MSFT:ValueDescription>
                       </MSFT:Enum>
                     </MSFT:DependencyAllowedValue>
                   </MSFT:Dependency>
@@ -3012,7 +3012,7 @@ The following XML file contains the device description framework (DDF) for the F
                 <Replace />
               </AccessType>
               <DefaultValue>true</DefaultValue>
-              <Description>This value is used as an on/off switch. If this value is true, applicable host firewall rules and settings will be applied to Hyper-V firewall.</Description>
+              <Description>This value is used as an on/off switch. If this value is true, applicable host firewall rules and settings will be applied to Hyper-V Firewall.</Description>
               <DFFormat>
                 <bool />
               </DFFormat>
@@ -3063,7 +3063,7 @@ The following XML file contains the device description framework (DDF) for the F
                   <Replace />
                 </AccessType>
                 <DefaultValue>true</DefaultValue>
-                <Description>This value is an on/off switch for the firewall and advanced security enforcement.</Description>
+                <Description>This value is an on/off switch for the Hyper-V Firewall enforcement.</Description>
                 <DFFormat>
                   <bool />
                 </DFFormat>
@@ -3096,7 +3096,7 @@ The following XML file contains the device description framework (DDF) for the F
                   <Replace />
                 </AccessType>
                 <DefaultValue>0</DefaultValue>
-                <Description>This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].</Description>
+                <Description>This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].</Description>
                 <DFFormat>
                   <int />
                 </DFFormat>
@@ -3126,7 +3126,7 @@ The following XML file contains the device description framework (DDF) for the F
                       <MSFT:DependencyAllowedValue ValueType="ENUM">
                         <MSFT:Enum>
                           <MSFT:Value>true</MSFT:Value>
-                          <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                          <MSFT:ValueDescription>Enable Hyper-V Firewall</MSFT:ValueDescription>
                         </MSFT:Enum>
                       </MSFT:DependencyAllowedValue>
                     </MSFT:Dependency>
@@ -3142,7 +3142,7 @@ The following XML file contains the device description framework (DDF) for the F
                   <Replace />
                 </AccessType>
                 <DefaultValue>1</DefaultValue>
-                <Description>This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].</Description>
+                <Description>This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].</Description>
                 <DFFormat>
                   <int />
                 </DFFormat>
@@ -3172,7 +3172,7 @@ The following XML file contains the device description framework (DDF) for the F
                       <MSFT:DependencyAllowedValue ValueType="ENUM">
                         <MSFT:Enum>
                           <MSFT:Value>true</MSFT:Value>
-                          <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                          <MSFT:ValueDescription>Enable Hyper-V Firewall</MSFT:ValueDescription>
                         </MSFT:Enum>
                       </MSFT:DependencyAllowedValue>
                     </MSFT:Dependency>
@@ -3187,7 +3187,7 @@ The following XML file contains the device description framework (DDF) for the F
                   <Replace />
                 </AccessType>
                 <DefaultValue>true</DefaultValue>
-                <Description>This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced.  The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.</Description>
+                <Description>This value is used as an on/off switch. If this value is false, Hyper-V Firewall rules from the local store are ignored and not enforced.</Description>
                 <DFFormat>
                   <bool />
                 </DFFormat>
@@ -3217,7 +3217,7 @@ The following XML file contains the device description framework (DDF) for the F
                       <MSFT:DependencyAllowedValue ValueType="ENUM">
                         <MSFT:Enum>
                           <MSFT:Value>true</MSFT:Value>
-                          <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                          <MSFT:ValueDescription>Enable Hyper-V Firewall</MSFT:ValueDescription>
                         </MSFT:Enum>
                       </MSFT:DependencyAllowedValue>
                     </MSFT:Dependency>
@@ -3252,7 +3252,7 @@ The following XML file contains the device description framework (DDF) for the F
                   <Replace />
                 </AccessType>
                 <DefaultValue>true</DefaultValue>
-                <Description>This value is an on/off switch for the firewall and advanced security enforcement.</Description>
+                <Description>This value is an on/off switch for the Hyper-V Firewall enforcement.</Description>
                 <DFFormat>
                   <bool />
                 </DFFormat>
@@ -3285,7 +3285,7 @@ The following XML file contains the device description framework (DDF) for the F
                   <Replace />
                 </AccessType>
                 <DefaultValue>0</DefaultValue>
-                <Description>This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].</Description>
+                <Description>This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].</Description>
                 <DFFormat>
                   <int />
                 </DFFormat>
@@ -3315,7 +3315,7 @@ The following XML file contains the device description framework (DDF) for the F
                       <MSFT:DependencyAllowedValue ValueType="ENUM">
                         <MSFT:Enum>
                           <MSFT:Value>true</MSFT:Value>
-                          <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                          <MSFT:ValueDescription>Enable Hyper-V Firewall</MSFT:ValueDescription>
                         </MSFT:Enum>
                       </MSFT:DependencyAllowedValue>
                     </MSFT:Dependency>
@@ -3331,7 +3331,7 @@ The following XML file contains the device description framework (DDF) for the F
                   <Replace />
                 </AccessType>
                 <DefaultValue>1</DefaultValue>
-                <Description>This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].</Description>
+                <Description>This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].</Description>
                 <DFFormat>
                   <int />
                 </DFFormat>
@@ -3361,7 +3361,7 @@ The following XML file contains the device description framework (DDF) for the F
                       <MSFT:DependencyAllowedValue ValueType="ENUM">
                         <MSFT:Enum>
                           <MSFT:Value>true</MSFT:Value>
-                          <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                          <MSFT:ValueDescription>Enable Hyper-V Firewall</MSFT:ValueDescription>
                         </MSFT:Enum>
                       </MSFT:DependencyAllowedValue>
                     </MSFT:Dependency>
@@ -3376,7 +3376,7 @@ The following XML file contains the device description framework (DDF) for the F
                   <Replace />
                 </AccessType>
                 <DefaultValue>true</DefaultValue>
-                <Description>This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced.  The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.</Description>
+                <Description>This value is used as an on/off switch. If this value is false, Hyper-V Firewall rules from the local store are ignored and not enforced.</Description>
                 <DFFormat>
                   <bool />
                 </DFFormat>
@@ -3406,7 +3406,7 @@ The following XML file contains the device description framework (DDF) for the F
                       <MSFT:DependencyAllowedValue ValueType="ENUM">
                         <MSFT:Enum>
                           <MSFT:Value>true</MSFT:Value>
-                          <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                          <MSFT:ValueDescription>Enable Hyper-V Firewall</MSFT:ValueDescription>
                         </MSFT:Enum>
                       </MSFT:DependencyAllowedValue>
                     </MSFT:Dependency>
@@ -3441,7 +3441,7 @@ The following XML file contains the device description framework (DDF) for the F
                   <Replace />
                 </AccessType>
                 <DefaultValue>true</DefaultValue>
-                <Description>This value is an on/off switch for the firewall and advanced security enforcement.</Description>
+                <Description>This value is an on/off switch for the Hyper-V Firewall enforcement.</Description>
                 <DFFormat>
                   <bool />
                 </DFFormat>
@@ -3457,11 +3457,11 @@ The following XML file contains the device description framework (DDF) for the F
                 <MSFT:AllowedValues ValueType="ENUM">
                   <MSFT:Enum>
                     <MSFT:Value>false</MSFT:Value>
-                    <MSFT:ValueDescription>Disable Firewall</MSFT:ValueDescription>
+                    <MSFT:ValueDescription>Disable Hyper-V Firewall</MSFT:ValueDescription>
                   </MSFT:Enum>
                   <MSFT:Enum>
                     <MSFT:Value>true</MSFT:Value>
-                    <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                    <MSFT:ValueDescription>Enable Hyper-V Firewall</MSFT:ValueDescription>
                   </MSFT:Enum>
                 </MSFT:AllowedValues>
               </DFProperties>
@@ -3474,7 +3474,7 @@ The following XML file contains the device description framework (DDF) for the F
                   <Replace />
                 </AccessType>
                 <DefaultValue>0</DefaultValue>
-                <Description>This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].</Description>
+                <Description>This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].</Description>
                 <DFFormat>
                   <int />
                 </DFFormat>
@@ -3504,7 +3504,7 @@ The following XML file contains the device description framework (DDF) for the F
                       <MSFT:DependencyAllowedValue ValueType="ENUM">
                         <MSFT:Enum>
                           <MSFT:Value>true</MSFT:Value>
-                          <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                          <MSFT:ValueDescription>Enable Hyper-V Firewall</MSFT:ValueDescription>
                         </MSFT:Enum>
                       </MSFT:DependencyAllowedValue>
                     </MSFT:Dependency>
@@ -3520,7 +3520,7 @@ The following XML file contains the device description framework (DDF) for the F
                   <Replace />
                 </AccessType>
                 <DefaultValue>1</DefaultValue>
-                <Description>This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].</Description>
+                <Description>This value is the action that the Hyper-V Firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].</Description>
                 <DFFormat>
                   <int />
                 </DFFormat>
@@ -3550,7 +3550,7 @@ The following XML file contains the device description framework (DDF) for the F
                       <MSFT:DependencyAllowedValue ValueType="ENUM">
                         <MSFT:Enum>
                           <MSFT:Value>true</MSFT:Value>
-                          <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                          <MSFT:ValueDescription>Enable Hyper-V Firewall</MSFT:ValueDescription>
                         </MSFT:Enum>
                       </MSFT:DependencyAllowedValue>
                     </MSFT:Dependency>
@@ -3565,7 +3565,7 @@ The following XML file contains the device description framework (DDF) for the F
                   <Replace />
                 </AccessType>
                 <DefaultValue>true</DefaultValue>
-                <Description>This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced.  The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.</Description>
+                <Description>This value is used as an on/off switch. If this value is false, Hyper-V Firewall rules from the local store are ignored and not enforced.</Description>
                 <DFFormat>
                   <bool />
                 </DFFormat>
@@ -3595,7 +3595,7 @@ The following XML file contains the device description framework (DDF) for the F
                       <MSFT:DependencyAllowedValue ValueType="ENUM">
                         <MSFT:Enum>
                           <MSFT:Value>true</MSFT:Value>
-                          <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                          <MSFT:ValueDescription>Enable Hyper-V Firewall</MSFT:ValueDescription>
                         </MSFT:Enum>
                       </MSFT:DependencyAllowedValue>
                     </MSFT:Dependency>
@@ -3818,7 +3818,10 @@ ServiceName</Description>
                 <Get />
                 <Replace />
               </AccessType>
-              <Description>Comma Separated list of ranges for eg. 100-120,200,300-320.  If not specified the default is All.</Description>
+              <Description>
+                    Comma Separated list of ranges for eg. 100-120,200,300-320.  If not specified the default is All.
+                    When setting this field in a firewall rule, the protocol field must also be set, to either 6 (TCP) or 17 (UDP).
+                  </Description>
               <DFFormat>
                 <chr />
               </DFFormat>
@@ -3846,7 +3849,10 @@ ServiceName</Description>
                 <Get />
                 <Replace />
               </AccessType>
-              <Description> Comma Separated list of ranges for eg. 100-120,200,300-320.  If not specified the default is All.</Description>
+              <Description>
+                    Comma Separated list of ranges for eg. 100-120,200,300-320.  If not specified the default is All.
+                    When setting this field in a firewall rule, the protocol field must also be set, to either 6 (TCP) or 17 (UDP).
+                  </Description>
               <DFFormat>
                 <chr />
               </DFFormat>
@@ -3878,6 +3884,8 @@ ServiceName</Description>
                     String value. Multiple ICMP type+code pairs can be included in the string by separating each value with a ",". If more than one ICMP type+code pair is specified, the strings must be separated by a comma.
                     To specify all ICMP types and codes, use the "*" character. For specific ICMP types and codes, use the ":" to separate the type and code.
                     The following are valid examples: 3:4 or 1:*. The "*" character can be used to represent any code. The "*" character can't be used to specify any type, examples such as "*:4" or "*:*" are invalid.
+
+                    When setting this field in a firewall rule, the protocol field must also be set, to either 1 (ICMP) or 58 (IPv6-ICMP).
                   </Description>
               <DFFormat>
                 <chr />
@@ -3892,7 +3900,7 @@ ServiceName</Description>
                 <MIME />
               </DFType>
               <MSFT:Applicability>
-                <MSFT:OsBuildVersion>10.0.19043</MSFT:OsBuildVersion>
+                <MSFT:OsBuildVersion>10.0.20348</MSFT:OsBuildVersion>
                 <MSFT:CspVersion>1.0</MSFT:CspVersion>
               </MSFT:Applicability>
               <MSFT:AllowedValues ValueType="None">
@@ -3909,7 +3917,7 @@ ServiceName</Description>
                 <Get />
                 <Replace />
               </AccessType>
-              <Description>Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "*" is the default value. 
+              <Description>Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "*" is the default value.
 Valid tokens include:
 "*" indicates any local address. If present, this must be the only token included.
 
@@ -4172,7 +4180,7 @@ If not specified - a new rule is disabled by default.</Description>
                 <Replace />
               </AccessType>
               <DefaultValue>OUT</DefaultValue>
-              <Description>Comma separated list.  The rule is enabled based on the traffic direction as following.
+              <Description>The rule is enabled based on the traffic direction as following.
 
 IN - the rule applies to inbound traffic.
 OUT - the rule applies to outbound traffic.
@@ -4328,7 +4336,7 @@ This is a string in Security Descriptor Definition Language (SDDL) format..</Des
                 <Get />
                 <Replace />
               </AccessType>
-              <Description> Specifies one WDAC tag. This is a string that can contain any alphanumeric character and any of the characters ":", "/", ".", and "_". </Description>
+              <Description> Specifies one WDAC tag. This is a string that can contain any alphanumeric character and any of the characters ":", "/", ".", and "_". A PolicyAppId and ServiceName cannot be specified in the same rule. </Description>
               <DFFormat>
                 <chr />
               </DFFormat>
@@ -4342,7 +4350,7 @@ This is a string in Security Descriptor Definition Language (SDDL) format..</Des
                 <MIME />
               </DFType>
               <MSFT:Applicability>
-                <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+                <MSFT:OsBuildVersion>10.0.19045.2913, 10.0.22621.1635, 10.0.22000.1880</MSFT:OsBuildVersion>
                 <MSFT:CspVersion>1.1</MSFT:CspVersion>
               </MSFT:Applicability>
               <MSFT:AllowedValues ValueType="RegEx">
@@ -4380,6 +4388,7 @@ This is a string in Security Descriptor Definition Language (SDDL) format..</Des
                 <Get />
                 <Replace />
               </AccessType>
+              <Description>Specifies the friendly name of the firewall rule.</Description>
               <DFFormat>
                 <chr />
               </DFFormat>
@@ -4457,7 +4466,7 @@ This is a string in Security Descriptor Definition Language (SDDL) format..</Des
                 <Get />
                 <Replace />
               </AccessType>
-              <Description>0-255 number representing the IANA Internet Protocol (TCP = 6, UDP = 17).  If not specified the default is All.</Description>
+              <Description>This value represents the order of rule enforcement. A lower priority rule is evaluated first. If not specified, block rules are evaluated before allow rules. If priority is configured, it is highly recommended to configure the value for ALL rules to ensure expected evaluation of rules.</Description>
               <DFFormat>
                 <int />
               </DFFormat>
@@ -4471,7 +4480,7 @@ This is a string in Security Descriptor Definition Language (SDDL) format..</Des
                 <MIME />
               </DFType>
               <MSFT:AllowedValues ValueType="Range">
-                <MSFT:Value>[0-255]</MSFT:Value>
+                <MSFT:Value>[0-65535]</MSFT:Value>
               </MSFT:AllowedValues>
             </DFProperties>
           </Node>
@@ -4483,7 +4492,7 @@ This is a string in Security Descriptor Definition Language (SDDL) format..</Des
                 <Replace />
               </AccessType>
               <DefaultValue>OUT</DefaultValue>
-              <Description>Comma separated list.  The rule is enabled based on the traffic direction as following.
+              <Description>The rule is enabled based on the traffic direction as following.
 
 IN - the rule applies to inbound traffic.
 OUT - the rule applies to outbound traffic.
@@ -4577,7 +4586,7 @@ If not specified the detault is OUT.</Description>
                 <Get />
                 <Replace />
               </AccessType>
-              <Description>Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "*" is the default value. 
+              <Description>Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "*" is the default value.
 Valid tokens include:
 "*" indicates any local address. If present, this must be the only token included.
 
@@ -4695,10 +4704,14 @@ An IPv6 address range in the format of "start address - end address" with no spa
             <DFProperties>
               <AccessType>
                 <Get />
+                <Replace />
               </AccessType>
-              <Description>Specifies the action for the rule.</Description>
+              <DefaultValue>1</DefaultValue>
+              <Description>Specifies the action the rule enforces:
+0 - Block
+1 - Allow</Description>
               <DFFormat>
-                <node />
+                <int />
               </DFFormat>
               <Occurrence>
                 <One />
@@ -4707,44 +4720,19 @@ An IPv6 address range in the format of "start address - end address" with no spa
                 <Dynamic />
               </Scope>
               <DFType>
-                <DDFName />
+                <MIME />
               </DFType>
+              <MSFT:AllowedValues ValueType="ENUM">
+                <MSFT:Enum>
+                  <MSFT:Value>0</MSFT:Value>
+                  <MSFT:ValueDescription>Block</MSFT:ValueDescription>
+                </MSFT:Enum>
+                <MSFT:Enum>
+                  <MSFT:Value>1</MSFT:Value>
+                  <MSFT:ValueDescription>Allow</MSFT:ValueDescription>
+                </MSFT:Enum>
+              </MSFT:AllowedValues>
             </DFProperties>
-            <Node>
-              <NodeName>Type</NodeName>
-              <DFProperties>
-                <AccessType>
-                  <Get />
-                  <Replace />
-                </AccessType>
-                <DefaultValue>1</DefaultValue>
-                <Description>Specifies the action the rule enforces:
-0 - Block
-1 - Allow</Description>
-                <DFFormat>
-                  <int />
-                </DFFormat>
-                <Occurrence>
-                  <One />
-                </Occurrence>
-                <Scope>
-                  <Dynamic />
-                </Scope>
-                <DFType>
-                  <MIME />
-                </DFType>
-                <MSFT:AllowedValues ValueType="ENUM">
-                  <MSFT:Enum>
-                    <MSFT:Value>0</MSFT:Value>
-                    <MSFT:ValueDescription>Block</MSFT:ValueDescription>
-                  </MSFT:Enum>
-                  <MSFT:Enum>
-                    <MSFT:Value>1</MSFT:Value>
-                    <MSFT:ValueDescription>Allow</MSFT:ValueDescription>
-                  </MSFT:Enum>
-                </MSFT:AllowedValues>
-              </DFProperties>
-            </Node>
           </Node>
           <Node>
             <NodeName>Enabled</NodeName>
@@ -4785,7 +4773,7 @@ If not specified - a new rule is disabled by default.</Description>
               <AccessType>
                 <Get />
               </AccessType>
-              <Description>Provides information about the specific verrsion of the rule in deployment for monitoring purposes.</Description>
+              <Description>Provides information about the specific version of the rule in deployment for monitoring purposes.</Description>
               <DFFormat>
                 <chr />
               </DFFormat>
@@ -4840,62 +4828,8 @@ If not specified - a new rule is disabled by default.</Description>
               </MSFT:AllowedValues>
             </DFProperties>
           </Node>
-        </Node>
-      </Node>
-      <Node>
-        <NodeName>HyperVLoopbackRules</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <Description>A list of rules controlling loopback traffic through the Windows Firewall. This enforcement is only for traffic from one container to another or to the host device. These rules are all allow rules.</Description>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <ZeroOrOne />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <DDFName />
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>
-          </NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Unique alpha numeric identifier for the rule.  The rule name must not include a forward slash (/).</Description>
-            <DFFormat>
-              <node />
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrMore />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFTitle>RuleName</DFTitle>
-            <DFType>
-              <DDFName />
-            </DFType>
-            <MSFT:DynamicNodeNaming>
-              <MSFT:ServerGeneratedUniqueIdentifier />
-            </MSFT:DynamicNodeNaming>
-            <MSFT:AllowedValues ValueType="RegEx">
-              <MSFT:Value>^[^|/]*$</MSFT:Value>
-            </MSFT:AllowedValues>
-            <MSFT:AtomicRequired />
-          </DFProperties>
           <Node>
-            <NodeName>SourceVMCreatorId</NodeName>
+            <NodeName>Name</NodeName>
             <DFProperties>
               <AccessType>
                 <Add />
@@ -4903,12 +4837,12 @@ If not specified - a new rule is disabled by default.</Description>
                 <Get />
                 <Replace />
               </AccessType>
-              <Description>This field specifies the VM Creator ID of the source of the traffic that this rule applies to. If not specified, this applies to All.</Description>
+              <Description>Specifies the friendly name of the Hyper-V Firewall rule.</Description>
               <DFFormat>
                 <chr />
               </DFFormat>
               <Occurrence>
-                <ZeroOrOne />
+                <One />
               </Occurrence>
               <Scope>
                 <Dynamic />
@@ -4916,96 +4850,6 @@ If not specified - a new rule is disabled by default.</Description>
               <DFType>
                 <MIME />
               </DFType>
-              <MSFT:AllowedValues ValueType="RegEx">
-                <MSFT:Value>\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}</MSFT:Value>
-              </MSFT:AllowedValues>
-            </DFProperties>
-          </Node>
-          <Node>
-            <NodeName>DestinationVMCreatorId</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Add />
-                <Delete />
-                <Get />
-                <Replace />
-              </AccessType>
-              <Description>This field specifies the VM Creator ID of the destination of traffic that this rule applies to. If not specified, this applies to All.</Description>
-              <DFFormat>
-                <chr />
-              </DFFormat>
-              <Occurrence>
-                <ZeroOrOne />
-              </Occurrence>
-              <Scope>
-                <Dynamic />
-              </Scope>
-              <DFType>
-                <MIME />
-              </DFType>
-              <MSFT:AllowedValues ValueType="RegEx">
-                <MSFT:Value>\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}</MSFT:Value>
-              </MSFT:AllowedValues>
-            </DFProperties>
-          </Node>
-          <Node>
-            <NodeName>PortRanges</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Add />
-                <Delete />
-                <Get />
-                <Replace />
-              </AccessType>
-              <Description>Comma Separated list of ranges for eg. 100-120,200,300-320.  If not specified the default is All.</Description>
-              <DFFormat>
-                <chr />
-              </DFFormat>
-              <Occurrence>
-                <ZeroOrOne />
-              </Occurrence>
-              <Scope>
-                <Dynamic />
-              </Scope>
-              <DFType>
-                <MIME />
-              </DFType>
-              <MSFT:AllowedValues ValueType="RegEx">
-                <MSFT:Value>^[0-9,-]+$</MSFT:Value>
-                <MSFT:List Delimiter="," />
-              </MSFT:AllowedValues>
-            </DFProperties>
-          </Node>
-          <Node>
-            <NodeName>Enabled</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Get />
-                <Replace />
-              </AccessType>
-              <Description>Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true. If not specified - a new rule is disabled by default.</Description>
-              <DFFormat>
-                <bool />
-              </DFFormat>
-              <Occurrence>
-                <ZeroOrOne />
-              </Occurrence>
-              <Scope>
-                <Dynamic />
-              </Scope>
-              <DFType>
-                <MIME />
-              </DFType>
-              <MSFT:AllowedValues ValueType="ENUM">
-                <MSFT:Enum>
-                  <MSFT:Value>0</MSFT:Value>
-                  <MSFT:ValueDescription>Disabled</MSFT:ValueDescription>
-                </MSFT:Enum>
-                <MSFT:Enum>
-                  <MSFT:Value>1</MSFT:Value>
-                  <MSFT:ValueDescription>Enabled</MSFT:ValueDescription>
-                </MSFT:Enum>
-              </MSFT:AllowedValues>
             </DFProperties>
           </Node>
         </Node>
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 08332c2601..bec6c70554 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -4,7 +4,7 @@ description: Learn about the ADMX-backed policies in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -2350,6 +2350,11 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [TurnOffDataExecutionPreventionForExplorer](policy-csp-fileexplorer.md)
 - [TurnOffHeapTerminationOnCorruption](policy-csp-fileexplorer.md)
 
+## FileSystem
+
+- [EnableDevDrive](policy-csp-filesystem.md)
+- [DevDriveAttachPolicy](policy-csp-filesystem.md)
+
 ## InternetExplorer
 
 - [AddSearchProvider](policy-csp-internetexplorer.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
index 6aba70d787..f9aa11914a 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Group Policy.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -340,9 +340,6 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [ClearTextPassword](policy-csp-devicelock.md)
 - [PasswordComplexity](policy-csp-devicelock.md)
 - [PasswordHistorySize](policy-csp-devicelock.md)
-- [AccountLockoutThreshold](policy-csp-devicelock.md)
-- [AccountLockoutDuration](policy-csp-devicelock.md)
-- [ResetAccountLockoutCounterAfter](policy-csp-devicelock.md)
 - [AllowAdministratorLockout](policy-csp-devicelock.md)
 
 ## Display
@@ -689,7 +686,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [StartLayout](policy-csp-start.md)
 - [ConfigureStartPins](policy-csp-start.md)
 - [HideRecommendedSection](policy-csp-start.md)
-- [HideRecoPersonalizedSites](policy-csp-start.md)
+- [HideRecommendedPersonalizedSites](policy-csp-start.md)
 - [HideTaskViewButton](policy-csp-start.md)
 - [DisableControlCenter](policy-csp-start.md)
 - [ForceStartSize](policy-csp-start.md)
@@ -700,7 +697,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [StartLayout](policy-csp-start.md)
 - [ConfigureStartPins](policy-csp-start.md)
 - [HideRecommendedSection](policy-csp-start.md)
-- [HideRecoPersonalizedSites](policy-csp-start.md)
+- [HideRecommendedPersonalizedSites](policy-csp-start.md)
 - [SimplifyQuickSettings](policy-csp-start.md)
 - [DisableEditingQuickSettings](policy-csp-start.md)
 - [HideTaskViewButton](policy-csp-start.md)
@@ -884,7 +881,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [DenyLogOnAsBatchJob](policy-csp-userrights.md)
 - [LogOnAsService](policy-csp-userrights.md)
 - [IncreaseProcessWorkingSet](policy-csp-userrights.md)
-- [DenyServiceLogonRight](policy-csp-userrights.md)
+- [DenyLogOnAsService](policy-csp-userrights.md)
 
 ## VirtualizationBasedTechnology
 
@@ -897,7 +894,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [NotifyMalicious](policy-csp-webthreatdefense.md)
 - [NotifyPasswordReuse](policy-csp-webthreatdefense.md)
 - [NotifyUnsafeApp](policy-csp-webthreatdefense.md)
-- [CaptureThreatWindow](policy-csp-webthreatdefense.md)
+- [AutomaticDataCollection](policy-csp-webthreatdefense.md)
 
 ## Wifi
 
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
index e17a1d7e53..4be961a69f 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
@@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Windows 10 Team
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/28/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -257,6 +257,7 @@ This article lists the policies in Policy CSP that are applicable for the Surfac
 
 ## Start
 
+- [HideRecommendedPersonalizedSites](policy-csp-start.md#hiderecommendedpersonalizedsites)
 - [StartLayout](policy-csp-start.md#startlayout)
 
 ## System
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 1eba8fd662..23bf0f8152 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -4,7 +4,7 @@ description: Learn more about the Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/28/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -1120,6 +1120,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f
 - [ExploitGuard](policy-csp-exploitguard.md)
 - [FederatedAuthentication](policy-csp-federatedauthentication.md)
 - [FileExplorer](policy-csp-fileexplorer.md)
+- [FileSystem](policy-csp-filesystem.md)
 - [Games](policy-csp-games.md)
 - [Handwriting](policy-csp-handwriting.md)
 - [HumanPresence](policy-csp-humanpresence.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
index fbc5c518ac..5c5b42532a 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_SharedFolders Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -31,7 +31,7 @@ ms.topic: reference
 <!-- PublishDfsRoots-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PublishDfsRoots-Applicability-End -->
 
 <!-- PublishDfsRoots-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 69a26fb46f..80e5d67f50 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -4,7 +4,7 @@ description: Learn more about the DeviceLock Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -30,105 +30,44 @@ ms.topic: reference
 > The DeviceLock CSP utilizes the [Exchange ActiveSync Policy Engine](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)). When password length and complexity rules are applied, all the local user and administrator accounts are marked to change their password at the next sign in to ensure complexity requirements are met. For more information, see [Password length and complexity supported by account types](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)#password-length-and-complexity-supported-by-account-types).
 <!-- DeviceLock-Editable-End -->
 
-<!-- AccountLockoutDuration-Begin -->
-## AccountLockoutDuration
+<!-- AccountLockoutPolicy-Begin -->
+## AccountLockoutPolicy
 
-<!-- AccountLockoutDuration-Applicability-Begin -->
+<!-- AccountLockoutPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
-<!-- AccountLockoutDuration-Applicability-End -->
+<!-- AccountLockoutPolicy-Applicability-End -->
 
-<!-- AccountLockoutDuration-OmaUri-Begin -->
+<!-- AccountLockoutPolicy-OmaUri-Begin -->
 ```Device
-./Device/Vendor/MSFT/Policy/Config/DeviceLock/AccountLockoutDuration
+./Device/Vendor/MSFT/Policy/Config/DeviceLock/AccountLockoutPolicy
 ```
-<!-- AccountLockoutDuration-OmaUri-End -->
+<!-- AccountLockoutPolicy-OmaUri-End -->
 
-<!-- AccountLockoutDuration-Description-Begin -->
+<!-- AccountLockoutPolicy-Description-Begin -->
 <!-- Description-Source-DDF -->
-Account lockout duration This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator explicitly unlocks it. If an account lockout threshold is defined, the account lockout duration must be greater than or equal to the reset time. Default: None, because this policy setting only has meaning when an Account lockout threshold is specified.
-<!-- AccountLockoutDuration-Description-End -->
+Account lockout threshold - This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed logon attempts. If you set the value to 0, the account will never be locked out. Failed password attempts against workstations or member servers that have been locked using either CTRL+ALT+DELETE or password-protected screen savers count as failed logon attempts. Default: 0 Account lockout duration - This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator explicitly unlocks it. If an account lockout threshold is defined, the account lockout duration must be greater than or equal to the reset time. Default: None, because this policy setting only has meaning when an Account lockout threshold is specified. Reset account lockout counter after - This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes. If an account lockout threshold is defined, this reset time must be less than or equal to the Account lockout duration. Default: None, because this policy setting only has meaning when an Account lockout threshold is specified.
+<!-- AccountLockoutPolicy-Description-End -->
 
-<!-- AccountLockoutDuration-Editable-Begin -->
+<!-- AccountLockoutPolicy-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- AccountLockoutDuration-Editable-End -->
+<!-- AccountLockoutPolicy-Editable-End -->
 
-<!-- AccountLockoutDuration-DFProperties-Begin -->
+<!-- AccountLockoutPolicy-DFProperties-Begin -->
 **Description framework properties**:
 
 | Property name | Property value |
 |:--|:--|
-| Format | int |
+| Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Range: `[0-99999]` |
-| Default Value  | 0 |
-<!-- AccountLockoutDuration-DFProperties-End -->
+<!-- AccountLockoutPolicy-DFProperties-End -->
 
-<!-- AccountLockoutDuration-GpMapping-Begin -->
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | Account lockout duration |
-| Path | Windows Settings > Security Settings > Account Policies > Account Lockout Policy |
-<!-- AccountLockoutDuration-GpMapping-End -->
-
-<!-- AccountLockoutDuration-Examples-Begin -->
+<!-- AccountLockoutPolicy-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- AccountLockoutDuration-Examples-End -->
+<!-- AccountLockoutPolicy-Examples-End -->
 
-<!-- AccountLockoutDuration-End -->
-
-<!-- AccountLockoutThreshold-Begin -->
-## AccountLockoutThreshold
-
-<!-- AccountLockoutThreshold-Applicability-Begin -->
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
-<!-- AccountLockoutThreshold-Applicability-End -->
-
-<!-- AccountLockoutThreshold-OmaUri-Begin -->
-```Device
-./Device/Vendor/MSFT/Policy/Config/DeviceLock/AccountLockoutThreshold
-```
-<!-- AccountLockoutThreshold-OmaUri-End -->
-
-<!-- AccountLockoutThreshold-Description-Begin -->
-<!-- Description-Source-DDF -->
-Account lockout threshold - This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed logon attempts. If you set the value to 0, the account will never be locked out. Failed password attempts against workstations or member servers that have been locked using either CTRL+ALT+DELETE or password-protected screen savers count as failed logon attempts. Default: 0.
-<!-- AccountLockoutThreshold-Description-End -->
-
-<!-- AccountLockoutThreshold-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- AccountLockoutThreshold-Editable-End -->
-
-<!-- AccountLockoutThreshold-DFProperties-Begin -->
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | int |
-| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Range: `[0-10]` |
-| Default Value  | 0 |
-<!-- AccountLockoutThreshold-DFProperties-End -->
-
-<!-- AccountLockoutThreshold-GpMapping-Begin -->
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | Account lockout threshold |
-| Path | Windows Settings > Security Settings > Account Policies > Account Lockout Policy |
-<!-- AccountLockoutThreshold-GpMapping-End -->
-
-<!-- AccountLockoutThreshold-Examples-Begin -->
-<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- AccountLockoutThreshold-Examples-End -->
-
-<!-- AccountLockoutThreshold-End -->
+<!-- AccountLockoutPolicy-End -->
 
 <!-- AllowAdministratorLockout-Begin -->
 ## AllowAdministratorLockout
@@ -162,7 +101,7 @@ Allow Administrator account lockout This security setting determines whether the
 | Format | int |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | Range: `[0-1]` |
-| Default Value  | 0 |
+| Default Value  | 1 |
 <!-- AllowAdministratorLockout-DFProperties-End -->
 
 <!-- AllowAdministratorLockout-GpMapping-Begin -->
@@ -1165,11 +1104,11 @@ Complexity requirements are enforced when passwords are changed or created.
 
 <!-- PasswordHistorySize-Description-Begin -->
 <!-- Description-Source-DDF -->
-Minimum password length
-This security setting determines the least number of characters that a password for a user account may contain. The maximum value for this setting is dependent on the value of the Relax minimum password length limits setting. If the Relax minimum password length limits setting is not defined, this setting may be configured from 0 to 14. If the Relax minimum password length limits setting is defined and disabled, this setting may be configured from 0 to 14. If the Relax minimum password length limits setting is defined and enabled, this setting may be configured from 0 to 128. Setting the required number of characters to 0 means that no password is required.
+Enforce password history
+This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. The value must be between 0 and 24 passwords. This policy enables administrators to enhance security by ensuring that old passwords are not reused continually. Default: 24 on domain controllers. 0 on stand-alone servers.
 
 > [!NOTE]
-> By default, member computers follow the configuration of their domain controllers. Default: 7 on domain controllers. 0 on stand-alone servers. Configuring this setting than 14 may affect compatibility with clients, services, and applications. Microsoft recommends that you only configure this setting larger than 14 after using the Minimum password length audit setting to test for potential incompatibilities at the new setting.
+> By default, member computers follow the configuration of their domain controllers. To maintain the effectiveness of the password history, do not allow passwords to be changed immediately after they were just changed by also enabling the Minimum password age security policy setting. For information about the minimum password age security policy setting, see Minimum password age.
 <!-- PasswordHistorySize-Description-End -->
 
 <!-- PasswordHistorySize-Editable-Begin -->
@@ -1184,7 +1123,7 @@ This security setting determines the least number of characters that a password
 | Format | int |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | Range: `[0-24]` |
-| Default Value  | 7 |
+| Default Value  | 24 |
 <!-- PasswordHistorySize-DFProperties-End -->
 
 <!-- PasswordHistorySize-GpMapping-Begin -->
@@ -1192,7 +1131,7 @@ This security setting determines the least number of characters that a password
 
 | Name | Value |
 |:--|:--|
-| Name | Minimum password length |
+| Name | Enforce password history |
 | Path | Windows Settings > Security Settings > Account Policies > Password Policy |
 <!-- PasswordHistorySize-GpMapping-End -->
 
@@ -1322,56 +1261,6 @@ If you enable this setting, users will no longer be able to modify slide show se
 
 <!-- PreventLockScreenSlideShow-End -->
 
-<!-- ResetAccountLockoutCounterAfter-Begin -->
-## ResetAccountLockoutCounterAfter
-
-<!-- ResetAccountLockoutCounterAfter-Applicability-Begin -->
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
-<!-- ResetAccountLockoutCounterAfter-Applicability-End -->
-
-<!-- ResetAccountLockoutCounterAfter-OmaUri-Begin -->
-```Device
-./Device/Vendor/MSFT/Policy/Config/DeviceLock/ResetAccountLockoutCounterAfter
-```
-<!-- ResetAccountLockoutCounterAfter-OmaUri-End -->
-
-<!-- ResetAccountLockoutCounterAfter-Description-Begin -->
-<!-- Description-Source-DDF -->
-Reset account lockout counter after - This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes. If an account lockout threshold is defined, this reset time must be less than or equal to the Account lockout duration. Default: None, because this policy setting only has meaning when an Account lockout threshold is specified.
-<!-- ResetAccountLockoutCounterAfter-Description-End -->
-
-<!-- ResetAccountLockoutCounterAfter-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- ResetAccountLockoutCounterAfter-Editable-End -->
-
-<!-- ResetAccountLockoutCounterAfter-DFProperties-Begin -->
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | int |
-| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Range: `[1-99999]` |
-| Default Value  | 0 |
-<!-- ResetAccountLockoutCounterAfter-DFProperties-End -->
-
-<!-- ResetAccountLockoutCounterAfter-GpMapping-Begin -->
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | Reset account lockout counter after |
-| Path | Windows Settings > Security Settings > Account Policies > Account Lockout Policy |
-<!-- ResetAccountLockoutCounterAfter-GpMapping-End -->
-
-<!-- ResetAccountLockoutCounterAfter-Examples-Begin -->
-<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- ResetAccountLockoutCounterAfter-Examples-End -->
-
-<!-- ResetAccountLockoutCounterAfter-End -->
-
 <!-- ScreenTimeoutWhileLocked-Begin -->
 ## ScreenTimeoutWhileLocked
 
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index 19a927a634..040fb1fed2 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -4,7 +4,7 @@ description: Learn more about the Start Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -1424,6 +1424,68 @@ To validate this policy, do the following steps:
 
 <!-- HideRecentlyAddedApps-End -->
 
+<!-- HideRecommendedPersonalizedSites-Begin -->
+## HideRecommendedPersonalizedSites
+
+<!-- HideRecommendedPersonalizedSites-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | <!-- Not-Found --> |
+<!-- HideRecommendedPersonalizedSites-Applicability-End -->
+
+<!-- HideRecommendedPersonalizedSites-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/Policy/Config/Start/HideRecommendedPersonalizedSites
+```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Start/HideRecommendedPersonalizedSites
+```
+<!-- HideRecommendedPersonalizedSites-OmaUri-End -->
+
+<!-- HideRecommendedPersonalizedSites-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting allows you to hide the personalized websites in the recommended section of the Start Menu. If you enable this policy setting, the Start Menu will no longer show personalized website recommendations in the recommended section of the start menu.
+<!-- HideRecommendedPersonalizedSites-Description-End -->
+
+<!-- HideRecommendedPersonalizedSites-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- HideRecommendedPersonalizedSites-Editable-End -->
+
+<!-- HideRecommendedPersonalizedSites-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- HideRecommendedPersonalizedSites-DFProperties-End -->
+
+<!-- HideRecommendedPersonalizedSites-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Personalized Website Recommendations shown. |
+| 1 | Personalized Website Recommendations hidden. |
+<!-- HideRecommendedPersonalizedSites-AllowedValues-End -->
+
+<!-- HideRecommendedPersonalizedSites-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | HideRecommendedPersonalizedSites |
+| Path | StartMenu > AT > StartMenu |
+<!-- HideRecommendedPersonalizedSites-GpMapping-End -->
+
+<!-- HideRecommendedPersonalizedSites-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- HideRecommendedPersonalizedSites-Examples-End -->
+
+<!-- HideRecommendedPersonalizedSites-End -->
+
 <!-- HideRecommendedSection-Begin -->
 ## HideRecommendedSection
 
@@ -1493,68 +1555,6 @@ If you enable this policy setting, the Start Menu will no longer show the sectio
 
 <!-- HideRecommendedSection-End -->
 
-<!-- HideRecoPersonalizedSites-Begin -->
-## HideRecoPersonalizedSites
-
-<!-- HideRecoPersonalizedSites-Applicability-Begin -->
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | <!-- Not-Found --> |
-<!-- HideRecoPersonalizedSites-Applicability-End -->
-
-<!-- HideRecoPersonalizedSites-OmaUri-Begin -->
-```User
-./User/Vendor/MSFT/Policy/Config/Start/HideRecoPersonalizedSites
-```
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Start/HideRecoPersonalizedSites
-```
-<!-- HideRecoPersonalizedSites-OmaUri-End -->
-
-<!-- HideRecoPersonalizedSites-Description-Begin -->
-<!-- Description-Source-DDF -->
-This policy setting allows you to hide the personalized websites in the recommended section of the Start Menu. If you enable this policy setting, the Start Menu will no longer show personalized website recommendations in the recommended section of the start menu.
-<!-- HideRecoPersonalizedSites-Description-End -->
-
-<!-- HideRecoPersonalizedSites-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- HideRecoPersonalizedSites-Editable-End -->
-
-<!-- HideRecoPersonalizedSites-DFProperties-Begin -->
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | int |
-| Access Type | Add, Delete, Get, Replace |
-| Default Value  | 0 |
-<!-- HideRecoPersonalizedSites-DFProperties-End -->
-
-<!-- HideRecoPersonalizedSites-AllowedValues-Begin -->
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| 0 (Default) | Personalized Website Recommendations shown. |
-| 1 | Personalized Website Recommendations hidden. |
-<!-- HideRecoPersonalizedSites-AllowedValues-End -->
-
-<!-- HideRecoPersonalizedSites-GpMapping-Begin -->
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | HideRecoPersonalizedSites |
-| Path | StartMenu > AT > StartMenu |
-<!-- HideRecoPersonalizedSites-GpMapping-End -->
-
-<!-- HideRecoPersonalizedSites-Examples-Begin -->
-<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- HideRecoPersonalizedSites-Examples-End -->
-
-<!-- HideRecoPersonalizedSites-End -->
-
 <!-- HideRestart-Begin -->
 ## HideRestart
 
diff --git a/windows/client-management/mdm/policy-csp-stickers.md b/windows/client-management/mdm/policy-csp-stickers.md
index c977508f6e..d57c186ddb 100644
--- a/windows/client-management/mdm/policy-csp-stickers.md
+++ b/windows/client-management/mdm/policy-csp-stickers.md
@@ -4,7 +4,7 @@ description: Learn more about the Stickers Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- EnableStickers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableStickers-Applicability-End -->
 
 <!-- EnableStickers-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index 4d0a66c573..7832fbfb73 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -4,7 +4,7 @@ description: Learn more about the TextInput Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -949,7 +949,7 @@ This Policy setting applies only to Microsoft Traditional Chinese IME.
 
 <!-- EnableTouchKeyboardAutoInvokeInDesktopMode-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy allows the IT admin to enable the touch keyboard to automatically show up when the device is in the desktop mode. The touch keyboard is enabled in both the tablet and desktop mode. In the tablet mode, when you touch a textbox, the touch keyboard automatically shows up. But in the desktop mode, by default, the touch keyboard does not automatically show up when you touch a textbox. The user must click the system tray to enable the touch keyboard. When this policy is enabled, the touch keyboard automatically shows up when the device is in the desktop mode. This policy corresponds to Show the touch keyboard when not in tablet mode and there's no keyboard attached in the Settings app.
+This policy allows the IT admin to control whether the touch keyboard should show up on tapping an edit control. By default, when you tap a textbox, the touch keyboard automatically shows up when there's no keyboard attached. When this policy is enabled, the touch keyboard can be shown or suppressed regardless of the hardware keyboard availability. This policy corresponds to Show the touch keyboard setting in the Settings app.
 <!-- EnableTouchKeyboardAutoInvokeInDesktopMode-Description-End -->
 
 <!-- EnableTouchKeyboardAutoInvokeInDesktopMode-Editable-Begin -->
@@ -971,8 +971,9 @@ This policy allows the IT admin to enable the touch keyboard to automatically sh
 
 | Value | Description |
 |:--|:--|
-| 0 (Default) | Disabled. |
-| 1 | Enabled. |
+| 0 (Default) | Never. |
+| 1 | When no keyboard attached. |
+| 2 | Always. |
 <!-- EnableTouchKeyboardAutoInvokeInDesktopMode-AllowedValues-End -->
 
 <!-- EnableTouchKeyboardAutoInvokeInDesktopMode-Examples-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index 113eac5d6c..d901a34a02 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -4,7 +4,7 @@ description: Learn more about the UserRights Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -980,6 +980,58 @@ This security setting determines which accounts are prevented from being able to
 
 <!-- DenyLogOnAsBatchJob-End -->
 
+<!-- DenyLogOnAsService-Begin -->
+## DenyLogOnAsService
+
+<!-- DenyLogOnAsService-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+<!-- DenyLogOnAsService-Applicability-End -->
+
+<!-- DenyLogOnAsService-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/UserRights/DenyLogOnAsService
+```
+<!-- DenyLogOnAsService-OmaUri-End -->
+
+<!-- DenyLogOnAsService-Description-Begin -->
+<!-- Description-Source-DDF -->
+Deny log on as a service -This security setting determines which service accounts are prevented from registering a process as a service. This policy setting supersedes the Log on as a service policy setting if an account is subject to both policies.
+
+> [!NOTE]
+> This security setting does not apply to the System, Local Service, or Network Service accounts. Default: None.
+<!-- DenyLogOnAsService-Description-End -->
+
+<!-- DenyLogOnAsService-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DenyLogOnAsService-Editable-End -->
+
+<!-- DenyLogOnAsService-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `0xF000`) |
+<!-- DenyLogOnAsService-DFProperties-End -->
+
+<!-- DenyLogOnAsService-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Deny log on as a service |
+| Path | Windows Settings > Security Settings > Local Policies > User Rights Assignment |
+<!-- DenyLogOnAsService-GpMapping-End -->
+
+<!-- DenyLogOnAsService-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DenyLogOnAsService-Examples-End -->
+
+<!-- DenyLogOnAsService-End -->
+
 <!-- DenyRemoteDesktopServicesLogOn-Begin -->
 ## DenyRemoteDesktopServicesLogOn
 
@@ -1029,58 +1081,6 @@ This user right determines which users and groups are prohibited from logging on
 
 <!-- DenyRemoteDesktopServicesLogOn-End -->
 
-<!-- DenyServiceLogonRight-Begin -->
-## DenyServiceLogonRight
-
-<!-- DenyServiceLogonRight-Applicability-Begin -->
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
-<!-- DenyServiceLogonRight-Applicability-End -->
-
-<!-- DenyServiceLogonRight-OmaUri-Begin -->
-```Device
-./Device/Vendor/MSFT/Policy/Config/UserRights/DenyServiceLogonRight
-```
-<!-- DenyServiceLogonRight-OmaUri-End -->
-
-<!-- DenyServiceLogonRight-Description-Begin -->
-<!-- Description-Source-DDF -->
-This security setting determines which service accounts are prevented from registering a process as a service. This policy setting supersedes the Log on as a service policy setting if an account is subject to both policies.
-
-> [!NOTE]
-> This security setting does not apply to the System, Local Service, or Network Service accounts. Default: None.
-<!-- DenyServiceLogonRight-Description-End -->
-
-<!-- DenyServiceLogonRight-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- DenyServiceLogonRight-Editable-End -->
-
-<!-- DenyServiceLogonRight-DFProperties-Begin -->
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | chr (string) |
-| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | List (Delimiter: `0xF000`) |
-<!-- DenyServiceLogonRight-DFProperties-End -->
-
-<!-- DenyServiceLogonRight-GpMapping-Begin -->
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | Deny log on as a service |
-| Path | Windows Settings > Security Settings > Local Policies > User Rights Assignment |
-<!-- DenyServiceLogonRight-GpMapping-End -->
-
-<!-- DenyServiceLogonRight-Examples-Begin -->
-<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- DenyServiceLogonRight-Examples-End -->
-
-<!-- DenyServiceLogonRight-End -->
-
 <!-- EnableDelegation-Begin -->
 ## EnableDelegation
 
diff --git a/windows/client-management/mdm/policy-csp-webthreatdefense.md b/windows/client-management/mdm/policy-csp-webthreatdefense.md
index 3f32d7c225..d92837b542 100644
--- a/windows/client-management/mdm/policy-csp-webthreatdefense.md
+++ b/windows/client-management/mdm/policy-csp-webthreatdefense.md
@@ -4,7 +4,7 @@ description: Learn more about the WebThreatDefense Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -25,63 +25,63 @@ ms.topic: reference
 > In Microsoft Intune, this CSP is listed under the **Enhanced Phishing Protection** category.
 <!-- WebThreatDefense-Editable-End -->
 
-<!-- CaptureThreatWindow-Begin -->
-## CaptureThreatWindow
+<!-- AutomaticDataCollection-Begin -->
+## AutomaticDataCollection
 
-<!-- CaptureThreatWindow-Applicability-Begin -->
+<!-- AutomaticDataCollection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
-<!-- CaptureThreatWindow-Applicability-End -->
+<!-- AutomaticDataCollection-Applicability-End -->
 
-<!-- CaptureThreatWindow-OmaUri-Begin -->
+<!-- AutomaticDataCollection-OmaUri-Begin -->
 ```Device
-./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/CaptureThreatWindow
+./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/AutomaticDataCollection
 ```
-<!-- CaptureThreatWindow-OmaUri-End -->
+<!-- AutomaticDataCollection-OmaUri-End -->
 
-<!-- CaptureThreatWindow-Description-Begin -->
+<!-- AutomaticDataCollection-Description-Begin -->
 <!-- Description-Source-DDF -->
-Configures Enhanced Phishing Protection notifications to allow to capture the suspicious window on client machines for further threat analysis.
-<!-- CaptureThreatWindow-Description-End -->
+Automatically collect website or app content when additional analysis is needed to help identify security threats.
+<!-- AutomaticDataCollection-Description-End -->
 
-<!-- CaptureThreatWindow-Editable-Begin -->
+<!-- AutomaticDataCollection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- CaptureThreatWindow-Editable-End -->
+<!-- AutomaticDataCollection-Editable-End -->
 
-<!-- CaptureThreatWindow-DFProperties-Begin -->
+<!-- AutomaticDataCollection-DFProperties-Begin -->
 **Description framework properties**:
 
 | Property name | Property value |
 |:--|:--|
 | Format | int |
 | Access Type | Add, Delete, Get, Replace |
-| Default Value  | 1 |
-<!-- CaptureThreatWindow-DFProperties-End -->
+| Default Value  | 0 |
+<!-- AutomaticDataCollection-DFProperties-End -->
 
-<!-- CaptureThreatWindow-AllowedValues-Begin -->
+<!-- AutomaticDataCollection-AllowedValues-Begin -->
 **Allowed values**:
 
 | Value | Description |
 |:--|:--|
-| 0 | Disabled. |
-| 1 (Default) | Enabled. |
-<!-- CaptureThreatWindow-AllowedValues-End -->
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+<!-- AutomaticDataCollection-AllowedValues-End -->
 
-<!-- CaptureThreatWindow-GpMapping-Begin -->
+<!-- AutomaticDataCollection-GpMapping-Begin -->
 **Group policy mapping**:
 
 | Name | Value |
 |:--|:--|
-| Name | CaptureThreatWindow |
+| Name | AutomaticDataCollection |
 | Path | WebThreatDefense > AT > WindowsComponents > WebThreatDefense |
-<!-- CaptureThreatWindow-GpMapping-End -->
+<!-- AutomaticDataCollection-GpMapping-End -->
 
-<!-- CaptureThreatWindow-Examples-Begin -->
+<!-- AutomaticDataCollection-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- CaptureThreatWindow-Examples-End -->
+<!-- AutomaticDataCollection-Examples-End -->
 
-<!-- CaptureThreatWindow-End -->
+<!-- AutomaticDataCollection-End -->
 
 <!-- NotifyMalicious-Begin -->
 ## NotifyMalicious
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 5eb3b2dd3e..e538a7928c 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -4,7 +4,7 @@ description: Learn more about the Wifi Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -228,6 +228,105 @@ Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks.
 
 <!-- AllowManualWiFiConfiguration-End -->
 
+<!-- AllowWFAQosManagementDSCPToUPMapping-Begin -->
+## AllowWFAQosManagementDSCPToUPMapping
+
+<!-- AllowWFAQosManagementDSCPToUPMapping-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | <!-- Not-Found --> |
+<!-- AllowWFAQosManagementDSCPToUPMapping-Applicability-End -->
+
+<!-- AllowWFAQosManagementDSCPToUPMapping-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/Wifi/AllowWFAQosManagementDSCPToUPMapping
+```
+<!-- AllowWFAQosManagementDSCPToUPMapping-OmaUri-End -->
+
+<!-- AllowWFAQosManagementDSCPToUPMapping-Description-Begin -->
+<!-- Description-Source-DDF -->
+Allow or disallow the device to use the DSCP to UP Mapping feature from the Wi-Fi Alliance QOS Management Suite 2020. This policy requires a reboot to take effect.
+<!-- AllowWFAQosManagementDSCPToUPMapping-Description-End -->
+
+<!-- AllowWFAQosManagementDSCPToUPMapping-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowWFAQosManagementDSCPToUPMapping-Editable-End -->
+
+<!-- AllowWFAQosManagementDSCPToUPMapping-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 2 |
+<!-- AllowWFAQosManagementDSCPToUPMapping-DFProperties-End -->
+
+<!-- AllowWFAQosManagementDSCPToUPMapping-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | DSCP to UP Mapping will be disabled. |
+| 1 | DSCP to UP Mapping will be enabled. |
+| 2 (Default) | DSCP to UP Mapping will be enabled only if it is enabled in the network profile. |
+<!-- AllowWFAQosManagementDSCPToUPMapping-AllowedValues-End -->
+
+<!-- AllowWFAQosManagementDSCPToUPMapping-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowWFAQosManagementDSCPToUPMapping-Examples-End -->
+
+<!-- AllowWFAQosManagementDSCPToUPMapping-End -->
+
+<!-- AllowWFAQosManagementMSCS-Begin -->
+## AllowWFAQosManagementMSCS
+
+<!-- AllowWFAQosManagementMSCS-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | <!-- Not-Found --> |
+<!-- AllowWFAQosManagementMSCS-Applicability-End -->
+
+<!-- AllowWFAQosManagementMSCS-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/Wifi/AllowWFAQosManagementMSCS
+```
+<!-- AllowWFAQosManagementMSCS-OmaUri-End -->
+
+<!-- AllowWFAQosManagementMSCS-Description-Begin -->
+<!-- Description-Source-DDF -->
+Allow or disallow the device to automatically request to enable Mirrored Stream Classification Service when connecting to a MSCS capable network. This is a Quality of Service feature associated with Wi-Fi Alliance QoS Management Suite 2020. This policy requires a reboot to take effect.
+<!-- AllowWFAQosManagementMSCS-Description-End -->
+
+<!-- AllowWFAQosManagementMSCS-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowWFAQosManagementMSCS-Editable-End -->
+
+<!-- AllowWFAQosManagementMSCS-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowWFAQosManagementMSCS-DFProperties-End -->
+
+<!-- AllowWFAQosManagementMSCS-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | The device will not automatically request to enable MSCS when connecting to a MSCS capable network. |
+| 1 (Default) | The device will automatically request to enable MSCS when connecting to a MSCS capable network. |
+<!-- AllowWFAQosManagementMSCS-AllowedValues-End -->
+
+<!-- AllowWFAQosManagementMSCS-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowWFAQosManagementMSCS-Examples-End -->
+
+<!-- AllowWFAQosManagementMSCS-End -->
+
 <!-- AllowWiFi-Begin -->
 ## AllowWiFi
 
@@ -245,7 +344,7 @@ Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks.
 
 <!-- AllowWiFi-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy has been deprecated.
+Allow or disallow WiFi connection.
 <!-- AllowWiFi-Description-End -->
 
 <!-- AllowWiFi-Editable-Begin -->
diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md
index 04eabb0246..32c31c0461 100644
--- a/windows/client-management/mdm/reboot-csp.md
+++ b/windows/client-management/mdm/reboot-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the Reboot CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -194,7 +194,7 @@ Value in ISO8601, both the date and time are required. A reboot will be schedule
 <!-- Device-Schedule-WeeklyRecurrent-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Schedule-WeeklyRecurrent-Applicability-End -->
 
 <!-- Device-Schedule-WeeklyRecurrent-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md
index 98866efffa..7771d079d3 100644
--- a/windows/client-management/mdm/reboot-ddf-file.md
+++ b/windows/client-management/mdm/reboot-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -170,6 +170,10 @@ The following XML file contains the device description framework (DDF) for the R
           <DFType>
             <MIME />
           </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.22621</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.0</MSFT:CspVersion>
+          </MSFT:Applicability>
           <MSFT:AllowedValues ValueType="None">
           </MSFT:AllowedValues>
         </DFProperties>
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index da4d51d70b..8c55c2fd8e 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the WindowsLicensing CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/28/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,12 +28,10 @@ The following list shows the WindowsLicensing configuration service provider nod
   - [ChangeProductKey](#changeproductkey)
   - [CheckApplicability](#checkapplicability)
   - [DeviceLicensingService](#devicelicensingservice)
-    - [AcquireDeviceLicense](#devicelicensingserviceacquiredevicelicense)
     - [DeviceLicensingLastError](#devicelicensingservicedevicelicensinglasterror)
     - [DeviceLicensingLastErrorDescription](#devicelicensingservicedevicelicensinglasterrordescription)
     - [DeviceLicensingStatus](#devicelicensingservicedevicelicensingstatus)
     - [LicenseType](#devicelicensingservicelicensetype)
-    - [RemoveDeviceLicense](#devicelicensingserviceremovedevicelicense)
   - [Edition](#edition)
   - [LicenseKeyType](#licensekeytype)
   - [SMode](#smode)
@@ -45,6 +43,12 @@ The following list shows the WindowsLicensing configuration service provider nod
     - [{SubscriptionId}](#subscriptionssubscriptionid)
       - [Name](#subscriptionssubscriptionidname)
       - [Status](#subscriptionssubscriptionidstatus)
+    - [DisableSubscription](#subscriptionsdisablesubscription)
+    - [RemoveSubscription](#subscriptionsremovesubscription)
+    - [SubscriptionLastError](#subscriptionssubscriptionlasterror)
+    - [SubscriptionLastErrorDescription](#subscriptionssubscriptionlasterrordescription)
+    - [SubscriptionStatus](#subscriptionssubscriptionstatus)
+    - [SubscriptionType](#subscriptionssubscriptiontype)
   - [UpgradeEditionWithLicense](#upgradeeditionwithlicense)
   - [UpgradeEditionWithProductKey](#upgradeeditionwithproductkey)
 <!-- WindowsLicensing-Tree-End -->
@@ -167,7 +171,8 @@ Returns TRUE if the entered product key can be used for an edition upgrade of Wi
 <!-- Device-DeviceLicensingService-OmaUri-End -->
 
 <!-- Device-DeviceLicensingService-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-DDF -->
+Device Based Subscription.
 <!-- Device-DeviceLicensingService-Description-End -->
 
 <!-- Device-DeviceLicensingService-Editable-Begin -->
@@ -189,45 +194,6 @@ Returns TRUE if the entered product key can be used for an edition upgrade of Wi
 
 <!-- Device-DeviceLicensingService-End -->
 
-<!-- Device-DeviceLicensingService-AcquireDeviceLicense-Begin -->
-### DeviceLicensingService/AcquireDeviceLicense
-
-<!-- Device-DeviceLicensingService-AcquireDeviceLicense-Applicability-Begin -->
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
-<!-- Device-DeviceLicensingService-AcquireDeviceLicense-Applicability-End -->
-
-<!-- Device-DeviceLicensingService-AcquireDeviceLicense-OmaUri-Begin -->
-```Device
-./Vendor/MSFT/WindowsLicensing/DeviceLicensingService/AcquireDeviceLicense
-```
-<!-- Device-DeviceLicensingService-AcquireDeviceLicense-OmaUri-End -->
-
-<!-- Device-DeviceLicensingService-AcquireDeviceLicense-Description-Begin -->
-<!-- Description-Source-DDF -->
-Acquire and Refresh Device License. Does not reboot.
-<!-- Device-DeviceLicensingService-AcquireDeviceLicense-Description-End -->
-
-<!-- Device-DeviceLicensingService-AcquireDeviceLicense-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- Device-DeviceLicensingService-AcquireDeviceLicense-Editable-End -->
-
-<!-- Device-DeviceLicensingService-AcquireDeviceLicense-DFProperties-Begin -->
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | null |
-| Access Type | Exec |
-<!-- Device-DeviceLicensingService-AcquireDeviceLicense-DFProperties-End -->
-
-<!-- Device-DeviceLicensingService-AcquireDeviceLicense-Examples-Begin -->
-<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- Device-DeviceLicensingService-AcquireDeviceLicense-Examples-End -->
-
-<!-- Device-DeviceLicensingService-AcquireDeviceLicense-End -->
-
 <!-- Device-DeviceLicensingService-DeviceLicensingLastError-Begin -->
 ### DeviceLicensingService/DeviceLicensingLastError
 
@@ -375,7 +341,7 @@ License Type: User Based Subscription or Device Based Subscription.
 | Property name | Property value |
 |:--|:--|
 | Format | int |
-| Access Type | Add, Delete, Get, Replace |
+| Access Type | Get, Replace |
 <!-- Device-DeviceLicensingService-LicenseType-DFProperties-End -->
 
 <!-- Device-DeviceLicensingService-LicenseType-AllowedValues-Begin -->
@@ -393,45 +359,6 @@ License Type: User Based Subscription or Device Based Subscription.
 
 <!-- Device-DeviceLicensingService-LicenseType-End -->
 
-<!-- Device-DeviceLicensingService-RemoveDeviceLicense-Begin -->
-### DeviceLicensingService/RemoveDeviceLicense
-
-<!-- Device-DeviceLicensingService-RemoveDeviceLicense-Applicability-Begin -->
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
-<!-- Device-DeviceLicensingService-RemoveDeviceLicense-Applicability-End -->
-
-<!-- Device-DeviceLicensingService-RemoveDeviceLicense-OmaUri-Begin -->
-```Device
-./Vendor/MSFT/WindowsLicensing/DeviceLicensingService/RemoveDeviceLicense
-```
-<!-- Device-DeviceLicensingService-RemoveDeviceLicense-OmaUri-End -->
-
-<!-- Device-DeviceLicensingService-RemoveDeviceLicense-Description-Begin -->
-<!-- Description-Source-DDF -->
-Remove Device License. Device would be ready for user based license after this operation. Does not reboot.
-<!-- Device-DeviceLicensingService-RemoveDeviceLicense-Description-End -->
-
-<!-- Device-DeviceLicensingService-RemoveDeviceLicense-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- Device-DeviceLicensingService-RemoveDeviceLicense-Editable-End -->
-
-<!-- Device-DeviceLicensingService-RemoveDeviceLicense-DFProperties-Begin -->
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | null |
-| Access Type | Exec |
-<!-- Device-DeviceLicensingService-RemoveDeviceLicense-DFProperties-End -->
-
-<!-- Device-DeviceLicensingService-RemoveDeviceLicense-Examples-Begin -->
-<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- Device-DeviceLicensingService-RemoveDeviceLicense-Examples-End -->
-
-<!-- Device-DeviceLicensingService-RemoveDeviceLicense-End -->
-
 <!-- Device-Edition-Begin -->
 ## Edition
 
@@ -1064,6 +991,258 @@ Returns the status of the subscription.
 
 <!-- Device-Subscriptions-{SubscriptionId}-Status-End -->
 
+<!-- Device-Subscriptions-DisableSubscription-Begin -->
+### Subscriptions/DisableSubscription
+
+<!-- Device-Subscriptions-DisableSubscription-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+<!-- Device-Subscriptions-DisableSubscription-Applicability-End -->
+
+<!-- Device-Subscriptions-DisableSubscription-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/WindowsLicensing/Subscriptions/DisableSubscription
+```
+<!-- Device-Subscriptions-DisableSubscription-OmaUri-End -->
+
+<!-- Device-Subscriptions-DisableSubscription-Description-Begin -->
+<!-- Description-Source-DDF -->
+Disable or Enable subscription activation on a device.
+<!-- Device-Subscriptions-DisableSubscription-Description-End -->
+
+<!-- Device-Subscriptions-DisableSubscription-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Subscriptions-DisableSubscription-Editable-End -->
+
+<!-- Device-Subscriptions-DisableSubscription-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Replace |
+<!-- Device-Subscriptions-DisableSubscription-DFProperties-End -->
+
+<!-- Device-Subscriptions-DisableSubscription-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Enable Subscription. |
+| 1 | Disable Subscription. It also removes any existing subscription on the device. |
+<!-- Device-Subscriptions-DisableSubscription-AllowedValues-End -->
+
+<!-- Device-Subscriptions-DisableSubscription-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Subscriptions-DisableSubscription-Examples-End -->
+
+<!-- Device-Subscriptions-DisableSubscription-End -->
+
+<!-- Device-Subscriptions-RemoveSubscription-Begin -->
+### Subscriptions/RemoveSubscription
+
+<!-- Device-Subscriptions-RemoveSubscription-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+<!-- Device-Subscriptions-RemoveSubscription-Applicability-End -->
+
+<!-- Device-Subscriptions-RemoveSubscription-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/WindowsLicensing/Subscriptions/RemoveSubscription
+```
+<!-- Device-Subscriptions-RemoveSubscription-OmaUri-End -->
+
+<!-- Device-Subscriptions-RemoveSubscription-Description-Begin -->
+<!-- Description-Source-DDF -->
+Remove subscription uninstall subscription license. It also reset subscription type to User Based Subscription.
+<!-- Device-Subscriptions-RemoveSubscription-Description-End -->
+
+<!-- Device-Subscriptions-RemoveSubscription-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Subscriptions-RemoveSubscription-Editable-End -->
+
+<!-- Device-Subscriptions-RemoveSubscription-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | null |
+| Access Type | Exec |
+<!-- Device-Subscriptions-RemoveSubscription-DFProperties-End -->
+
+<!-- Device-Subscriptions-RemoveSubscription-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Subscriptions-RemoveSubscription-Examples-End -->
+
+<!-- Device-Subscriptions-RemoveSubscription-End -->
+
+<!-- Device-Subscriptions-SubscriptionLastError-Begin -->
+### Subscriptions/SubscriptionLastError
+
+<!-- Device-Subscriptions-SubscriptionLastError-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+<!-- Device-Subscriptions-SubscriptionLastError-Applicability-End -->
+
+<!-- Device-Subscriptions-SubscriptionLastError-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/WindowsLicensing/Subscriptions/SubscriptionLastError
+```
+<!-- Device-Subscriptions-SubscriptionLastError-OmaUri-End -->
+
+<!-- Device-Subscriptions-SubscriptionLastError-Description-Begin -->
+<!-- Description-Source-DDF -->
+Error code of last subscription operation. Value would be empty(0) in absence of error.
+<!-- Device-Subscriptions-SubscriptionLastError-Description-End -->
+
+<!-- Device-Subscriptions-SubscriptionLastError-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Subscriptions-SubscriptionLastError-Editable-End -->
+
+<!-- Device-Subscriptions-SubscriptionLastError-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get |
+<!-- Device-Subscriptions-SubscriptionLastError-DFProperties-End -->
+
+<!-- Device-Subscriptions-SubscriptionLastError-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Subscriptions-SubscriptionLastError-Examples-End -->
+
+<!-- Device-Subscriptions-SubscriptionLastError-End -->
+
+<!-- Device-Subscriptions-SubscriptionLastErrorDescription-Begin -->
+### Subscriptions/SubscriptionLastErrorDescription
+
+<!-- Device-Subscriptions-SubscriptionLastErrorDescription-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+<!-- Device-Subscriptions-SubscriptionLastErrorDescription-Applicability-End -->
+
+<!-- Device-Subscriptions-SubscriptionLastErrorDescription-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/WindowsLicensing/Subscriptions/SubscriptionLastErrorDescription
+```
+<!-- Device-Subscriptions-SubscriptionLastErrorDescription-OmaUri-End -->
+
+<!-- Device-Subscriptions-SubscriptionLastErrorDescription-Description-Begin -->
+<!-- Description-Source-DDF -->
+Error description of last subscription operation. Value would be empty, if error description cannot be evaluated.
+<!-- Device-Subscriptions-SubscriptionLastErrorDescription-Description-End -->
+
+<!-- Device-Subscriptions-SubscriptionLastErrorDescription-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Subscriptions-SubscriptionLastErrorDescription-Editable-End -->
+
+<!-- Device-Subscriptions-SubscriptionLastErrorDescription-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Get |
+<!-- Device-Subscriptions-SubscriptionLastErrorDescription-DFProperties-End -->
+
+<!-- Device-Subscriptions-SubscriptionLastErrorDescription-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Subscriptions-SubscriptionLastErrorDescription-Examples-End -->
+
+<!-- Device-Subscriptions-SubscriptionLastErrorDescription-End -->
+
+<!-- Device-Subscriptions-SubscriptionStatus-Begin -->
+### Subscriptions/SubscriptionStatus
+
+<!-- Device-Subscriptions-SubscriptionStatus-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+<!-- Device-Subscriptions-SubscriptionStatus-Applicability-End -->
+
+<!-- Device-Subscriptions-SubscriptionStatus-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/WindowsLicensing/Subscriptions/SubscriptionStatus
+```
+<!-- Device-Subscriptions-SubscriptionStatus-OmaUri-End -->
+
+<!-- Device-Subscriptions-SubscriptionStatus-Description-Begin -->
+<!-- Description-Source-DDF -->
+Status of last subscription operation.
+<!-- Device-Subscriptions-SubscriptionStatus-Description-End -->
+
+<!-- Device-Subscriptions-SubscriptionStatus-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Subscriptions-SubscriptionStatus-Editable-End -->
+
+<!-- Device-Subscriptions-SubscriptionStatus-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get |
+<!-- Device-Subscriptions-SubscriptionStatus-DFProperties-End -->
+
+<!-- Device-Subscriptions-SubscriptionStatus-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Subscriptions-SubscriptionStatus-Examples-End -->
+
+<!-- Device-Subscriptions-SubscriptionStatus-End -->
+
+<!-- Device-Subscriptions-SubscriptionType-Begin -->
+### Subscriptions/SubscriptionType
+
+<!-- Device-Subscriptions-SubscriptionType-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+<!-- Device-Subscriptions-SubscriptionType-Applicability-End -->
+
+<!-- Device-Subscriptions-SubscriptionType-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/WindowsLicensing/Subscriptions/SubscriptionType
+```
+<!-- Device-Subscriptions-SubscriptionType-OmaUri-End -->
+
+<!-- Device-Subscriptions-SubscriptionType-Description-Begin -->
+<!-- Description-Source-DDF -->
+Set device to Device Based Subscription or User Based Subscription. For Device Based Subscription this action will automatically acquire the subscription on the device. For User Based Subscription the existing process of user logon will be required.
+<!-- Device-Subscriptions-SubscriptionType-Description-End -->
+
+<!-- Device-Subscriptions-SubscriptionType-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Subscriptions-SubscriptionType-Editable-End -->
+
+<!-- Device-Subscriptions-SubscriptionType-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+<!-- Device-Subscriptions-SubscriptionType-DFProperties-End -->
+
+<!-- Device-Subscriptions-SubscriptionType-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | User Based Subscription. |
+| 1 | Device Based Subscription. |
+<!-- Device-Subscriptions-SubscriptionType-AllowedValues-End -->
+
+<!-- Device-Subscriptions-SubscriptionType-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Subscriptions-SubscriptionType-Examples-End -->
+
+<!-- Device-Subscriptions-SubscriptionType-End -->
+
 <!-- Device-UpgradeEditionWithLicense-Begin -->
 ## UpgradeEditionWithLicense
 
diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md
index ad27537130..b5e14bb5ec 100644
--- a/windows/client-management/mdm/windowslicensing-ddf-file.md
+++ b/windows/client-management/mdm/windowslicensing-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/17/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -322,6 +322,153 @@ The following XML file contains the device description framework (DDF) for the W
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>SubscriptionType</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+            <Replace />
+          </AccessType>
+          <Description>Set device to Device Based Subscription or User Based Subscription. For Device Based Subscription this action will automatically acquire the subscription on the device. For User Based Subscription the existing process of user logon will be required.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>User Based Subscription</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>Device Based Subscription</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>SubscriptionStatus</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>Status of last subscription operation.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>SubscriptionLastError</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>Error code of last subscription operation. Value would be empty(0) in absence of error.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>SubscriptionLastErrorDescription</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>Error description of last subscription operation. Value would be empty, if error description cannot be evaluated.</Description>
+          <DFFormat>
+            <chr />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>DisableSubscription</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Replace />
+          </AccessType>
+          <Description>Disable or Enable subscription activation on a device</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>Enable Subscription</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>Disable Subscription. It also removes any existing subscription on the device.</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>RemoveSubscription</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Exec />
+          </AccessType>
+          <Description>Remove subscription uninstall subscription license. It also reset subscription type to User Based Subscription.</Description>
+          <DFFormat>
+            <null />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+        </DFProperties>
+      </Node>
     </Node>
     <Node>
       <NodeName>SMode</NodeName>
@@ -439,7 +586,7 @@ The following XML file contains the device description framework (DDF) for the W
         <AccessType>
           <Get />
         </AccessType>
-        <Description>Insert Description Here</Description>
+        <Description>Device Based Subscription</Description>
         <DFFormat>
           <node />
         </DFFormat>
@@ -461,8 +608,6 @@ The following XML file contains the device description framework (DDF) for the W
         <NodeName>LicenseType</NodeName>
         <DFProperties>
           <AccessType>
-            <Add />
-            <Delete />
             <Get />
             <Replace />
           </AccessType>
@@ -554,48 +699,6 @@ The following XML file contains the device description framework (DDF) for the W
           </DFType>
         </DFProperties>
       </Node>
-      <Node>
-        <NodeName>AcquireDeviceLicense</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Exec />
-          </AccessType>
-          <Description>Acquire and Refresh Device License. Does not reboot.</Description>
-          <DFFormat>
-            <null />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <MIME />
-          </DFType>
-        </DFProperties>
-      </Node>
-      <Node>
-        <NodeName>RemoveDeviceLicense</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Exec />
-          </AccessType>
-          <Description>Remove Device License. Device would be ready for user based license after this operation. Does not reboot.</Description>
-          <DFFormat>
-            <null />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <MIME />
-          </DFType>
-        </DFProperties>
-      </Node>
     </Node>
   </Node>
 </MgmtTree>

From 51f77de0987ae19fd3ddf37b69637833a021db90 Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Mon, 1 May 2023 15:08:22 -0400
Subject: [PATCH 048/107] Remove FileSystem

---
 .../mdm/policies-in-policy-csp-admx-backed.md                | 5 -----
 .../mdm/policy-configuration-service-provider.md             | 1 -
 2 files changed, 6 deletions(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index bec6c70554..404381b85a 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -2350,11 +2350,6 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [TurnOffDataExecutionPreventionForExplorer](policy-csp-fileexplorer.md)
 - [TurnOffHeapTerminationOnCorruption](policy-csp-fileexplorer.md)
 
-## FileSystem
-
-- [EnableDevDrive](policy-csp-filesystem.md)
-- [DevDriveAttachPolicy](policy-csp-filesystem.md)
-
 ## InternetExplorer
 
 - [AddSearchProvider](policy-csp-internetexplorer.md)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 23bf0f8152..1fc1424bc4 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1120,7 +1120,6 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f
 - [ExploitGuard](policy-csp-exploitguard.md)
 - [FederatedAuthentication](policy-csp-federatedauthentication.md)
 - [FileExplorer](policy-csp-fileexplorer.md)
-- [FileSystem](policy-csp-filesystem.md)
 - [Games](policy-csp-games.md)
 - [Handwriting](policy-csp-handwriting.md)
 - [HumanPresence](policy-csp-humanpresence.md)

From 760dd104cda1fbaab04f3c1fb3c904ac4f2cf874 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 1 May 2023 17:45:50 -0400
Subject: [PATCH 049/107] updates

---
 windows/whats-new/windows-licensing.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/windows/whats-new/windows-licensing.md b/windows/whats-new/windows-licensing.md
index 5081043db0..2711f886ba 100644
--- a/windows/whats-new/windows-licensing.md
+++ b/windows/whats-new/windows-licensing.md
@@ -59,7 +59,7 @@ There are two core Windows 11 Enterprise offers: **Windows 11 Enterprise E3** an
 Windows 11 Enterprise E3 builds on Windows 11 Pro by adding more advanced features designed to address the needs of large and mid-size organizations. Examples include advanced protection against modern security threats, the broadest range of options for operating system deployment and update, and comprehensive device and app management.
 
 > [!NOTE]
-> Windows 11 Enterprise E3 is usually licensed through Volume Licensing programs and is an upgrade from Windows Pro.
+> Windows Enterprise E3 is a **per user subscription**, intended for organizations. It includes **Windows Enterprise edition** with cloud-powered capabilities and **subscription use rights**. Windows Enterprise E3 is usually licensed through Volume Licensing programs and is an upgrade from Windows Pro.
 
 #### Windows 11 Enterprise features
 
@@ -97,7 +97,8 @@ The following table describes the Windows Enterprise licensing use rights:
 |-|-|
 |**[Five Windows instances per licensed user](https://www.microsoft.com/licensing/terms/productoffering/WindowsDesktopOperatingSystem/EAEAS)**|Allows your employees to simultaneously use a Windows laptop, a cloud PC and a specialized device with Windows LTSC, and more.|
 |**[36 months (3 years) support on annual feature releases](/windows/release-health/supported-versions-windows-client#enterprise-and-iot-enterprise-ltsbltsc-editions)**|Get extra time to deploy feature releases.|
-|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access](/azure/virtual-desktop/prerequisites#operating-systems-and-licenses)**|Empower flexible work styles and smarter work with the included virtualization access rights.|
+|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access](/azure/virtual-desktop/prerequisites#operating-systems-and-licenses)**|Empower flexible work styles and smarter work with the included virtualization access rights. Includes FSLogix for a consistent experience of
+Windows user profiles in virtual desktop environments.|
 |**[Windows release health in the Microsoft 365 admin center](https://aka.ms/WindowsReleaseHealthinM365)**|Gives you essential information about monthly quality and feature updates in the Microsoft 365 admin center.|
 |**[Windows feature update device readiness report](/mem/intune/protect/windows-update-compatibility-reports)**|Provides per-device information about compatibility risks that are associated with an upgrade or update to a chosen version of Windows.|
 |**[Windows feature update compatibility risks reports](/mem/intune/protect/windows-update-compatibility-reports)**|Provides a summary view of the top compatibility risks, so you understand which compatibility risks impact the greatest number of devices in your organization.|
@@ -130,7 +131,9 @@ In most cases, the Windows Pro edition comes pre-installed on a business-class d
 
 - Devices not properly provisioned that don't automatically upgrade to Windows Enterprise edition
 - Devices may have been acquired for a business process that was not under control of a central IT department or outside of the IT department's knowledge
+- Devices may be used temporarily for a project by vendors and added to the IT infrastructure, but not upgraded to Enterprise edition
 - A developer that is developing applications that must be tested and certified on Pro, as that is how it will be delivered to customers
+- A Windows Pro device that was pre-configured for a specific purpose and is certified on Pro only
 
 In these cases, you want the PC to be configured, secured, monitored, and updated with the enterprise management and security tools that come with the Windows Enterprise user subscription. Your Windows Enterprise E3 subscriptions does not block these scenarios.
 

From 2fb823ed03a1997b42af79d367b4bca8493caf66 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 1 May 2023 17:59:11 -0400
Subject: [PATCH 050/107] updates

---
 windows/whats-new/windows-licensing.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/whats-new/windows-licensing.md b/windows/whats-new/windows-licensing.md
index 2711f886ba..e45dbf9886 100644
--- a/windows/whats-new/windows-licensing.md
+++ b/windows/whats-new/windows-licensing.md
@@ -137,19 +137,19 @@ In most cases, the Windows Pro edition comes pre-installed on a business-class d
 
 In these cases, you want the PC to be configured, secured, monitored, and updated with the enterprise management and security tools that come with the Windows Enterprise user subscription. Your Windows Enterprise E3 subscriptions does not block these scenarios.
 
-The following table lists the Windows 11 Enterprise features and their applicability to Windows Pro and Enterprise editions:
+The following table lists the Windows 11 Enterprise features and their Windows edition requirements:
 
 | OS-based feature |Windows Pro|Windows Enterprise|
 |-|-|-|
-|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|No|Yes|
+|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|
 |**[Microsoft Defender Application Guard (MDAG) for Microsoft Edge](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|Yes|Yes|
 |**[Modern BitLocker Management](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|
-|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|No|Yes|
+|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|
 |**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|Yes|Yes|
 |**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|
-|**[Windows Experience customization](/windows/client-management/mdm/policy-csp-experience)**|No|Yes|
+|**[Windows Experience customization](/windows/client-management/mdm/policy-csp-experience)**|❌|Yes|
 
-The following table lists the Windows 11 Enterprise cloud-based features and their applicability to Windows Pro and Enterprise editions:
+The following table lists the Windows 11 Enterprise cloud-based features and their Windows edition requirements:
 
 | Cloud-based feature |Windows Pro|Windows Enterprise|
 |-|-|-|
@@ -159,14 +159,14 @@ The following table lists the Windows 11 Enterprise cloud-based features and the
 |**[Universal Print](/universal-print/)**|Yes|Yes|
 |**[Microsoft Connected Cache](/windows/deployment/do/waas-microsoft-connected-cache)**|Yes|Yes|
 |**[Endpoint analytics proactive remediation](/mem/analytics/overview)**|Yes|Yes|
-|**[Organizational messages](/mem/intune/remote-actions/organizational-messages-overview)**|No|Yes|
+|**[Organizational messages](/mem/intune/remote-actions/organizational-messages-overview)**|❌|Yes|
 
-The following table lists the Windows 11 Enterprise E3 licensing use rights and their applicability to Windows Pro and Enterprise editions:
+The following table lists the Windows 11 Enterprise E3 licensing use rights and their Windows edition requirements:
 
 |Licensing use rights|Windows Pro|Windows Enterprise|
 |-|-|-|
 |**[Five Windows instances per licensed user](https://www.microsoft.com/licensing/terms/productoffering/WindowsDesktopOperatingSystem/EAEAS)**|n/a|n/a|
-|**[36 months (3 years) support on annual feature releases](/windows/release-health/supported-versions-windows-client#enterprise-and-iot-enterprise-ltsbltsc-editions)**|No|Yes|
+|**[36 months (3 years) support on annual feature releases](/windows/release-health/supported-versions-windows-client#enterprise-and-iot-enterprise-ltsbltsc-editions)**|❌|Yes|
 |**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access](/azure/virtual-desktop/prerequisites#operating-systems-and-licenses)**|n/a|n/a|
 |**[Windows release health in the Microsoft 365 admin center](https://aka.ms/WindowsReleaseHealthinM365)**|n/a|n/a|
 |**[Windows feature update device readiness report](/mem/intune/protect/windows-update-compatibility-reports)**|Yes|Yes|

From 76278e9d2ae5e5da019d5c8dada4f000357cb0ed Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Mon, 1 May 2023 18:58:36 -0400
Subject: [PATCH 051/107] Remove ignored nodes from DDF xml

---
 .../mdm/personaldataencryption-ddf-file.md    | 184 +-----------------
 .../mdm/surfacehub-ddf-file.md                |  98 +---------
 2 files changed, 2 insertions(+), 280 deletions(-)

diff --git a/windows/client-management/mdm/personaldataencryption-ddf-file.md b/windows/client-management/mdm/personaldataencryption-ddf-file.md
index b5425cab46..1d5d233812 100644
--- a/windows/client-management/mdm/personaldataencryption-ddf-file.md
+++ b/windows/client-management/mdm/personaldataencryption-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -83,128 +83,6 @@ The following XML file contains the device description framework (DDF) for the P
         </MSFT:AllowedValues>
       </DFProperties>
     </Node>
-    <Node>
-      <NodeName>ProtectFolders</NodeName>
-      <DFProperties>
-        <AccessType>
-          <Get />
-        </AccessType>
-        <DFFormat>
-          <node />
-        </DFFormat>
-        <Occurrence>
-          <One />
-        </Occurrence>
-        <Scope>
-          <Permanent />
-        </Scope>
-        <DFType>
-          <DDFName />
-        </DFType>
-      </DFProperties>
-      <Node>
-        <NodeName>ProtectDocuments</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-            <Replace />
-          </AccessType>
-          <Description>Allows the Admin to enable PDE on Documents folder. Set to '1' to set this policy.</Description>
-          <DFFormat>
-            <int />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <MIME />
-          </DFType>
-          <MSFT:AllowedValues ValueType="ENUM">
-            <MSFT:Enum>
-              <MSFT:Value>0</MSFT:Value>
-              <MSFT:ValueDescription>Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder.</MSFT:ValueDescription>
-            </MSFT:Enum>
-            <MSFT:Enum>
-              <MSFT:Value>1</MSFT:Value>
-              <MSFT:ValueDescription>Enable PDE on the folder.</MSFT:ValueDescription>
-            </MSFT:Enum>
-          </MSFT:AllowedValues>
-        </DFProperties>
-      </Node>
-      <Node>
-        <NodeName>ProtectDesktop</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-            <Replace />
-          </AccessType>
-          <Description>Allows the Admin to enable PDE on Desktop folder. Set to '1' to set this policy.</Description>
-          <DFFormat>
-            <int />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <MIME />
-          </DFType>
-          <MSFT:AllowedValues ValueType="ENUM">
-            <MSFT:Enum>
-              <MSFT:Value>0</MSFT:Value>
-              <MSFT:ValueDescription>Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder.</MSFT:ValueDescription>
-            </MSFT:Enum>
-            <MSFT:Enum>
-              <MSFT:Value>1</MSFT:Value>
-              <MSFT:ValueDescription>Enable PDE on the folder.</MSFT:ValueDescription>
-            </MSFT:Enum>
-          </MSFT:AllowedValues>
-        </DFProperties>
-      </Node>
-      <Node>
-        <NodeName>ProtectPictures</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Add />
-            <Delete />
-            <Get />
-            <Replace />
-          </AccessType>
-          <Description>Allows the Admin to enable PDE on Pictures folder. Set to '1' to set this policy.</Description>
-          <DFFormat>
-            <int />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Dynamic />
-          </Scope>
-          <DFType>
-            <MIME />
-          </DFType>
-          <MSFT:AllowedValues ValueType="ENUM">
-            <MSFT:Enum>
-              <MSFT:Value>0</MSFT:Value>
-              <MSFT:ValueDescription>Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder.</MSFT:ValueDescription>
-            </MSFT:Enum>
-            <MSFT:Enum>
-              <MSFT:Value>1</MSFT:Value>
-              <MSFT:ValueDescription>Enable PDE on the folder.</MSFT:ValueDescription>
-            </MSFT:Enum>
-          </MSFT:AllowedValues>
-        </DFProperties>
-      </Node>
-    </Node>
     <Node>
       <NodeName>Status</NodeName>
       <DFProperties>
@@ -245,66 +123,6 @@ The following XML file contains the device description framework (DDF) for the P
           </DFType>
         </DFProperties>
       </Node>
-      <Node>
-        <NodeName>FolderProtectionStatus</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <Description>This node reports folder protection status for a user. </Description>
-          <DFFormat>
-            <int />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <MIME />
-          </DFType>
-          <MSFT:AllowedValues ValueType="ENUM">
-            <MSFT:Enum>
-              <MSFT:Value>0</MSFT:Value>
-              <MSFT:ValueDescription>Protection not started.</MSFT:ValueDescription>
-            </MSFT:Enum>
-            <MSFT:Enum>
-              <MSFT:Value>1</MSFT:Value>
-              <MSFT:ValueDescription>Protection is completed with no failures.</MSFT:ValueDescription>
-            </MSFT:Enum>
-            <MSFT:Enum>
-              <MSFT:Value>2</MSFT:Value>
-              <MSFT:ValueDescription>Protection in progress.</MSFT:ValueDescription>
-            </MSFT:Enum>
-            <MSFT:Enum>
-              <MSFT:Value>3</MSFT:Value>
-              <MSFT:ValueDescription>Protection failed.</MSFT:ValueDescription>
-            </MSFT:Enum>
-          </MSFT:AllowedValues>
-        </DFProperties>
-      </Node>
-      <Node>
-        <NodeName>FoldersProtected</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <Description>This node reports all folders (full path to each folder) that have been protected.</Description>
-          <DFFormat>
-            <chr />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <MIME />
-          </DFType>
-        </DFProperties>
-      </Node>
     </Node>
   </Node>
 </MgmtTree>
diff --git a/windows/client-management/mdm/surfacehub-ddf-file.md b/windows/client-management/mdm/surfacehub-ddf-file.md
index 16e2b4acd8..5437172618 100644
--- a/windows/client-management/mdm/surfacehub-ddf-file.md
+++ b/windows/client-management/mdm/surfacehub-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/24/2023
+ms.date: 05/01/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -50,102 +50,6 @@ The following XML file contains the device description framework (DDF) for the S
         <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
-    <Node>
-      <NodeName>AutopilotSelfdeploy</NodeName>
-      <DFProperties>
-        <AccessType>
-          <Get />
-        </AccessType>
-        <Description>Node for setting Autopilot self-deployment mode device account information. This information is stored and committed by the Autopilot client during the Enrollment Status Page phase of OOBE for Surface Hub devices that are using Autopilot self-deploying mode. These values should be set only during the first sync phase of enrollment and are ignored at any other time.</Description>
-        <DFFormat>
-          <node />
-        </DFFormat>
-        <Occurrence>
-          <One />
-        </Occurrence>
-        <Scope>
-          <Permanent />
-        </Scope>
-        <DFType>
-          <DDFName />
-        </DFType>
-        <CaseSense>
-          <CS />
-        </CaseSense>
-      </DFProperties>
-      <Node>
-        <NodeName>UserPrincipalName</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-            <Replace />
-          </AccessType>
-          <Description>User principal name (UPN) of the device account. Autopilot on Surface Hub only supports Azure Active Directory, and this should specify the UPN of the device account. Get is allowed here but only returns a blank</Description>
-          <DFFormat>
-            <chr />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <MIME />
-          </DFType>
-          <MSFT:AllowedValues ValueType="None">
-          </MSFT:AllowedValues>
-        </DFProperties>
-      </Node>
-      <Node>
-        <NodeName>Password</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-            <Replace />
-          </AccessType>
-          <Description>Password for the device account. Get is allowed here, but will always return a blank.</Description>
-          <DFFormat>
-            <chr />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <MIME />
-          </DFType>
-          <MSFT:AllowedValues ValueType="None">
-          </MSFT:AllowedValues>
-        </DFProperties>
-      </Node>
-      <Node>
-        <NodeName>FriendlyName</NodeName>
-        <DFProperties>
-          <AccessType>
-            <Get />
-            <Replace />
-          </AccessType>
-          <Description>The device friendly name set during Autopilot self-deploying mode on Surface Hub. Get is allowed here but only returns a blank</Description>
-          <DFFormat>
-            <chr />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <MIME />
-          </DFType>
-          <MSFT:AllowedValues ValueType="None">
-          </MSFT:AllowedValues>
-        </DFProperties>
-      </Node>
-    </Node>
     <Node>
       <NodeName>DeviceAccount</NodeName>
       <DFProperties>

From 90c8723a851383218a8e4da0ff5cf1e4fb557428 Mon Sep 17 00:00:00 2001
From: "Steve DiAcetis (MSFT)"
 <52939067+SteveDiAcetis@users.noreply.github.com>
Date: Mon, 1 May 2023 16:07:09 -0700
Subject: [PATCH 052/107] Update media-dynamic-update.md

Added support to copy servicing boot manager files from WinPE to the root media.
---
 .../deployment/update/media-dynamic-update.md | 34 +++++++++++++++++--
 1 file changed, 31 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md
index 135a23932a..42a5654358 100644
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@@ -77,6 +77,7 @@ This table shows the correct sequence for applying the various tasks to the file
 |Add Safe OS Dynamic Update     | 6        |        |       |
 |Add Setup Dynamic Update     |         |         |         | 26
 |Add setup.exe from WinPE     |         |         |         | 27
+|Add boot manager from WinPE     |         |         |         | 28
 |Add latest cumulative update     |         | 15        | 21        |
 |Clean up the image     |  7       | 16        | 22        |
 |Add Optional Components     |         |         |  23       |
@@ -416,9 +417,15 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
     Write-Output "$(Get-TS): Performing image cleanup on WinPE"
     DISM /image:$WINPE_MOUNT /cleanup-image /StartComponentCleanup | Out-Null
 
-    # If second image, save setup.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder
     if ($IMAGE.ImageIndex -eq "2") {
-        Copy-Item -Path $WINPE_MOUNT"\sources\setup.exe" -Destination $WORKING_PATH"\setup.exe" -Force -ErrorAction stop | Out-Null
+
+        # If second image, save setup.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder
+        Copy-Item -Path $WINPE_MOUNT"\sources\setup.exe" -Destination $WORKING_PATH"\setup.exe" -Force -Recurse -ErrorAction stop | Out-Null
+        
+        # Simiarly, save serviced boot manager files later copy to the root media.
+        Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgfw.efi" -Destination $WORKING_PATH"\bootmgfw.efi" -Force -Recurse -ErrorAction stop | Out-Null
+        Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgr.efi" -Destination $WORKING_PATH"\bootmgr.efi" -Force -Recurse -ErrorAction stop | Out-Null
+    
     }
         
     # Dismount
@@ -532,7 +539,7 @@ Move-Item -Path $WORKING_PATH"\install2.wim" -Destination $MEDIA_NEW_PATH"\sourc
 
 ### Update remaining media files
 
-This part of the script updates the Setup files. It simply copies the individual files in the Setup Dynamic Update package to the new media. This step brings an updated Setup files as needed, along with the latest compatibility database, and replacement component manifests. This script also does a final replacement of setup.exe using the previously saved version from WinPE.
+This part of the script updates the Setup files. It simply copies the individual files in the Setup Dynamic Update package to the new media. This step brings an updated Setup files as needed, along with the latest compatibility database, and replacement component manifests. This script also does a final replacement of setup.exe and boot manager files using the previously saved versions from WinPE.
 
 ```powershell
 #
@@ -544,8 +551,29 @@ Write-Output "$(Get-TS): Adding package $SETUP_DU_PATH"
 cmd.exe /c $env:SystemRoot\System32\expand.exe $SETUP_DU_PATH -F:* $MEDIA_NEW_PATH"\sources" | Out-Null
 
 # Copy setup.exe from boot.wim, saved earlier.
+Write-Output "$(Get-TS): Copying $WORKING_PATH\setup.exe to $MEDIA_NEW_PATH\sources\setup.exe"
 Copy-Item -Path $WORKING_PATH"\setup.exe" -Destination $MEDIA_NEW_PATH"\sources\setup.exe" -Force -ErrorAction stop | Out-Null
 
+
+# Copy bootmgr files from boot.wim, saved earlier.
+$MEDIA_NEW_FILES = Get-ChildItem $MEDIA_NEW_PATH -Force -Recurse -Filter b*.efi
+
+Foreach ($File in $MEDIA_NEW_FILES){
+    if (($File.Name -ieq "bootmgfw.efi") -or `
+        ($File.Name -ieq "bootx64.efi") -or `
+        ($File.Name -ieq "bootia32.efi") -or `
+        ($File.Name -ieq "bootaa64.efi")) 
+    {
+        Write-Output "$(Get-TS): Copying $WORKING_PATH\bootmgfw.efi to $($File.FullName)"
+        Copy-Item -Path $WORKING_PATH"\bootmgfw.efi" -Destination $File.FullName -Force -Recurse -ErrorAction stop | Out-Null
+    }
+    elseif ($File.Name -ieq "bootmgr.efi") 
+    {
+        Write-Output "$(Get-TS): Copying $WORKING_PATH\bootmgr.efi to $($File.FullName)"
+        Copy-Item -Path $WORKING_PATH"\bootmgr.efi" -Destination $File.FullName -Force -Recurse -ErrorAction stop | Out-Null
+    }
+}
+
 ```
 
 ### Finish up

From db2afa195d1c05292080dac084755049ca3532d2 Mon Sep 17 00:00:00 2001
From: "Steve DiAcetis (MSFT)"
 <52939067+SteveDiAcetis@users.noreply.github.com>
Date: Mon, 1 May 2023 16:24:54 -0700
Subject: [PATCH 053/107] Update media-dynamic-update.md

---
 windows/deployment/update/media-dynamic-update.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md
index 42a5654358..b28c4a6975 100644
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@@ -301,7 +301,7 @@ Move-Item -Path $WORKING_PATH"\winre2.wim" -Destination $WORKING_PATH"\winre.wim
 
 ### Update WinPE
 
-This script is similar to the one that updates WinRE, but instead it mounts Boot.wim, applies the packages with the latest cumulative update last, and saves. It repeats this for all images inside of Boot.wim, typically two images. It starts by applying the servicing stack Dynamic Update. Since the script is customizing this media with Japanese, it installs the language pack from the WinPE folder on the language pack ISO. Additionally, add font support and text to speech (TTS) support. Since the script is adding a new language, it rebuilds lang.ini, used to identify languages installed in the image. For the second image, we'll save setup.exe for later use, to ensure this version matches the \sources\setup.exe version from the installation media. If these binaries are not identical, Windows Setup will fail during installation. Finally, it cleans and exports Boot.wim, and copies it back to the new media.
+This script is similar to the one that updates WinRE, but instead it mounts Boot.wim, applies the packages with the latest cumulative update last, and saves. It repeats this for all images inside of Boot.wim, typically two images. It starts by applying the servicing stack Dynamic Update. Since the script is customizing this media with Japanese, it installs the language pack from the WinPE folder on the language pack ISO. Additionally, add font support and text to speech (TTS) support. Since the script is adding a new language, it rebuilds lang.ini, used to identify languages installed in the image. For the second image, we'll save setup.exe for later use, to ensure this version matches the \sources\setup.exe version from the installation media. If these binaries are not identical, Windows Setup will fail during installation. We'll also save serviced boot manager files for later use in the script. Finally, it cleans and exports Boot.wim, and copies it back to the new media.
 
 ```powershell
 #
@@ -419,10 +419,10 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
 
     if ($IMAGE.ImageIndex -eq "2") {
 
-        # If second image, save setup.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder
+        # Save setup.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder
         Copy-Item -Path $WINPE_MOUNT"\sources\setup.exe" -Destination $WORKING_PATH"\setup.exe" -Force -Recurse -ErrorAction stop | Out-Null
         
-        # Simiarly, save serviced boot manager files later copy to the root media.
+        # Save serviced boot manager files later copy to the root media.
         Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgfw.efi" -Destination $WORKING_PATH"\bootmgfw.efi" -Force -Recurse -ErrorAction stop | Out-Null
         Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgr.efi" -Destination $WORKING_PATH"\bootmgr.efi" -Force -Recurse -ErrorAction stop | Out-Null
     

From a23815eae630a04338b6d203a9bcc44a5181ca9e Mon Sep 17 00:00:00 2001
From: Amy Zhou <amyzhou@microsoft.com>
Date: Mon, 1 May 2023 17:26:27 -0700
Subject: [PATCH 054/107] add the new enterprise overview page

---
 windows/deployment/do/TOC.yml                 |  2 +-
 windows/deployment/do/mcc-ent-edu-overview.md | 61 ++++++++++++++++++-
 windows/deployment/do/mcc-isp-overview.md     |  3 +-
 .../do/waas-microsoft-connected-cache.md      |  2 +-
 4 files changed, 64 insertions(+), 4 deletions(-)

diff --git a/windows/deployment/do/TOC.yml b/windows/deployment/do/TOC.yml
index f93adacfb0..d386e42124 100644
--- a/windows/deployment/do/TOC.yml
+++ b/windows/deployment/do/TOC.yml
@@ -27,7 +27,7 @@
       href: delivery-optimization-test.md
 - name: Microsoft Connected Cache
   items:
-    - name: Microsoft Connected Cache overview
+    - name: What is Microsoft Connected Cache
       href: waas-microsoft-connected-cache.md
     - name: MCC for Enterprise and Education
       items:
diff --git a/windows/deployment/do/mcc-ent-edu-overview.md b/windows/deployment/do/mcc-ent-edu-overview.md
index 26a73b14fb..de8b8262a3 100644
--- a/windows/deployment/do/mcc-ent-edu-overview.md
+++ b/windows/deployment/do/mcc-ent-edu-overview.md
@@ -9,4 +9,63 @@ ms.topic: article
 ms.date: 12/31/2017
 ms.technology: itpro-updates
 ms.collection: tier3
----
\ No newline at end of file
+---
+
+# Microsoft Connected Cache for Enterprise and Education
+
+**Applies to**
+
+- Windows 10
+- Windows 11
+
+> [!IMPORTANT]
+> Microsoft Connected Cache is currently a preview feature. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+
+Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. MCC can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune.
+
+Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For Microsoft Connected Cache in Configuration Manager (generally available starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache).
+
+## Supported scenarios
+
+Connected Cache (early preview) supports the following scenarios:
+
+- Pre-provisioning of devices using Windows Autopilot
+- Cloud-only devices, such as Intune-enrolled devices
+
+## Supported content types
+
+When clients download cloud-managed content, they use Delivery Optimization from the cache server installed on a Windows server or VM. Cloud-managed content includes the following types:
+
+- Windows Update for Business: Windows feature and quality updates
+- Office Click-to-Run apps: Microsoft 365 Apps and updates
+- Client apps: Microsoft Store apps and updates
+- Endpoint protection: Windows Defender definition updates
+
+For the full list of content endpoints that Microsoft Connected Cache for Enterprise and Education supports, see [Microsoft Connected Cache content and services endpoints](delivery-optimization-endpoints.md).
+
+## How it works
+
+MCC is a hybrid (mix of on-premises and cloud resources) SaaS solution built as an Azure IoT Edge module and Docker compatible Linux container deployed to your Windows devices. The Delivery Optimization team chose IoT Edge for Linux on Windows (EFLOW) as a secure, reliable container management infrastructure. EFLOW is a Linux virtual machine, based on Microsoft's first party CBL-Mariner operating system. It’s built with the IoT Edge runtime and validated as a tier 1 supported environment for IoT Edge workloads. MCC will be a Linux IoT Edge module running on the Windows Host OS.  
+
+1. The Azure Management Portal is used to create MCC nodes.
+1. The MCC container is deployed and provisioned to the server using the installer provided in the portal.
+1. Client policy is set in your management solution to point to the IP address or FQDN of the cache server.
+1. Microsoft end-user devices make range requests for content from the MCC node.
+1. The MCC node pulls content from the CDN, seeds its local cache stored on disk, and delivers the content to the client.
+1. Subsequent requests from end-user devices for content will now come from cache.
+1. If the MCC node is unavailable, the client will pull content from CDN to ensure uninterrupted service for your subscribers.
+
+The following diagram displays an overview of how MCC functions:
+
+:::image type="content" source="./images/waas-mcc-diag-overview.png" alt-text="Diagram displaying the components of MCC." lightbox="./images/waas-mcc-diag-overview.png":::
+
+## IoT Edge
+
+Even though your MCC scenario isn't related to IoT, Azure IoT Edge is used as a more generic Linux container deployment and management infrastructure. The Azure IoT Edge runtime sits on your designated MCC device and performs management and communication operations. The runtime performs several functions important to manage MCC on your edge device:
+
+1. Installs and updates MCC on your edge device.
+1. Maintains Azure IoT Edge security standards on your edge device.
+1. Ensures that MCC is always running.
+1. Reports MCC health and usage to the cloud for remote monitoring.
+  
+For more information on Azure IoT Edge, see the Azure IoT Edge [documentation](/azure/iot-edge/about-iot-edge).
diff --git a/windows/deployment/do/mcc-isp-overview.md b/windows/deployment/do/mcc-isp-overview.md
index e4236fdb8f..9395eaa9b9 100644
--- a/windows/deployment/do/mcc-isp-overview.md
+++ b/windows/deployment/do/mcc-isp-overview.md
@@ -9,4 +9,5 @@ ms.topic: article
 ms.date: 12/31/2017
 ms.technology: itpro-updates
 ms.collection: tier3
----
\ No newline at end of file
+---
+
diff --git a/windows/deployment/do/waas-microsoft-connected-cache.md b/windows/deployment/do/waas-microsoft-connected-cache.md
index dec5e3708d..d9337c78a1 100644
--- a/windows/deployment/do/waas-microsoft-connected-cache.md
+++ b/windows/deployment/do/waas-microsoft-connected-cache.md
@@ -12,7 +12,7 @@ ms.date: 12/31/2017
 ms.collection: tier3
 ---
 
-# Microsoft Connected Cache overview
+# What is Microsoft Connected Cache?
 
 **Applies to**
 

From b81b750a0d05284bbfb44b04582b490e075ee0e9 Mon Sep 17 00:00:00 2001
From: Amy Zhou <amyzhou@microsoft.com>
Date: Mon, 1 May 2023 17:53:27 -0700
Subject: [PATCH 055/107] fixed original overview, started ISPs overview

---
 windows/deployment/do/TOC.yml                 |  4 +-
 windows/deployment/do/mcc-ent-edu-overview.md |  7 +++-
 .../do/mcc-enterprise-prerequisites.md        |  1 +
 windows/deployment/do/mcc-isp-overview.md     | 32 ++++++++++++++-
 .../do/waas-microsoft-connected-cache.md      | 39 +++----------------
 5 files changed, 44 insertions(+), 39 deletions(-)

diff --git a/windows/deployment/do/TOC.yml b/windows/deployment/do/TOC.yml
index d386e42124..41763a5c9a 100644
--- a/windows/deployment/do/TOC.yml
+++ b/windows/deployment/do/TOC.yml
@@ -31,7 +31,7 @@
       href: waas-microsoft-connected-cache.md
     - name: MCC for Enterprise and Education
       items:
-      - name: What is MCC for Enterprise and Education?
+      - name: MCC for Enterprise and Education Overview
         href: mcc-ent-edu-overview.md
       - name: Requirements
         href: mcc-enterprise-prerequisites.md
@@ -43,7 +43,7 @@
         href: mcc-enterprise-appendix.md
     - name: MCC for ISPs
       items:
-      - name: What is MCC for ISPs?
+      - name: MCC for ISPs Overview
         href: mcc-isp-overview.md
       - name: How-to guides
         items:  
diff --git a/windows/deployment/do/mcc-ent-edu-overview.md b/windows/deployment/do/mcc-ent-edu-overview.md
index de8b8262a3..ac1fd7ba34 100644
--- a/windows/deployment/do/mcc-ent-edu-overview.md
+++ b/windows/deployment/do/mcc-ent-edu-overview.md
@@ -1,5 +1,5 @@
 ---
-title: What is MCC for Enterprise and Education?
+title: MCC for Enterprise and Education Overview
 manager: aaroncz
 description: Overview of Microsoft Connected Cache (MCC) for Enterprise and Education.
 ms.prod: windows-client
@@ -11,7 +11,7 @@ ms.technology: itpro-updates
 ms.collection: tier3
 ---
 
-# Microsoft Connected Cache for Enterprise and Education
+# Microsoft Connected Cache for Enterprise and Education Overview
 
 **Applies to**
 
@@ -21,6 +21,9 @@ ms.collection: tier3
 > [!IMPORTANT]
 > Microsoft Connected Cache is currently a preview feature. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
+> [!NOTE]
+> We're still accepting Enterprise and Education customers to join the early preview. To register your interest, fill out the survey located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup).
+
 Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. MCC can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune.
 
 Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For Microsoft Connected Cache in Configuration Manager (generally available starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache).
diff --git a/windows/deployment/do/mcc-enterprise-prerequisites.md b/windows/deployment/do/mcc-enterprise-prerequisites.md
index badea53748..d8282ff774 100644
--- a/windows/deployment/do/mcc-enterprise-prerequisites.md
+++ b/windows/deployment/do/mcc-enterprise-prerequisites.md
@@ -20,6 +20,7 @@ ms.collection: tier3
 
 > [!NOTE]
 > We're still accepting Enterprise and Education customers to join the early preview. To register your interest, fill out the survey located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup).
+
 ## Enterprise requirements for MCC
 
 1. **Azure subscription**: MCC management portal is hosted within Azure and is used to create the Connected Cache [Azure resource](/azure/cloud-adoption-framework/govern/resource-consistency/resource-access-management) and IoT Hub resource. Both are free services.
diff --git a/windows/deployment/do/mcc-isp-overview.md b/windows/deployment/do/mcc-isp-overview.md
index 9395eaa9b9..a1e7335919 100644
--- a/windows/deployment/do/mcc-isp-overview.md
+++ b/windows/deployment/do/mcc-isp-overview.md
@@ -1,5 +1,5 @@
 ---
-title: What is MCC for ISPs?
+title: MCC for ISPs Overview
 manager: aaroncz
 description: Overview for Microsoft Connected Cache for ISPs
 ms.prod: windows-client
@@ -11,3 +11,33 @@ ms.technology: itpro-updates
 ms.collection: tier3
 ---
 
+# Microsoft Connected Cache for ISPs Overview
+
+**Applies to**
+
+- Windows 10
+- Windows 11
+
+Microsoft Connected Cache (MCC) for Internet Service Providers (preview) is a software-only caching solution that delivers Microsoft content. MCC can be deployed to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, MCC can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing.
+
+## Supported scenarios
+
+Microsoft Connected Cache (preview) supports the following scenarios:
+
+- Internet service provider that provides content downloads for end customers
+- Network service providers that provide transit for other service providers
+
+## Supported content
+
+Microsoft Connected Cache uses Delivery Optimization as the backbone for Microsoft content delivery. Microsoft Connected Cache caches the following types:
+
+- Windows Update for Business: Windows feature and quality updates
+- Office Click-to-Run apps: Microsoft 365 Apps and updates
+- Client apps: Microsoft Store apps and updates
+- Endpoint protection: Windows Defender definition updates
+- Xbox: Xbox Game Pass (PC only)
+
+For the full list of content endpoints that Microsoft Connected Cache for ISPs supports, see [Microsoft Connected Cache content and services endpoints](delivery-optimization-endpoints.md).
+
+## How it works
+
diff --git a/windows/deployment/do/waas-microsoft-connected-cache.md b/windows/deployment/do/waas-microsoft-connected-cache.md
index d9337c78a1..b616087474 100644
--- a/windows/deployment/do/waas-microsoft-connected-cache.md
+++ b/windows/deployment/do/waas-microsoft-connected-cache.md
@@ -31,47 +31,18 @@ Both products are created and managed in the cloud portal.
 ## Microsoft Connected Cache for ISPs (preview)
 
 > [!NOTE]
-> Microsoft Connected Cache for Internet Service Providers is now in public preview. Instead of submitting a survey, you can directly onboard by following the instructions in the [Operator sign up and service onboarding](mcc-isp-signup.md) article.
+> Microsoft Connected Cache for Internet Service Providers is now in public preview. To onboard, follow the instructions in the [Operator sign up and service onboarding](mcc-isp-signup.md) article.
 
-Microsoft Connected Cache (MCC) for Internet Service Providers is currently in preview. MCC can be deployed to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, MCC can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing.
+Microsoft Connected Cache (MCC) for Internet Service Providers is currently in preview. MCC can be deployed to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, MCC can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing. Learn more at [Microsoft Connected Cache for ISPs Overview](mcc-isp-overview.md). 
 
 ## Microsoft Connected Cache for Enterprise and Education (early preview)
 
 > [!NOTE]
 > We're still accepting Enterprise and Education customers to join the early preview. To register your interest, fill out the survey located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup).
 
-Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. MCC can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune.
-
-MCC is a hybrid (mix of on-premises and cloud resources) SaaS solution built as an Azure IoT Edge module and Docker compatible Linux container deployed to your Windows devices. The Delivery Optimization team chose IoT Edge for Linux on Windows (EFLOW) as a secure, reliable container management infrastructure. EFLOW is a Linux virtual machine, based on Microsoft's first party CBL-Mariner operating system. It’s built with the IoT Edge runtime and validated as a tier 1 supported environment for IoT Edge workloads. MCC will be a Linux IoT Edge module running on the Windows Host OS.  
-
-## IoT Edge 
-
-Both of Microsoft Connected Cache product offerings use Azure IoT Edge. Even though your MCC scenario isn't related to IoT, Azure IoT Edge is used as a more generic Linux container deployment and management infrastructure. The Azure IoT Edge runtime sits on your designated MCC device and performs management and communication operations. The runtime performs several functions important to manage MCC on your edge device:
-
-1. Installs and updates MCC on your edge device.
-1. Maintains Azure IoT Edge security standards on your edge device.
-1. Ensures that MCC is always running.
-1. Reports MCC health and usage to the cloud for remote monitoring.
-  
-To deploy a functional MCC to your device, you must obtain the necessary keys to provision the Connected Cache instance that communicates with Delivery Optimization services, and enable the device to cache and deliver content. The architecture of MCC is described below.
-  
-For more information on Azure IoT Edge, see the Azure IoT Edge [documentation](/azure/iot-edge/about-iot-edge).
-
-## How MCC Works  
-
-1. The Azure Management Portal is used to create MCC nodes.
-1. The MCC container is deployed and provisioned to the server using the installer provided in the portal.
-1. Client policy is set in your management solution to point to the IP address or FQDN of the cache server.
-1. Microsoft end-user devices make range requests for content from the MCC node.
-1. The MCC node pulls content from the CDN, seeds its local cache stored on disk, and delivers the content to the client.
-1. Subsequent requests from end-user devices for content will now come from cache.
-1. If the MCC node is unavailable, the client will pull content from CDN to ensure uninterrupted service for your subscribers.
-
-The following diagram displays and overview of how MCC functions:
-
-:::image type="content" source="./images/waas-mcc-diag-overview.png" alt-text="Diagram displaying the components of MCC." lightbox="./images/waas-mcc-diag-overview.png":::
+Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. MCC can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune. Learn more at [Microsoft Connected Cache for Enterprise and Education Overview](mcc-ent-edu-overview.md).
 
 ## Next steps
 
-- [Microsoft Connected Cache for Enterprise and Education](mcc-enterprise-prerequisites.md)
-- [Microsoft Connected Cache for ISPs](mcc-isp-signup.md)
+- [Microsoft Connected Cache for ISPs Overview](mcc-isp-overview.md)
+- [Microsoft Connected Cache for Enterprise and Education Overview](mcc-ent-edu-overview.md)

From e05711b29996ad32d33e91181728d5c8a910dd9b Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 2 May 2023 13:36:28 -0400
Subject: [PATCH 056/107] generated new include fiiles

---
 includes/licensing/_edition-requirements.md   | 10 ++++-----
 includes/licensing/_licensing-requirements.md | 10 ++++-----
 .../licensing/access-control-aclsscals.md     |  2 +-
 includes/licensing/account-lockout-policy.md  |  2 +-
 .../licensing/always-on-vpn-device-tunnel.md  |  2 +-
 .../licensing/assigned-access-kiosk-mode.md   |  2 +-
 .../licensing/attack-surface-reduction-asr.md |  2 +-
 ...d-azure-ad-join-with-single-sign-on-sso.md |  2 +-
 includes/licensing/bitlocker.md               |  2 +-
 ...tooth-pairing-and-connection-protection.md |  2 +-
 .../common-criteria-certifications.md         |  2 +-
 .../licensing/controlled-folder-access.md     |  2 +-
 .../device-health-attestation-service.md      |  2 +-
 includes/licensing/direct-access.md           |  2 +-
 includes/licensing/email-encryption-smime.md  |  2 +-
 includes/licensing/encrypted-hard-drive.md    |  2 +-
 ...ed-phishing-protection-with-smartscreen.md |  2 +-
 includes/licensing/exploit-protection.md      |  2 +-
 ...fast-identity-online-fido2-security-key.md |  2 +-
 ...processing-standard-fips-140-validation.md |  2 +-
 includes/licensing/federated-sign-in.md       |  6 ++---
 .../hardware-enforced-stack-protection.md     |  2 +-
 ...ypervisor-protected-code-integrity-hvci.md |  2 +-
 ...nel-direct-memory-access-dma-protection.md |  2 +-
 .../local-administrator-password-solution.md  | 22 -------------------
 ...local-security-authority-lsa-protection.md |  2 +-
 ...-device-management-mdm-and-group-policy.md |  2 +-
 includes/licensing/measured-boot.md           |  2 +-
 .../licensing/microsoft-defender-antivirus.md |  2 +-
 ...pplication-guard-mdag-configure-via-mdm.md |  2 +-
 ...terprise-mode-and-enterprise-management.md |  2 +-
 ...ion-guard-mdag-for-edge-standalone-mode.md |  2 +-
 ...ication-guard-mdag-for-microsoft-office.md |  2 +-
 ...nder-application-guard-mdag-public-apis.md |  2 +-
 .../microsoft-defender-for-endpoint.md        |  4 ++--
 .../microsoft-defender-smartscreen.md         |  2 +-
 .../microsoft-pluton-security-processor.md    |  2 +-
 .../microsoft-vulnerable-driver-blocklist.md  |  2 +-
 .../opportunistic-wireless-encryption-owe.md  |  2 +-
 .../licensing/personal-data-encryption-pde.md |  2 +-
 includes/licensing/privacy-resource-usage.md  |  2 +-
 .../privacy-transparency-and-controls.md      |  2 +-
 ...wipe-autopilot-reset.md => remote-wipe.md} |  6 ++---
 .../licensing/secure-boot-and-trusted-boot.md |  2 +-
 .../secured-core-configuration-lock.md        |  2 +-
 includes/licensing/secured-core-pc.md         |  2 +-
 ...s-with-intune.md => security-baselines.md} |  6 ++---
 .../server-message-block-direct-smb-direct.md |  2 +-
 .../server-message-block-smb-file-service.md  |  2 +-
 includes/licensing/smart-app-control.md       |  2 +-
 .../smart-cards-for-windows-service.md        |  2 +-
 .../tamper-protection-settings-for-mde.md     |  2 +-
 .../licensing/transport-layer-security-tls.md |  2 +-
 .../trusted-platform-module-tpm-20.md         |  2 +-
 includes/licensing/universal-print.md         |  4 ++--
 .../licensing/user-account-control-uac.md     |  2 +-
 .../licensing/virtual-private-network-vpn.md  |  2 +-
 .../virtualization-based-security-vbs.md      |  2 +-
 includes/licensing/wifi-security.md           |  2 +-
 includes/licensing/windows-autopatch.md       |  2 +-
 includes/licensing/windows-autopilot.md       |  2 +-
 includes/licensing/windows-containers.md      |  2 +-
 ...ndows-defender-application-control-wdac.md |  2 +-
 .../windows-defender-credential-guard.md      |  2 +-
 ...indows-defender-remote-credential-guard.md |  2 +-
 .../windows-defender-system-guard.md          |  2 +-
 includes/licensing/windows-firewall.md        |  2 +-
 ...-business-enhanced-security-sign-in-ess.md |  2 +-
 .../licensing/windows-hello-for-business.md   |  2 +-
 includes/licensing/windows-laps.md            |  2 +-
 .../licensing/windows-presence-sensing.md     |  2 +-
 includes/licensing/windows-sandbox.md         |  2 +-
 ...s-security-policy-settings-and-auditing.md |  2 +-
 73 files changed, 88 insertions(+), 110 deletions(-)
 delete mode 100644 includes/licensing/local-administrator-password-solution.md
 rename includes/licensing/{remote-wipe-autopilot-reset.md => remote-wipe.md} (81%)
 rename includes/licensing/{security-baselines-with-intune.md => security-baselines.md} (81%)

diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md
index 8f7e70b8b4..ba1ba8a093 100644
--- a/includes/licensing/_edition-requirements.md
+++ b/includes/licensing/_edition-requirements.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/27/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
@@ -29,7 +29,7 @@ The following table lists the security features that are available in Windows, a
 |**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|
 |**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|Yes|Yes|
 |**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|
-|**[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)**|Yes|Yes|Yes|Yes|
+|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|
 |**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|
 |**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|
 |**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|
@@ -43,16 +43,16 @@ The following table lists the security features that are available in Windows, a
 |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules%23microsoft-vulnerable-driver-blocklist)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|
 |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|
 |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes|
 |**Privacy Resource Usage**|Yes|Yes|Yes|Yes|
 |**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|
-|**[Remote wipe (Autopilot reset)](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|
+|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|
 |**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|
 |**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|
 |**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|
-|**[Security baselines with Intune](/mem/intune/protect/security-baselines)**|Yes|Yes|Yes|Yes|
+|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|
 |**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|
 |**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|
 |**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md
index 9e822cdbe0..3f82675929 100644
--- a/includes/licensing/_licensing-requirements.md
+++ b/includes/licensing/_licensing-requirements.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/27/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
@@ -29,7 +29,7 @@ The following table lists the security features that are available in Windows, a
 |**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes|
 |**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|❌|Yes|Yes|
 |**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes|
-|**[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)**|Yes|Yes|Yes|Yes|Yes|
+|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|Yes|
 |**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes|
 |**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|Yes|
 |**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|Yes|
@@ -43,16 +43,16 @@ The following table lists the security features that are available in Windows, a
 |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|❌|Yes|❌|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules%23microsoft-vulnerable-driver-blocklist)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes|
 |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes|
 |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes|
 |**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes|
 |**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|Yes|
-|**[Remote wipe (Autopilot reset)](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes|
+|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes|
 |**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|Yes|
 |**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|Yes|
 |**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes|
-|**[Security baselines with Intune](/mem/intune/protect/security-baselines)**|Yes|Yes|Yes|Yes|Yes|
+|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|Yes|
 |**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|Yes|
 |**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/access-control-aclsscals.md b/includes/licensing/access-control-aclsscals.md
index 028929c987..fee9b83dd3 100644
--- a/includes/licensing/access-control-aclsscals.md
+++ b/includes/licensing/access-control-aclsscals.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/account-lockout-policy.md b/includes/licensing/account-lockout-policy.md
index 9d28314c22..31328de6f2 100644
--- a/includes/licensing/account-lockout-policy.md
+++ b/includes/licensing/account-lockout-policy.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/always-on-vpn-device-tunnel.md b/includes/licensing/always-on-vpn-device-tunnel.md
index 165e3355ce..5b43ce08c3 100644
--- a/includes/licensing/always-on-vpn-device-tunnel.md
+++ b/includes/licensing/always-on-vpn-device-tunnel.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/assigned-access-kiosk-mode.md b/includes/licensing/assigned-access-kiosk-mode.md
index 0aacfd0d54..bfc00c4cc6 100644
--- a/includes/licensing/assigned-access-kiosk-mode.md
+++ b/includes/licensing/assigned-access-kiosk-mode.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/attack-surface-reduction-asr.md b/includes/licensing/attack-surface-reduction-asr.md
index bdfa84be11..e2c046e4dd 100644
--- a/includes/licensing/attack-surface-reduction-asr.md
+++ b/includes/licensing/attack-surface-reduction-asr.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
index a2348b9f96..87edf7eca7 100644
--- a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
+++ b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/bitlocker.md b/includes/licensing/bitlocker.md
index e1d0482a14..38e2b82e71 100644
--- a/includes/licensing/bitlocker.md
+++ b/includes/licensing/bitlocker.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/bluetooth-pairing-and-connection-protection.md b/includes/licensing/bluetooth-pairing-and-connection-protection.md
index ea7d847692..616dd12ead 100644
--- a/includes/licensing/bluetooth-pairing-and-connection-protection.md
+++ b/includes/licensing/bluetooth-pairing-and-connection-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/common-criteria-certifications.md b/includes/licensing/common-criteria-certifications.md
index 67da2eaa80..53c559c7d6 100644
--- a/includes/licensing/common-criteria-certifications.md
+++ b/includes/licensing/common-criteria-certifications.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/controlled-folder-access.md b/includes/licensing/controlled-folder-access.md
index 6e8429962d..936de372ba 100644
--- a/includes/licensing/controlled-folder-access.md
+++ b/includes/licensing/controlled-folder-access.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/device-health-attestation-service.md b/includes/licensing/device-health-attestation-service.md
index 180599b676..cf90b200ad 100644
--- a/includes/licensing/device-health-attestation-service.md
+++ b/includes/licensing/device-health-attestation-service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/direct-access.md b/includes/licensing/direct-access.md
index 32f1858423..d51c6033ed 100644
--- a/includes/licensing/direct-access.md
+++ b/includes/licensing/direct-access.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/email-encryption-smime.md b/includes/licensing/email-encryption-smime.md
index 1e613f7ea7..14711602db 100644
--- a/includes/licensing/email-encryption-smime.md
+++ b/includes/licensing/email-encryption-smime.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/encrypted-hard-drive.md b/includes/licensing/encrypted-hard-drive.md
index 7f8eabb4fc..f88b491816 100644
--- a/includes/licensing/encrypted-hard-drive.md
+++ b/includes/licensing/encrypted-hard-drive.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
index c050417d86..a06a3d4d8a 100644
--- a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
+++ b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/exploit-protection.md b/includes/licensing/exploit-protection.md
index ee0105c7aa..b5ace06b04 100644
--- a/includes/licensing/exploit-protection.md
+++ b/includes/licensing/exploit-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/fast-identity-online-fido2-security-key.md b/includes/licensing/fast-identity-online-fido2-security-key.md
index 1fac120af3..6376058af8 100644
--- a/includes/licensing/fast-identity-online-fido2-security-key.md
+++ b/includes/licensing/fast-identity-online-fido2-security-key.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/federal-information-processing-standard-fips-140-validation.md b/includes/licensing/federal-information-processing-standard-fips-140-validation.md
index 4f43d3d758..cba61d9588 100644
--- a/includes/licensing/federal-information-processing-standard-fips-140-validation.md
+++ b/includes/licensing/federal-information-processing-standard-fips-140-validation.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md
index c1d9f41946..c1492f2b19 100644
--- a/includes/licensing/federated-sign-in.md
+++ b/includes/licensing/federated-sign-in.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
@@ -15,8 +15,8 @@ The following table lists the Windows editions that support Federated sign-in:
 
 Federated sign-in license entitlements are granted by the following licenses:
 
-|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|No|No|Yes|Yes|
+|No|No|No|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/hardware-enforced-stack-protection.md b/includes/licensing/hardware-enforced-stack-protection.md
index 7d197bf299..289501a6a5 100644
--- a/includes/licensing/hardware-enforced-stack-protection.md
+++ b/includes/licensing/hardware-enforced-stack-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/hypervisor-protected-code-integrity-hvci.md b/includes/licensing/hypervisor-protected-code-integrity-hvci.md
index 659a1e1a0f..ba0cf1484b 100644
--- a/includes/licensing/hypervisor-protected-code-integrity-hvci.md
+++ b/includes/licensing/hypervisor-protected-code-integrity-hvci.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/kernel-direct-memory-access-dma-protection.md b/includes/licensing/kernel-direct-memory-access-dma-protection.md
index c07f32a3f1..a171311457 100644
--- a/includes/licensing/kernel-direct-memory-access-dma-protection.md
+++ b/includes/licensing/kernel-direct-memory-access-dma-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/local-administrator-password-solution.md b/includes/licensing/local-administrator-password-solution.md
deleted file mode 100644
index a7f5eb6aba..0000000000
--- a/includes/licensing/local-administrator-password-solution.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 04/25/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Local Administrator Password Solution:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Local Administrator Password Solution license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/local-security-authority-lsa-protection.md b/includes/licensing/local-security-authority-lsa-protection.md
index f6b948f1a1..ac5cd05741 100644
--- a/includes/licensing/local-security-authority-lsa-protection.md
+++ b/includes/licensing/local-security-authority-lsa-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
index d0c8d30dd4..b852cf0a2a 100644
--- a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
+++ b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/measured-boot.md b/includes/licensing/measured-boot.md
index 873dd51db8..95c9ef12a9 100644
--- a/includes/licensing/measured-boot.md
+++ b/includes/licensing/measured-boot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-antivirus.md b/includes/licensing/microsoft-defender-antivirus.md
index 08df5e0218..8fc1f42bb6 100644
--- a/includes/licensing/microsoft-defender-antivirus.md
+++ b/includes/licensing/microsoft-defender-antivirus.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
index e754997c7a..fb9dae35ef 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
index 9dc9d2c111..0090aef8d1 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
index fe5677e4eb..a87ab98c51 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
index 3cbb70aa69..8b646454f9 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
index eeaf93367e..61f06b5748 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-for-endpoint.md b/includes/licensing/microsoft-defender-for-endpoint.md
index 312be13a46..a730169279 100644
--- a/includes/licensing/microsoft-defender-for-endpoint.md
+++ b/includes/licensing/microsoft-defender-for-endpoint.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Microsoft Defender for Endpoint license entitlements are granted by the followin
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|No|Yes|No|Yes|
+|No|No|Yes|No|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-smartscreen.md b/includes/licensing/microsoft-defender-smartscreen.md
index ff95861177..1f1233e529 100644
--- a/includes/licensing/microsoft-defender-smartscreen.md
+++ b/includes/licensing/microsoft-defender-smartscreen.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-pluton-security-processor.md b/includes/licensing/microsoft-pluton-security-processor.md
index d0f93bcb7c..fef0a04f28 100644
--- a/includes/licensing/microsoft-pluton-security-processor.md
+++ b/includes/licensing/microsoft-pluton-security-processor.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-vulnerable-driver-blocklist.md b/includes/licensing/microsoft-vulnerable-driver-blocklist.md
index 98dd69ad55..2e0d09d51c 100644
--- a/includes/licensing/microsoft-vulnerable-driver-blocklist.md
+++ b/includes/licensing/microsoft-vulnerable-driver-blocklist.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/opportunistic-wireless-encryption-owe.md b/includes/licensing/opportunistic-wireless-encryption-owe.md
index 953cb81211..c2db27f073 100644
--- a/includes/licensing/opportunistic-wireless-encryption-owe.md
+++ b/includes/licensing/opportunistic-wireless-encryption-owe.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/personal-data-encryption-pde.md b/includes/licensing/personal-data-encryption-pde.md
index 5626b57d96..e55327fa5a 100644
--- a/includes/licensing/personal-data-encryption-pde.md
+++ b/includes/licensing/personal-data-encryption-pde.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/privacy-resource-usage.md b/includes/licensing/privacy-resource-usage.md
index 2bea08f5e1..2726b9940a 100644
--- a/includes/licensing/privacy-resource-usage.md
+++ b/includes/licensing/privacy-resource-usage.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/privacy-transparency-and-controls.md b/includes/licensing/privacy-transparency-and-controls.md
index 2fec75d8c4..45c5829016 100644
--- a/includes/licensing/privacy-transparency-and-controls.md
+++ b/includes/licensing/privacy-transparency-and-controls.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/remote-wipe-autopilot-reset.md b/includes/licensing/remote-wipe.md
similarity index 81%
rename from includes/licensing/remote-wipe-autopilot-reset.md
rename to includes/licensing/remote-wipe.md
index c68c8ad2ed..f9f9cb9973 100644
--- a/includes/licensing/remote-wipe-autopilot-reset.md
+++ b/includes/licensing/remote-wipe.md
@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Remote wipe (Autopilot reset):
+The following table lists the Windows editions that support Remote wipe:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Remote wipe (Autopilot reset) license entitlements are granted by the following licenses:
+Remote wipe license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
diff --git a/includes/licensing/secure-boot-and-trusted-boot.md b/includes/licensing/secure-boot-and-trusted-boot.md
index 53b48d99cc..eb8e3f243b 100644
--- a/includes/licensing/secure-boot-and-trusted-boot.md
+++ b/includes/licensing/secure-boot-and-trusted-boot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/secured-core-configuration-lock.md b/includes/licensing/secured-core-configuration-lock.md
index dddf8843a4..4fca24c0c8 100644
--- a/includes/licensing/secured-core-configuration-lock.md
+++ b/includes/licensing/secured-core-configuration-lock.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/secured-core-pc.md b/includes/licensing/secured-core-pc.md
index 8fca64cb2c..4b939c510e 100644
--- a/includes/licensing/secured-core-pc.md
+++ b/includes/licensing/secured-core-pc.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/security-baselines-with-intune.md b/includes/licensing/security-baselines.md
similarity index 81%
rename from includes/licensing/security-baselines-with-intune.md
rename to includes/licensing/security-baselines.md
index 43b5f384ab..eece64a0d4 100644
--- a/includes/licensing/security-baselines-with-intune.md
+++ b/includes/licensing/security-baselines.md
@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Security baselines with Intune:
+The following table lists the Windows editions that support Security baselines:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Security baselines with Intune license entitlements are granted by the following licenses:
+Security baselines license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
diff --git a/includes/licensing/server-message-block-direct-smb-direct.md b/includes/licensing/server-message-block-direct-smb-direct.md
index 1b76968707..08fcde873f 100644
--- a/includes/licensing/server-message-block-direct-smb-direct.md
+++ b/includes/licensing/server-message-block-direct-smb-direct.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/server-message-block-smb-file-service.md b/includes/licensing/server-message-block-smb-file-service.md
index f39db20a54..badab98137 100644
--- a/includes/licensing/server-message-block-smb-file-service.md
+++ b/includes/licensing/server-message-block-smb-file-service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/smart-app-control.md b/includes/licensing/smart-app-control.md
index cfb6c198a6..92cf1df0fb 100644
--- a/includes/licensing/smart-app-control.md
+++ b/includes/licensing/smart-app-control.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/smart-cards-for-windows-service.md b/includes/licensing/smart-cards-for-windows-service.md
index b7a9d46f11..e3631ecafc 100644
--- a/includes/licensing/smart-cards-for-windows-service.md
+++ b/includes/licensing/smart-cards-for-windows-service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/tamper-protection-settings-for-mde.md b/includes/licensing/tamper-protection-settings-for-mde.md
index 06a01236ec..4a347eb0ad 100644
--- a/includes/licensing/tamper-protection-settings-for-mde.md
+++ b/includes/licensing/tamper-protection-settings-for-mde.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/transport-layer-security-tls.md b/includes/licensing/transport-layer-security-tls.md
index d0f2b933b2..0827acbdda 100644
--- a/includes/licensing/transport-layer-security-tls.md
+++ b/includes/licensing/transport-layer-security-tls.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/trusted-platform-module-tpm-20.md b/includes/licensing/trusted-platform-module-tpm-20.md
index 4b5197dd74..507e3a42d3 100644
--- a/includes/licensing/trusted-platform-module-tpm-20.md
+++ b/includes/licensing/trusted-platform-module-tpm-20.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/universal-print.md b/includes/licensing/universal-print.md
index 46f0afd2c6..42112d1a59 100644
--- a/includes/licensing/universal-print.md
+++ b/includes/licensing/universal-print.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Universal Print license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/user-account-control-uac.md b/includes/licensing/user-account-control-uac.md
index dca8cb0915..152ee532fe 100644
--- a/includes/licensing/user-account-control-uac.md
+++ b/includes/licensing/user-account-control-uac.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/virtual-private-network-vpn.md b/includes/licensing/virtual-private-network-vpn.md
index 61de672ee8..0749a1c128 100644
--- a/includes/licensing/virtual-private-network-vpn.md
+++ b/includes/licensing/virtual-private-network-vpn.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/virtualization-based-security-vbs.md b/includes/licensing/virtualization-based-security-vbs.md
index de05ea5d8e..65478e19ff 100644
--- a/includes/licensing/virtualization-based-security-vbs.md
+++ b/includes/licensing/virtualization-based-security-vbs.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/wifi-security.md b/includes/licensing/wifi-security.md
index 9507a7618a..b48b88988a 100644
--- a/includes/licensing/wifi-security.md
+++ b/includes/licensing/wifi-security.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-autopatch.md b/includes/licensing/windows-autopatch.md
index f67e2b5216..40aa73aa2e 100644
--- a/includes/licensing/windows-autopatch.md
+++ b/includes/licensing/windows-autopatch.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-autopilot.md b/includes/licensing/windows-autopilot.md
index 9c57cdb899..e0817f4ba8 100644
--- a/includes/licensing/windows-autopilot.md
+++ b/includes/licensing/windows-autopilot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-containers.md b/includes/licensing/windows-containers.md
index 0e4df6dcb8..bcf079d6d5 100644
--- a/includes/licensing/windows-containers.md
+++ b/includes/licensing/windows-containers.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-defender-application-control-wdac.md b/includes/licensing/windows-defender-application-control-wdac.md
index 3f81db1b61..b773a00934 100644
--- a/includes/licensing/windows-defender-application-control-wdac.md
+++ b/includes/licensing/windows-defender-application-control-wdac.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-defender-credential-guard.md b/includes/licensing/windows-defender-credential-guard.md
index d55e33af47..5acd060ced 100644
--- a/includes/licensing/windows-defender-credential-guard.md
+++ b/includes/licensing/windows-defender-credential-guard.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-defender-remote-credential-guard.md b/includes/licensing/windows-defender-remote-credential-guard.md
index 51feb6043b..afdb6dbff1 100644
--- a/includes/licensing/windows-defender-remote-credential-guard.md
+++ b/includes/licensing/windows-defender-remote-credential-guard.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-defender-system-guard.md b/includes/licensing/windows-defender-system-guard.md
index b4f7577506..c57688c93f 100644
--- a/includes/licensing/windows-defender-system-guard.md
+++ b/includes/licensing/windows-defender-system-guard.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-firewall.md b/includes/licensing/windows-firewall.md
index 12b7254fb9..4527a2042d 100644
--- a/includes/licensing/windows-firewall.md
+++ b/includes/licensing/windows-firewall.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
index 0b8095a9f8..76395b418b 100644
--- a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
+++ b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-hello-for-business.md b/includes/licensing/windows-hello-for-business.md
index cb8ec101ad..7f8dafb43e 100644
--- a/includes/licensing/windows-hello-for-business.md
+++ b/includes/licensing/windows-hello-for-business.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-laps.md b/includes/licensing/windows-laps.md
index dd378de2be..2bc6001b15 100644
--- a/includes/licensing/windows-laps.md
+++ b/includes/licensing/windows-laps.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/27/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-presence-sensing.md b/includes/licensing/windows-presence-sensing.md
index 25eda4a8de..7f941aa6ff 100644
--- a/includes/licensing/windows-presence-sensing.md
+++ b/includes/licensing/windows-presence-sensing.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-sandbox.md b/includes/licensing/windows-sandbox.md
index 1b23c6f198..bf4a39123f 100644
--- a/includes/licensing/windows-sandbox.md
+++ b/includes/licensing/windows-sandbox.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-security-policy-settings-and-auditing.md b/includes/licensing/windows-security-policy-settings-and-auditing.md
index 0fabeddb20..7582a2d315 100644
--- a/includes/licensing/windows-security-policy-settings-and-auditing.md
+++ b/includes/licensing/windows-security-policy-settings-and-auditing.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 04/25/2023
+ms.date: 05/02/2023
 ms.topic: include
 ---
 

From 906ff15a786f49a897c72f912788014515c82187 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 2 May 2023 13:48:36 -0400
Subject: [PATCH 057/107] updates

---
 education/windows/autopilot-reset.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md
index 15b7d22d04..adc2f3d815 100644
--- a/education/windows/autopilot-reset.md
+++ b/education/windows/autopilot-reset.md
@@ -20,8 +20,6 @@ To enable Autopilot Reset you must:
 1. [Enable the policy for the feature](#enable-autopilot-reset)
 2. [Trigger a reset for each device](#trigger-autopilot-reset)
 
-[!INCLUDE [remote-wipe-autopilot-reset](../../includes/licensing/remote-wipe-autopilot-reset.md)]
-
 ## Enable Autopilot Reset
 
 To use Autopilot Reset, [Windows Recovery Environment (WinRE) must be enabled on the device](#winre).

From 96e4c2a792cd9a1aace97a62d2ea3e415a7619a5 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 2 May 2023 13:59:08 -0400
Subject: [PATCH 058/107] updates

---
 includes/licensing/_licensing-requirements.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md
index 3f82675929..afa913f660 100644
--- a/includes/licensing/_licensing-requirements.md
+++ b/includes/licensing/_licensing-requirements.md
@@ -40,7 +40,7 @@ The following table lists the security features that are available in Windows, a
 |**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|❌|❌|❌|❌|
 |**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|❌|Yes|❌|Yes|
+|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|❌|❌|Yes|❌|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes|
@@ -60,7 +60,7 @@ The following table lists the security features that are available in Windows, a
 |**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes|
 |**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes|Yes|
+|**[Universal Print](/universal-print/)**|❌|Yes|Yes|Yes|Yes|
 |**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes|
 |**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes|

From 8419154d82474f89a797e2cc470edbb0cccf85f6 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 2 May 2023 16:01:55 -0400
Subject: [PATCH 059/107] updates

---
 includes/licensing/federated-sign-in.md             |  2 +-
 .../access-control/access-control.md                |  2 ++
 .../identity-protection/configure-s-mime.md         |  2 ++
 .../identity-protection/remote-credential-guard.md  | 13 ++-----------
 ...-card-how-smart-card-sign-in-works-in-windows.md |  2 ++
 .../user-account-control-overview.md                |  2 ++
 .../security/identity-protection/vpn/vpn-guide.md   |  2 ++
 .../bitlocker/bitlocker-overview.md                 |  2 ++
 .../information-protection/encrypted-hard-drive.md  |  2 ++
 .../kernel-dma-protection-for-thunderbolt.md        |  2 ++
 .../personal-data-encryption/overview-pde.md        |  2 ++
 .../windows-security-baselines.md                   |  2 ++
 12 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md
index c1492f2b19..7fbe9537a2 100644
--- a/includes/licensing/federated-sign-in.md
+++ b/includes/licensing/federated-sign-in.md
@@ -15,7 +15,7 @@ The following table lists the Windows editions that support Federated sign-in:
 
 Federated sign-in license entitlements are granted by the following licenses:
 
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
 |No|No|No|Yes|Yes|
 
diff --git a/windows/security/identity-protection/access-control/access-control.md b/windows/security/identity-protection/access-control/access-control.md
index 6bec9ee14c..b1ca0e2e0f 100644
--- a/windows/security/identity-protection/access-control/access-control.md
+++ b/windows/security/identity-protection/access-control/access-control.md
@@ -39,6 +39,8 @@ This content set contains:
   - [Service Accounts](/windows-server/identity/ad-ds/manage/understand-service-accounts)
   - [Active Directory Security Groups](/windows-server/identity/ad-ds/manage/understand-security-groups)
 
+[!INCLUDE [access-control-aclsscals](../../../../includes/licensing/access-control-aclsscals.md)]
+
 ## Practical applications
 
 Administrators who use the supported version of Windows can refine the application and management of access control to objects and subjects to provide the following security:
diff --git a/windows/security/identity-protection/configure-s-mime.md b/windows/security/identity-protection/configure-s-mime.md
index 317ef89a50..510e690593 100644
--- a/windows/security/identity-protection/configure-s-mime.md
+++ b/windows/security/identity-protection/configure-s-mime.md
@@ -20,6 +20,8 @@ Encrypted messages can be read only by recipients who have a certificate. If you
 
 A digitally signed message reassures the recipient that the message hasn't been tampered with and verifies the identity of the sender. Recipients can only verify the digital signature if they're using an email client that supports S/MIME.
 
+[!INCLUDE [email-encryption-smime](../../../includes/licensing/email-encryption-smime.md)]
+
 ## Prerequisites
 
 -   [S/MIME is enabled for Exchange accounts](/microsoft-365/security/office-365-security/s-mime-for-message-signing-and-encryption) (on-premises and Office 365). Users can't use S/MIME signing and encryption with a personal account such as Outlook.com.
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index 64e9869d2a..e80bc47f63 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -30,23 +30,14 @@ The following diagram helps you to understand how a standard Remote Desktop sess
 
 ![RDP connection to a server without Windows Defender Remote Credential Guard.png.](images/rdp-to-a-server-without-windows-defender-remote-credential-guard.png)
 
-<br />
-
 The following diagram helps you to understand how Windows Defender Remote Credential Guard works, what it helps to protect against, and compares it with the [Restricted Admin mode](https://social.technet.microsoft.com/wiki/contents/articles/32905.how-to-enable-restricted-admin-mode-for-remote-desktop.aspx) option:
 
 ![Windows Defender Remote Credential Guard.](images/windows-defender-remote-credential-guard-with-remote-admin-mode.png)
 
-<br />
 As illustrated, Windows Defender Remote Credential Guard blocks NTLM (allowing only Kerberos), prevents Pass-the-Hash (PtH) attacks, and also prevents use of credentials after disconnection.
 
-<br />
-<br />
 Use the following table to compare different Remote Desktop connection security options:
 
-<br />
-<br />
-
-
 | Feature | Remote Desktop | Windows Defender Remote Credential Guard | Restricted Admin mode |
 |--------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 |                                                 **Protection benefits**                                                  |                                Credentials on the server are not protected from Pass-the-Hash attacks.                                 |  User credentials remain on the client. An attacker can act on behalf of the user *only* when the session is ongoing   |                                                                                  User logs on to the server as local administrator, so an attacker cannot act on behalf of the "domain user". Any attack is local to the server                                                                                   |
@@ -58,12 +49,10 @@ Use the following table to compare different Remote Desktop connection security
 |                                                      **Multi-hop**                                                       |                        From the remote desktop, **you can connect through Remote Desktop to another computer**                         |                From the remote desktop, you **can connect through Remote Desktop to another computer**.                |                                                                                                                      Not allowed for user as the session is running as a local host account                                                                                                                       |
 |                                               **Supported authentication**                                               |                                                        Any negotiable protocol.                                                        |                                                     Kerberos only.                                                     |                                                                                                                                              Any negotiable protocol                                                                                                                                              |
 
-<br />
 
 For further technical information, see [Remote Desktop Protocol](/windows/win32/termserv/remote-desktop-protocol)
 and [How Kerberos works](/previous-versions/windows/it-pro/windows-2000-server/cc961963(v=technet.10)).
 
-<br />
 
 <a id="helpdesk"></a>
 
@@ -80,6 +69,8 @@ For further information on LAPS, see [Microsoft Security Advisory 3062591](https
 
 <a id="reqs"></a>
 
+[!INCLUDE [windows-defender-remote-credential-guard](../../../includes/licensing/windows-defender-remote-credential-guard.md)]
+
 ## Remote Credential Guard requirements
 
 To use Windows Defender Remote Credential Guard, the Remote Desktop client and remote host must meet the following requirements:
diff --git a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
index a44e2533fc..5d498cb152 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
@@ -21,3 +21,5 @@ This topic for IT professional provides links to resources about the implementat
 -   [Certificate Propagation Service](smart-card-certificate-propagation-service.md): Learn about how the certificate propagation service works when a smart card is inserted into a computer.
 
 -   [Smart Card Removal Policy Service](smart-card-removal-policy-service.md): Learn about using Group Policy to control what happens when a user removes a smart card.
+
+[!INCLUDE [smart-cards-for-windows-service](../../../../includes/licensing/smart-cards-for-windows-service.md)]
\ No newline at end of file
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-overview.md b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
index e85aae3ab9..ad89a60ec7 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-overview.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
@@ -18,6 +18,8 @@ Other apps, especially those that were not specifically designed with security s
 
 When an app needs to run with more than standard user rights, UAC allows users to run apps with their administrator token (with administrative groups and privileges) instead of their default, standard user access token. Users continue to operate in the standard user security context, while enabling certain apps to run with elevated privileges, if needed.
 
+[!INCLUDE [user-account-control-uac](../../../../includes/licensing/user-account-control-uac.md)]
+
 ## Practical applications
 
 Admin Approval Mode in UAC helps prevent malware from silently installing without an administrator's knowledge. It also helps protect from inadvertent system-wide changes. Lastly, it can be used to enforce a higher level of compliance where administrators must actively consent or provide credentials for each administrative process.
diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md
index 15f788082b..8a775eea81 100644
--- a/windows/security/identity-protection/vpn/vpn-guide.md
+++ b/windows/security/identity-protection/vpn/vpn-guide.md
@@ -14,6 +14,8 @@ To create a Windows 10 VPN device configuration profile see: [Windows 10 and Win
 > [!NOTE]
 > This guide does not explain server deployment.
 
+[!INCLUDE [virtual-private-network-vpn](../../../../includes/licensing/virtual-private-network-vpn.md)]
+
 ## In this guide
 
 | Article | Description  |
diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md
index a3b7a72ca1..d6c02185e3 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-overview.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md
@@ -52,6 +52,8 @@ BitLocker control panel, and they're appropriate to be used for automated deploy
 
 To find out what's new in BitLocker for Windows, such as support for the XTS-AES encryption algorithm, see [What's new in Windows 10, versions 1507 and 1511 for IT Pros: BitLocker](/windows/whats-new/whats-new-windows-10-version-1507-and-1511#bitlocker).
 
+[!INCLUDE [bitlocker](../../../../includes/licensing/bitlocker.md)]
+
 ## System requirements
 
 BitLocker has the following hardware requirements:
diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md
index 4523cd4552..035d511240 100644
--- a/windows/security/information-protection/encrypted-hard-drive.md
+++ b/windows/security/information-protection/encrypted-hard-drive.md
@@ -48,6 +48,8 @@ Encrypted hard drives are supported natively in the operating system through the
 
 If you're a storage device vendor who is looking for more info on how to implement Encrypted Hard Drive, see the [Encrypted Hard Drive Device Guide](/previous-versions/windows/hardware/design/dn653989(v=vs.85)).
 
+[!INCLUDE [encrypted-hard-drive](../../../includes/licensing/encrypted-hard-drive.md)]
+
 ## System Requirements
 
 To use encrypted hard drives, the following system requirements apply:
diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index eb8db70020..f0503ef3a9 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -41,6 +41,8 @@ When Kernel DMA Protection is enabled:
 - Peripherals with DMA Remapping-compatible device drivers will be automatically enumerated and started
 - Peripherals with DMA Remapping-incompatible drivers will be blocked from starting if the peripheral was plugged in before an authorized user logs in, or while the screen is locked. Once the system is unlocked, the peripheral driver will be started by the OS, and the peripheral will continue to function normally until the system is rebooted, or the peripheral is unplugged. The peripheral will continue to function normally if the user locks the screen or signs out of the system.
 
+[!INCLUDE [kernel-direct-memory-access-dma-protection](../../../includes/licensing/kernel-direct-memory-access-dma-protection.md)]
+
 ## System compatibility
 
 Kernel DMA Protection requires UEFI firmware support, and Virtualization-based Security (VBS) isn't required.
diff --git a/windows/security/information-protection/personal-data-encryption/overview-pde.md b/windows/security/information-protection/personal-data-encryption/overview-pde.md
index a88c9d276a..c7efa3d342 100644
--- a/windows/security/information-protection/personal-data-encryption/overview-pde.md
+++ b/windows/security/information-protection/personal-data-encryption/overview-pde.md
@@ -23,6 +23,8 @@ ms.date: 03/13/2023
 
 [!INCLUDE [Personal Data Encryption (PDE) description](includes/pde-description.md)]
 
+[!INCLUDE [personal-data-encryption-pde](../../../../includes/licensing/personal-data-encryption-pde.md)]
+
 ## Prerequisites
 
 ### Required
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
index 238193ef00..b4829615f9 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
@@ -41,6 +41,8 @@ For example, there are over 3,000 group policy settings for Windows 10, which do
 
 In modern organizations, the security threat landscape is constantly evolving, and IT pros and policy-makers must keep up with security threats and make required changes to security settings to help mitigate these threats. To enable faster deployments and make managing Microsoft products easier, Microsoft provides customers with security baselines that are available in consumable formats, such as group policy object backups.
 
+[!INCLUDE [security-baselines](../../../../includes/licensing/security-baselines.md)]
+
 ## Baseline principles
 
 Our recommendations follow a streamlined and efficient approach to baseline definitions. The foundation of that approach is essentially:

From 6c450bf008da9e63422a97faf047ea8a73716e0f Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 2 May 2023 16:30:13 -0400
Subject: [PATCH 060/107] split toc.yml

---
 .../credential-guard/toc.yml                  |  17 +++
 .../remote-credential-guard.md                | 107 +++++++-----------
 .../identity-protection/smart-cards/toc.yml   |  28 +++++
 windows/security/identity-protection/toc.yml  |  67 +----------
 .../virtual-smart-cards/toc.yml               |  17 +++
 5 files changed, 108 insertions(+), 128 deletions(-)
 create mode 100644 windows/security/identity-protection/credential-guard/toc.yml
 create mode 100644 windows/security/identity-protection/smart-cards/toc.yml
 create mode 100644 windows/security/identity-protection/virtual-smart-cards/toc.yml

diff --git a/windows/security/identity-protection/credential-guard/toc.yml b/windows/security/identity-protection/credential-guard/toc.yml
new file mode 100644
index 0000000000..3661af7b0e
--- /dev/null
+++ b/windows/security/identity-protection/credential-guard/toc.yml
@@ -0,0 +1,17 @@
+items:
+- name: Protect derived domain credentials with Credential Guard
+  href: credential-guard.md
+- name: How Credential Guard works
+  href: credential-guard-how-it-works.md
+- name: Requirements
+  href: credential-guard-requirements.md
+- name: Manage Credential Guard
+  href: credential-guard-manage.md
+- name: Credential Guard protection limits
+  href: credential-guard-protection-limits.md
+- name: Considerations when using Credential Guard
+  href: credential-guard-considerations.md
+- name: Additional mitigations
+  href: additional-mitigations.md
+- name: Known issues
+  href: credential-guard-known-issues.md
\ No newline at end of file
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index e80bc47f63..b0e29cd0e4 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -39,23 +39,19 @@ As illustrated, Windows Defender Remote Credential Guard blocks NTLM (allowing o
 Use the following table to compare different Remote Desktop connection security options:
 
 | Feature | Remote Desktop | Windows Defender Remote Credential Guard | Restricted Admin mode |
-|--------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-|                                                 **Protection benefits**                                                  |                                Credentials on the server are not protected from Pass-the-Hash attacks.                                 |  User credentials remain on the client. An attacker can act on behalf of the user *only* when the session is ongoing   |                                                                                  User logs on to the server as local administrator, so an attacker cannot act on behalf of the "domain user". Any attack is local to the server                                                                                   |
-|                                                   **Version support**                                                    |                                        The remote computer can run any Windows operating system                                        | Both the client and the remote computer must be running **at least Windows 10, version 1607, or Windows Server 2016**. | The remote computer must be running **at least patched Windows 7 or patched Windows Server 2008 R2**. <br /><br />For more information about patches (software updates) related to Restricted Admin mode, see [Microsoft Security Advisory 2871997](/security-updates/SecurityAdvisories/2016/2871997). |
-| **Helps prevent**   &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; |                             &nbsp;&nbsp;&nbsp;&nbsp; N/A &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;                              |                   <ul><li> Pass-the-Hash</li> <li>Use of a credential after disconnection </li></ul>                   |                                                                                                                <ul><li> Pass-the-Hash</li> <li>Use of domain identity during connection </li></ul>                                                                                                                |
-|                             **Credentials supported from the remote desktop client device**                              | <ul><li><b>Signed on</b> credentials <li> <b>Supplied</b> credentials<li> <b>Saved</b> credentials </ul> |                                  <ul><li> <b>Signed on</b> credentials only                                  |                                                                                        <ul><li><b>Signed on</b> credentials<li><b>Supplied</b> credentials<li><b>Saved</b> credentials</ul>                                                                                         |
-|                                                        **Access**                                                        |                           **Users allowed**, that is, members of Remote Desktop Users group of remote host.                            |                      **Users allowed**, that is, members of Remote Desktop Users of remote host.                       |                                                                                                              **Administrators only**, that is, only members of Administrators group of remote host.                                                                                                               |
-|                                                   **Network identity**                                                   |                               Remote Desktop session **connects to other resources as signed-in user**.                                |                       Remote Desktop session **connects to other resources as signed-in user**.                        |                                                                                                                 Remote Desktop session **connects to other resources as remote host's identity**.                                                                                                                 |
-|                                                      **Multi-hop**                                                       |                        From the remote desktop, **you can connect through Remote Desktop to another computer**                         |                From the remote desktop, you **can connect through Remote Desktop to another computer**.                |                                                                                                                      Not allowed for user as the session is running as a local host account                                                                                                                       |
-|                                               **Supported authentication**                                               |                                                        Any negotiable protocol.                                                        |                                                     Kerberos only.                                                     |                                                                                                                                              Any negotiable protocol                                                                                                                                              |
-
+|--|--|--|--|
+| **Protection benefits** | Credentials on the server are not protected from Pass-the-Hash attacks. | User credentials remain on the client. An attacker can act on behalf of the user *only* when the session is ongoing | User logs on to the server as local administrator, so an attacker cannot act on behalf of the "domain user". Any attack is local to the server |
+| **Version support** | The remote computer can run any Windows operating system | Both the client and the remote computer must be running **at least Windows 10, version 1607, or Windows Server 2016**. | The remote computer must be running **at least patched Windows 7 or patched Windows Server 2008 R2**. <br /><br />For more information about patches (software updates) related to Restricted Admin mode, see [Microsoft Security Advisory 2871997](/security-updates/SecurityAdvisories/2016/2871997). |
+| **Helps prevent**   &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; | &nbsp;&nbsp;&nbsp;&nbsp; N/A &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | <ul><li> Pass-the-Hash</li> <li>Use of a credential after disconnection </li></ul> | <ul><li> Pass-the-Hash</li> <li>Use of domain identity during connection </li></ul> |
+| **Credentials supported from the remote desktop client device** | <ul><li><b>Signed on</b> credentials <li> <b>Supplied</b> credentials<li> <b>Saved</b> credentials </ul> | <ul><li> <b>Signed on</b> credentials only | <ul><li><b>Signed on</b> credentials<li><b>Supplied</b> credentials<li><b>Saved</b> credentials</ul> |
+| **Access** | **Users allowed**, that is, members of Remote Desktop Users group of remote host. | **Users allowed**, that is, members of Remote Desktop Users of remote host. | **Administrators only**, that is, only members of Administrators group of remote host. |
+| **Network identity** | Remote Desktop session **connects to other resources as signed-in user**. | Remote Desktop session **connects to other resources as signed-in user**. | Remote Desktop session **connects to other resources as remote host's identity**. |
+| **Multi-hop** | From the remote desktop, **you can connect through Remote Desktop to another computer** | From the remote desktop, you **can connect through Remote Desktop to another computer**. | Not allowed for user as the session is running as a local host account |
+| **Supported authentication** | Any negotiable protocol. | Kerberos only. | Any negotiable protocol |
 
 For further technical information, see [Remote Desktop Protocol](/windows/win32/termserv/remote-desktop-protocol)
 and [How Kerberos works](/previous-versions/windows/it-pro/windows-2000-server/cc961963(v=technet.10)).
 
-
-<a id="helpdesk"></a>
-
 ## Remote Desktop connections and helpdesk support scenarios
 
 For helpdesk support scenarios in which personnel require administrative access to provide remote assistance to computer users via Remote Desktop sessions, Microsoft recommends that Windows Defender Remote Credential Guard should not be used in that context. This is because if an RDP session is initiated to a compromised client that an attacker already controls, the attacker could use that open channel to create sessions on the user's behalf (without compromising credentials) to access any of the user's resources for a limited time (a few hours) after the session disconnects.
@@ -66,9 +62,6 @@ To further harden security, we also recommend that you implement Local Administr
 
 For further information on LAPS, see [Microsoft Security Advisory 3062591](https://technet.microsoft.com/library/security/3062591.aspx).
 
-
-<a id="reqs"></a>
-
 [!INCLUDE [windows-defender-remote-credential-guard](../../../includes/licensing/windows-defender-remote-credential-guard.md)]
 
 ## Remote Credential Guard requirements
@@ -77,20 +70,17 @@ To use Windows Defender Remote Credential Guard, the Remote Desktop client and r
 
 The Remote Desktop client device:
 
--  Must be running at least Windows 10, version 1703 to be able to supply credentials, which is sent to the remote device. This allows users to run as different users without having to send credentials to the remote machine.
-
--  Must be running at least Windows 10, version 1607 or Windows Server 2016 to use the user's signed-in credentials. This requires the user's account be able to sign in to both the client device and the remote host.
-
--  Must be running the Remote Desktop Classic Windows application. The Remote Desktop Universal Windows Platform application doesn't support Windows Defender Remote Credential Guard.
-
--  Must use Kerberos authentication to connect to the remote host. If the client cannot connect to a domain controller, then RDP attempts to fall back to NTLM. Windows Defender Remote Credential Guard does not allow NTLM fallback because this would expose credentials to risk.
+- Must be running at least Windows 10, version 1703 to be able to supply credentials, which is sent to the remote device. This allows users to run as different users without having to send credentials to the remote machine
+- Must be running at least Windows 10, version 1607 or Windows Server 2016 to use the user's signed-in credentials. This requires the user's account be able to sign in to both the client device and the remote host
+- Must be running the Remote Desktop Classic Windows application. The Remote Desktop Universal Windows Platform application doesn't support Windows Defender Remote Credential Guard
+- Must use Kerberos authentication to connect to the remote host. If the client cannot connect to a domain controller, then RDP attempts to fall back to NTLM. Windows Defender Remote Credential Guard does not allow NTLM fallback because this would expose credentials to risk
 
 The Remote Desktop remote host:
 
--  Must be running at least Windows 10, version 1607 or Windows Server 2016.
--  Must allow Restricted Admin connections.
--  Must allow the client's domain user to access Remote Desktop connections.
--  Must allow delegation of non-exportable credentials.
+- Must be running at least Windows 10, version 1607 or Windows Server 2016.
+- Must allow Restricted Admin connections.
+- Must allow the client's domain user to access Remote Desktop connections.
+- Must allow delegation of non-exportable credentials.
 
 There are no hardware requirements for Windows Defender Remote Credential Guard.
 
@@ -100,31 +90,26 @@ There are no hardware requirements for Windows Defender Remote Credential Guard.
 > GPO [Remote host allows delegation of non-exportable credentials](/windows/client-management/mdm/policy-csp-credentialsdelegation) should be enabled for delegation of non-exportable credentials.
 
 - For Windows Defender Remote Credential Guard to be supported, the user must authenticate to the remote host using Kerberos authentication.
-
 - The remote host must be running at least Windows 10 version 1607, or Windows Server 2016.
-
 - The Remote Desktop classic Windows app is required. The Remote Desktop Universal Windows Platform app doesn't support Windows Defender Remote Credential Guard.
 
 ## Enable Windows Defender Remote Credential Guard
 
 You must enable Restricted Admin or Windows Defender Remote Credential Guard on the remote host by using the Registry.
 
-1. Open Registry Editor on the remote host.
+1. Open Registry Editor on the remote host
+1. Enable Restricted Admin and Windows Defender Remote Credential Guard:
 
-2. Enable Restricted Admin and Windows Defender Remote Credential Guard:
+  - Go to `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa`
+  - Add a new DWORD value named **DisableRestrictedAdmin**
+  - To turn on Restricted Admin and Windows Defender Remote Credential Guard, set the value of this registry setting to 0
 
-    - Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa.
-    
-    - Add a new DWORD value named **DisableRestrictedAdmin**.
-    
-    - To turn on Restricted Admin and Windows Defender Remote Credential Guard, set the value of this registry setting to 0.
-    
-3. Close Registry Editor.
+1. Close Registry Editor
 
 You can add this by running the following command from an elevated command prompt:
 
-```console
-reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /d 0 /t REG_DWORD
+```cmd
+reg.exe add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /d 0 /t REG_DWORD
 ```
 
 ## Using Windows Defender Remote Credential Guard
@@ -133,36 +118,28 @@ Beginning with Windows 10 version 1703, you can enable Windows Defender Remote C
 
 ### Turn on Windows Defender Remote Credential Guard by using Group Policy
 
-1. From the Group Policy Management Console, go to **Computer Configuration** -> **Administrative Templates** -> **System** -> **Credentials Delegation**.
-
-2. Double-click **Restrict delegation of credentials to remote servers**.
-
+1. From the Group Policy Management Console, go to **Computer Configuration** -> **Administrative Templates** -> **System** -> **Credentials Delegation**
+1. Double-click **Restrict delegation of credentials to remote servers**
     ![Windows Defender Remote Credential Guard Group Policy.](images/remote-credential-guard-gp.png)
-
-3. Under **Use the following restricted mode**:
-
-   - If you want to require either [Restricted Admin mode](https://social.technet.microsoft.com/wiki/contents/articles/32905.remote-desktop-services-enable-restricted-admin-mode.aspx) or Windows Defender Remote Credential Guard, choose **Restrict Credential Delegation**. In this configuration, Windows Defender Remote Credential Guard is preferred, but it will use Restricted Admin mode (if supported) when Windows Defender Remote Credential Guard cannot be used.
+1. Under **Use the following restricted mode**:
+  - If you want to require either [Restricted Admin mode](https://social.technet.microsoft.com/wiki/contents/articles/32905.remote-desktop-services-enable-restricted-admin-mode.aspx) or Windows Defender Remote Credential Guard, choose **Restrict Credential Delegation**. In this configuration, Windows Defender Remote Credential Guard is preferred, but it will use Restricted Admin mode (if supported) when Windows Defender Remote Credential Guard cannot be used
 
      > [!NOTE]
      > Neither Windows Defender Remote Credential Guard nor Restricted Admin mode will send credentials in clear text to the Remote Desktop server.
      > When **Restrict Credential Delegation** is enabled, the /restrictedAdmin switch will be ignored. Windows will enforce the policy configuration instead and will use Windows Defender Remote Credential Guard. 
 
-   - If you want to require Windows Defender Remote Credential Guard, choose **Require Remote Credential Guard**. With this setting, a Remote Desktop connection will succeed only if the remote computer meets the [requirements](#reqs) listed earlier in this topic.
-
-   - If you  want to require Restricted Admin mode, choose **Require Restricted Admin**. For information about Restricted Admin mode, see the table in [Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options](#comparing-remote-credential-guard-with-other-remote-desktop-connection-options), earlier in this topic.
-
-4. Click **OK**.
-
-5. Close the Group Policy Management Console.
-
-6. From a command prompt, run **gpupdate.exe /force** to ensure that the Group Policy object is applied.
+  - If you want to require Windows Defender Remote Credential Guard, choose **Require Remote Credential Guard**. With this setting, a Remote Desktop connection will succeed only if the remote computer meets the [requirements](#reqs) listed earlier in this topic.
+  - If you  want to require Restricted Admin mode, choose **Require Restricted Admin**. For information about Restricted Admin mode, see the table in [Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options](#comparing-remote-credential-guard-with-other-remote-desktop-connection-options), earlier in this topic.
 
+1. Click **OK**
+1. Close the Group Policy Management Console
+1. From a command prompt, run **gpupdate.exe /force** to ensure that the Group Policy object is applied
 
 ### Use Windows Defender Remote Credential Guard with a parameter to Remote Desktop Connection
 
 If you don't use Group Policy in your organization, or if not all your remote hosts support Remote Credential Guard, you can add the remoteGuard parameter when you start Remote Desktop Connection to turn on Windows Defender Remote Credential Guard for that connection.
 
-```console
+```cmd
 mstsc.exe /remoteGuard
 ```
 
@@ -171,12 +148,8 @@ mstsc.exe /remoteGuard
 
 ## Considerations when using Windows Defender Remote Credential Guard
 
-- Windows Defender Remote Credential Guard does not support compound authentication. For example, if you're trying to access a file server from a remote host that requires a device claim, access will be denied.
-
-- Windows Defender Remote Credential Guard can be used only when connecting to a device that is joined to a Windows Server Active Directory domain, including AD domain-joined servers that run as Azure virtual machines (VMs). Windows Defender Remote Credential Guard cannot be used when connecting to remote devices joined to Azure Active Directory.
-
-- Remote Desktop Credential Guard only works with the RDP protocol.
-
-- No credentials are sent to the target device, but the target device still acquires Kerberos Service Tickets on its own.
-
-- The server and client must authenticate using Kerberos.
+- Windows Defender Remote Credential Guard does not support compound authentication. For example, if you're trying to access a file server from a remote host that requires a device claim, access will be denied
+- Windows Defender Remote Credential Guard can be used only when connecting to a device that is joined to a Windows Server Active Directory domain, including AD domain-joined servers that run as Azure virtual machines (VMs). Windows Defender Remote Credential Guard cannot be used when connecting to remote devices joined to Azure Active Directory
+- Remote Desktop Credential Guard only works with the RDP protocol
+- No credentials are sent to the target device, but the target device still acquires Kerberos Service Tickets on its own
+- The server and client must authenticate using Kerberos
diff --git a/windows/security/identity-protection/smart-cards/toc.yml b/windows/security/identity-protection/smart-cards/toc.yml
new file mode 100644
index 0000000000..0d82f8c3a7
--- /dev/null
+++ b/windows/security/identity-protection/smart-cards/toc.yml
@@ -0,0 +1,28 @@
+items:
+- name: Smart Card Technical Reference
+  href: smart-card-windows-smart-card-technical-reference.md
+  items:
+    - name: How Smart Card Sign-in Works in Windows
+      href: smart-card-how-smart-card-sign-in-works-in-windows.md
+      items:
+        - name: Smart Card Architecture
+          href: smart-card-architecture.md
+        - name: Certificate Requirements and Enumeration
+          href: smart-card-certificate-requirements-and-enumeration.md
+        - name: Smart Card and Remote Desktop Services
+          href: smart-card-and-remote-desktop-services.md
+        - name: Smart Cards for Windows Service
+          href: smart-card-smart-cards-for-windows-service.md
+        - name: Certificate Propagation Service
+          href: smart-card-certificate-propagation-service.md
+        - name: Smart Card Removal Policy Service
+          href: smart-card-removal-policy-service.md
+    - name: Smart Card Tools and Settings
+      href: smart-card-tools-and-settings.md
+      items:
+        - name: Smart Cards Debugging Information
+          href: smart-card-debugging-information.md
+        - name: Smart Card Group Policy and Registry Settings
+          href: smart-card-group-policy-and-registry-settings.md
+        - name: Smart Card Events
+          href: smart-card-events.md
\ No newline at end of file
diff --git a/windows/security/identity-protection/toc.yml b/windows/security/identity-protection/toc.yml
index 3190bc8236..c4b3478397 100644
--- a/windows/security/identity-protection/toc.yml
+++ b/windows/security/identity-protection/toc.yml
@@ -16,50 +16,9 @@ items:
     - name: Federated sign-in 🔗
       href: /education/windows/federated-sign-in
     - name: Smart Cards
-      href: smart-cards/smart-card-windows-smart-card-technical-reference.md
-      items:
-        - name: How Smart Card Sign-in Works in Windows
-          href: smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
-          items:
-            - name: Smart Card Architecture
-              href: smart-cards/smart-card-architecture.md
-            - name: Certificate Requirements and Enumeration
-              href: smart-cards/smart-card-certificate-requirements-and-enumeration.md
-            - name: Smart Card and Remote Desktop Services
-              href: smart-cards/smart-card-and-remote-desktop-services.md
-            - name: Smart Cards for Windows Service
-              href: smart-cards/smart-card-smart-cards-for-windows-service.md
-            - name: Certificate Propagation Service
-              href: smart-cards/smart-card-certificate-propagation-service.md
-            - name: Smart Card Removal Policy Service
-              href: smart-cards/smart-card-removal-policy-service.md
-        - name: Smart Card Tools and Settings
-          href: smart-cards/smart-card-tools-and-settings.md
-          items:
-            - name: Smart Cards Debugging Information
-              href: smart-cards/smart-card-debugging-information.md
-            - name: Smart Card Group Policy and Registry Settings
-              href: smart-cards/smart-card-group-policy-and-registry-settings.md
-            - name: Smart Card Events
-              href: smart-cards/smart-card-events.md
-        - name: Virtual smart cards
-          href: virtual-smart-cards/virtual-smart-card-overview.md
-          items:
-            - name: Understand and evaluate virtual smart cards
-              href: virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
-              items:
-                - name: Get started with virtual smart cards
-                  href: virtual-smart-cards/virtual-smart-card-get-started.md
-                - name: Use virtual smart cards
-                  href: virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
-                - name: Deploy virtual smart cards
-                  href: virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
-                - name: Evaluate virtual smart card security
-                  href: virtual-smart-cards/virtual-smart-card-evaluate-security.md
-            - name: Tpmvscmgr
-              href: virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
-    - name: Windows LAPS (Local Administrator Password Solution) 🔗
-      href: /windows-server/identity/laps/laps-overview
+      href: smart-cards/toc.yml
+    - name: Virtual smart cards
+      href: virtual-smart-cards/toc.yml
     - name: Enterprise Certificate Pinning
       href: enterprise-certificate-pinning.md
   - name: Advanced credential protection
@@ -68,6 +27,8 @@ items:
       href: ../threat-protection/security-policy-settings/account-lockout-policy.md
     - name: Technical support policy for lost or forgotten passwords
       href: password-support-policy.md
+    - name: Windows LAPS (Local Administrator Password Solution) 🔗
+      href: /windows-server/identity/laps/laps-overview
     - name: Enhanced Phishing Protection in Microsoft Defender SmartScreen
       href: ../threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
     - name: Access Control
@@ -79,22 +40,6 @@ items:
     - name: Security policy settings 🔗
       href: ../threat-protection/security-policy-settings/security-policy-settings.md
     - name: Windows Defender Credential Guard
-      items:
-      - name: Protect derived domain credentials with Credential Guard
-        href: credential-guard/credential-guard.md
-      - name: How Credential Guard works
-        href: credential-guard/credential-guard-how-it-works.md
-      - name: Requirements
-        href: credential-guard/credential-guard-requirements.md
-      - name: Manage Credential Guard
-        href: credential-guard/credential-guard-manage.md
-      - name: Credential Guard protection limits
-        href: credential-guard/credential-guard-protection-limits.md
-      - name: Considerations when using Credential Guard
-        href: credential-guard/credential-guard-considerations.md
-      - name: Additional mitigations
-        href: credential-guard/additional-mitigations.md
-      - name: Known issues
-        href: credential-guard/credential-guard-known-issues.md
+      href: credential-guard/toc.yml
   - name: Windows Defender Remote Credential Guard
     href: remote-credential-guard.md
\ No newline at end of file
diff --git a/windows/security/identity-protection/virtual-smart-cards/toc.yml b/windows/security/identity-protection/virtual-smart-cards/toc.yml
new file mode 100644
index 0000000000..68842b6001
--- /dev/null
+++ b/windows/security/identity-protection/virtual-smart-cards/toc.yml
@@ -0,0 +1,17 @@
+items:
+- name: Virtual Smart Card overview
+  href: virtual-smart-card-overview.md
+  items:
+    - name: Understand and evaluate virtual smart cards
+      href: virtual-smart-card-understanding-and-evaluating.md
+      items:
+        - name: Get started with virtual smart cards
+          href: virtual-smart-card-get-started.md
+        - name: Use virtual smart cards
+          href: virtual-smart-card-use-virtual-smart-cards.md
+        - name: Deploy virtual smart cards
+          href: virtual-smart-card-deploy-virtual-smart-cards.md
+        - name: Evaluate virtual smart card security
+          href: virtual-smart-card-evaluate-security.md
+    - name: Tpmvscmgr
+      href: virtual-smart-card-tpmvscmgr.md
\ No newline at end of file

From dd859fa1d3298239e2528dbd5e761fa95b3a81bc Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Wed, 3 May 2023 10:21:12 -0400
Subject: [PATCH 061/107] Update remotewipe-csp.md

---
 windows/client-management/mdm/remotewipe-csp.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md
index 89cac77fc9..0952b72d79 100644
--- a/windows/client-management/mdm/remotewipe-csp.md
+++ b/windows/client-management/mdm/remotewipe-csp.md
@@ -19,6 +19,8 @@ ms.topic: reference
 <!-- RemoteWipe-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely reset a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely reset after being lost or stolen. Enterprise IT Professionals can update these settings by using the Exchange Server.
+
+[!INCLUDE [remote-wipe](../../../includes/licensing/remote-wipe.md)]
 <!-- RemoteWipe-Editable-End -->
 
 <!-- RemoteWipe-Tree-Begin -->

From 1a230785bea3eec92024df37404ee223710088fa Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Wed, 3 May 2023 10:23:15 -0400
Subject: [PATCH 062/107] Update windowsdefenderapplicationguard-csp.md

---
 .../mdm/windowsdefenderapplicationguard-csp.md                  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index a92d9f018f..811d36e770 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -19,6 +19,8 @@ ms.topic: reference
 <!-- WindowsDefenderApplicationGuard-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in Microsoft Defender Application Guard. This CSP was added in Windows 10, version 1709.
+
+[!INCLUDE [microsoft-defender-application-guard-mdag-configure-via-mdm](../../../includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md)]
 <!-- WindowsDefenderApplicationGuard-Editable-End -->
 
 <!-- WindowsDefenderApplicationGuard-Tree-Begin -->

From d7d694b8a4890edbbd68a3fa408bd34133ae4cd9 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 4 May 2023 09:19:21 -0400
Subject: [PATCH 063/107] updated links

---
 windows/security/identity-protection/toc.yml |   4 +
 windows/whats-new/windows-licensing.md       | 124 +++++++++++--------
 2 files changed, 79 insertions(+), 49 deletions(-)

diff --git a/windows/security/identity-protection/toc.yml b/windows/security/identity-protection/toc.yml
index c4b3478397..c90f5b2316 100644
--- a/windows/security/identity-protection/toc.yml
+++ b/windows/security/identity-protection/toc.yml
@@ -19,6 +19,7 @@ items:
       href: smart-cards/toc.yml
     - name: Virtual smart cards
       href: virtual-smart-cards/toc.yml
+      displayName: VSC
     - name: Enterprise Certificate Pinning
       href: enterprise-certificate-pinning.md
   - name: Advanced credential protection
@@ -28,13 +29,16 @@ items:
     - name: Technical support policy for lost or forgotten passwords
       href: password-support-policy.md
     - name: Windows LAPS (Local Administrator Password Solution) 🔗
+      displayName: LAPS
       href: /windows-server/identity/laps/laps-overview
     - name: Enhanced Phishing Protection in Microsoft Defender SmartScreen
       href: ../threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
+      displayName: EPP
     - name: Access Control
       items:
       - name: Overview
         href: access-control/access-control.md
+        displayName: ACL
       - name: Local Accounts
         href: access-control/local-accounts.md
     - name: Security policy settings 🔗
diff --git a/windows/whats-new/windows-licensing.md b/windows/whats-new/windows-licensing.md
index e45dbf9886..212d022557 100644
--- a/windows/whats-new/windows-licensing.md
+++ b/windows/whats-new/windows-licensing.md
@@ -8,7 +8,7 @@ manager: aaroncz
 ms.collection:
 - tier2
 ms.topic: conceptual
-ms.date: 04/24/2023
+ms.date: 05/04/2023
 appliesto:
 - ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 ms.technology: itpro-security
@@ -19,7 +19,7 @@ ms.technology: itpro-security
 This document provides an overview of the products and use rights available through Microsoft Commercial Licensing, information about the products that are eligible for upgrades, and the key choices you have for using Windows in your organization.
 
 > [!NOTE]
-> The content of this article doesn't replace or override other licensing documentation, such as the Windows 11 End User License Agreement or [Commercial Licensing Product Terms](https://www.microsoft.com/licensing/product-licensing/products.aspx).
+> The content of this article doesn't replace or override other licensing documentation, such as the Windows 11 End User License Agreement or [Commercial Licensing Product Terms][EXT-4].
 
 ## Windows 11 editions
 
@@ -31,7 +31,7 @@ The following table lists the editions of Windows 11 available through each Micr
 
 ## Windows desktop offerings available through Commercial Licensing
 
-The following offerings are available for purchase through [Microsoft Commercial Licensing](https://www.microsoft.com/licensing):
+The following offerings are available for purchase through [Microsoft Commercial Licensing][EXT-5]:
 
 |Product|Description|Availability|
 |-|-|-|
@@ -67,13 +67,13 @@ The following table describes the unique Windows Enterprise edition features:
 
 | OS-based feature | Description |
 |-|-|
-|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard-requirements)**|Protects against user credential harvesting and pass-the-hash attacks or pass the token attacks.|
-|**[Managed Microsoft Defender Application Guard for Microsoft Edge](/deployedge/microsoft-edge-security-windows-defender-application-guard)**| Isolates enterprise-defined untrusted sites with virtualization-based security from Windows, protecting your organization while users browse the Internet.|
-|**[Modern BitLocker Management](/windows/security/information-protection/bitlocker/bitlocker-overview)** | Allows you to eliminate on-premises tools to monitor and support BitLocker recovery scenarios. |  
-|**[Personal Data Encryption](/windows/security/information-protection/personal-data-encryption/overview-pde)**|Encrypts individual's content using Windows Hello for Business to link the encryption keys to user credentials.|
-|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|Connect remote users to the organization network without the need for traditional VPN connections.|
-|**[Always-On VPN device tunnel](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Advanced security capabilities to restrict the type of traffic and which applications can use the VPN connection.|
-|**[Windows Experience customization](/windows/client-management/mdm/policy-csp-experience)**|Settings to lock down the user experience of corporate desktops and Shell Launcher with Unified Write Filter for frontline workers devices or public kiosks.|
+|**[Windows Defender Credential Guard][WIN-1]**|Protects against user credential harvesting and pass-the-hash attacks or pass the token attacks.|
+|**[Managed Microsoft Defender Application Guard for Microsoft Edge][EDGE-1]**| Isolates enterprise-defined untrusted sites with virtualization-based security from Windows, protecting your organization while users browse the Internet.|
+|**[Modern BitLocker Management][WIN-2]** | Allows you to eliminate on-premises tools to monitor and support BitLocker recovery scenarios. |  
+|**[Personal Data Encryption][WIN-3]**|Encrypts individual's content using Windows Hello for Business to link the encryption keys to user credentials.|
+|**[Direct Access][WINS-1]**|Connect remote users to the organization network without the need for traditional VPN connections.|
+|**[Always-On VPN device tunnel][WINS-2]**|Advanced security capabilities to restrict the type of traffic and which applications can use the VPN connection.|
+|**[Windows Experience customization][WIN-4]**|Settings to lock down the user experience of corporate desktops and Shell Launcher with Unified Write Filter for frontline workers devices or public kiosks.|
 
 #### Windows 11 Enterprise cloud-based capabilities
 
@@ -81,13 +81,13 @@ The following table describes the unique Windows Enterprise cloud-based features
 
 |Cloud-based feature | Description |
 |-|-|
-|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**|Enables you to *step-up* from **Windows Pro edition** to **Enterprise edition**. You can eliminate license key management and the deployment of Enterprise edition images.|
-|**[Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview)**|Cloud service that puts Microsoft in control of automating updates to Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams.|
-|**[Windows Update For Business deployment service](/windows/deployment/update/deployment-service-overview)**|This cloud service gives you the control over the approval, scheduling, and safeguarding of quality, feature upgrades, and driver updates delivered from Windows Update.|
-|**[Universal Print](/universal-print/)**|Removes the need for on-premises print servers and enables any endpoint to print to cloud registered printers.|
-|**[Microsoft Connected Cache](/windows/deployment/do/waas-delivery-optimization)**|A software solution that caches app and OS updates on the local network to save Internet bandwidth in locations with limited connectivity.|
-|**[Endpoint analytics proactive remediation](/mem/analytics/proactive-remediations)**|Helps you fix common support issues before end-users notice them.|
-|**[Organizational messages](/mem/intune/remote-actions/organizational-messages-overview)**|Keeps employees informed with organizational messages directly inserted in Windows UI surfaces.|
+|**[Windows subscription activation][WIN-5]**|Enables you to *step-up* from **Windows Pro edition** to **Enterprise edition**. You can eliminate license key management and the deployment of Enterprise edition images.|
+|**[Windows Autopatch][WIN-6]**|Cloud service that puts Microsoft in control of automating updates to Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams.|
+|**[Windows Update For Business deployment service][WIN-7]**|This cloud service gives you the control over the approval, scheduling, and safeguarding of quality, feature upgrades, and driver updates delivered from Windows Update.|
+|**[Universal Print][UP-1]**|Removes the need for on-premises print servers and enables any endpoint to print to cloud registered printers.|
+|**[Microsoft Connected Cache][WIN-8]**|A software solution that caches app and OS updates on the local network to save Internet bandwidth in locations with limited connectivity.|
+|**[Endpoint analytics proactive remediation][MEM-1]**|Helps you fix common support issues before end-users notice them.|
+|**[Organizational messages][MEM-2]**|Keeps employees informed with organizational messages directly inserted in Windows UI surfaces.|
 
 #### Windows 11 Enterprise licensing use rights
 
@@ -95,17 +95,17 @@ The following table describes the Windows Enterprise licensing use rights:
 
 |Licensing use rights|Description|
 |-|-|
-|**[Five Windows instances per licensed user](https://www.microsoft.com/licensing/terms/productoffering/WindowsDesktopOperatingSystem/EAEAS)**|Allows your employees to simultaneously use a Windows laptop, a cloud PC and a specialized device with Windows LTSC, and more.|
-|**[36 months (3 years) support on annual feature releases](/windows/release-health/supported-versions-windows-client#enterprise-and-iot-enterprise-ltsbltsc-editions)**|Get extra time to deploy feature releases.|
-|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access](/azure/virtual-desktop/prerequisites#operating-systems-and-licenses)**|Empower flexible work styles and smarter work with the included virtualization access rights. Includes FSLogix for a consistent experience of
+|**[Five Windows instances per licensed user][EXT-1]**|Allows your employees to simultaneously use a Windows laptop, a cloud PC and a specialized device with Windows LTSC, and more.|
+|**[36 months (3 years) support on annual feature releases][WIN-9]**|Get extra time to deploy feature releases.|
+|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access][AZ-1]**|Empower flexible work styles and smarter work with the included virtualization access rights. Includes FSLogix for a consistent experience of
 Windows user profiles in virtual desktop environments.|
-|**[Windows release health in the Microsoft 365 admin center](https://aka.ms/WindowsReleaseHealthinM365)**|Gives you essential information about monthly quality and feature updates in the Microsoft 365 admin center.|
-|**[Windows feature update device readiness report](/mem/intune/protect/windows-update-compatibility-reports)**|Provides per-device information about compatibility risks that are associated with an upgrade or update to a chosen version of Windows.|
-|**[Windows feature update compatibility risks reports](/mem/intune/protect/windows-update-compatibility-reports)**|Provides a summary view of the top compatibility risks, so you understand which compatibility risks impact the greatest number of devices in your organization.|
-|**[Windows LTSC Enterprise](/windows/whats-new/ltsc/)**|Intended for highly specialized devices that require limited changes due to regulations and certification|
-|**[Microsoft Desktop Optimization Pack (MDOP) ](/microsoft-desktop-optimization-pack)**|Help improve compatibility and management, reduce support costs, improve asset management, and improve policy control.|
+|**[Windows release health in the Microsoft 365 admin center][EXT-2]**|Gives you essential information about monthly quality and feature updates in the Microsoft 365 admin center.|
+|**[Windows feature update device readiness report][MEM-3]**|Provides per-device information about compatibility risks that are associated with an upgrade or update to a chosen version of Windows.|
+|**[Windows feature update compatibility risks reports][MEM-3]**|Provides a summary view of the top compatibility risks, so you understand which compatibility risks impact the greatest number of devices in your organization.|
+|**[Windows LTSC Enterprise][WIN-10]**|Intended for highly specialized devices that require limited changes due to regulations and certification|
+|**[Microsoft Desktop Optimization Pack (MDOP) ][MDOP-1]**|Help improve compatibility and management, reduce support costs, improve asset management, and improve policy control.|
 
-Learn more about [Windows 11 Enterprise E3](https://windows.com/enterprise).
+Learn more about [Windows 11 Enterprise E3][EXT-3].
 
 ### Windows 11 Enterprise E5
 
@@ -141,42 +141,42 @@ The following table lists the Windows 11 Enterprise features and their Windows e
 
 | OS-based feature |Windows Pro|Windows Enterprise|
 |-|-|-|
-|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Microsoft Edge](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|Yes|Yes|
-|**[Modern BitLocker Management](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|
-|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|
-|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|Yes|Yes|
-|**[Always On VPN](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|Yes|Yes|
-|**[Windows Experience customization](/windows/client-management/mdm/policy-csp-experience)**|❌|Yes|
+|**[Windows Defender Credential Guard][WIN-1]**|❌|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Microsoft Edge][EDGE-1]**|Yes|Yes|
+|**[Modern BitLocker Management][WIN-2]**|Yes|Yes|
+|**[Personal data encryption (PDE)][WIN-3]**|❌|Yes|
+|**[Direct Access][WINS-1]**|Yes|Yes|
+|**[Always On VPN][WINS-2]**|Yes|Yes|
+|**[Windows Experience customization][WIN-4]**|❌|Yes|
 
 The following table lists the Windows 11 Enterprise cloud-based features and their Windows edition requirements:
 
 | Cloud-based feature |Windows Pro|Windows Enterprise|
 |-|-|-|
-|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**|Yes|Yes|
-|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|Yes|Yes|
-|**[Windows Update For Business deployment service](/windows/deployment/update/deployment-service-overview)**|Yes|Yes|
-|**[Universal Print](/universal-print/)**|Yes|Yes|
-|**[Microsoft Connected Cache](/windows/deployment/do/waas-microsoft-connected-cache)**|Yes|Yes|
-|**[Endpoint analytics proactive remediation](/mem/analytics/overview)**|Yes|Yes|
-|**[Organizational messages](/mem/intune/remote-actions/organizational-messages-overview)**|❌|Yes|
+|**[Windows subscription activation][WIN-5]**|Yes|Yes|
+|**[Windows Autopatch][WIN-6]**|Yes|Yes|
+|**[Windows Update For Business deployment service][WIN-7]**|Yes|Yes|
+|**[Universal Print][UP-1]**|Yes|Yes|
+|**[Microsoft Connected Cache][WIN-8]**|Yes|Yes|
+|**[Endpoint analytics proactive remediation][MEM-1]**|Yes|Yes|
+|**[Organizational messages][MEM-2]**|❌|Yes|
 
 The following table lists the Windows 11 Enterprise E3 licensing use rights and their Windows edition requirements:
 
 |Licensing use rights|Windows Pro|Windows Enterprise|
 |-|-|-|
-|**[Five Windows instances per licensed user](https://www.microsoft.com/licensing/terms/productoffering/WindowsDesktopOperatingSystem/EAEAS)**|n/a|n/a|
-|**[36 months (3 years) support on annual feature releases](/windows/release-health/supported-versions-windows-client#enterprise-and-iot-enterprise-ltsbltsc-editions)**|❌|Yes|
-|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access](/azure/virtual-desktop/prerequisites#operating-systems-and-licenses)**|n/a|n/a|
-|**[Windows release health in the Microsoft 365 admin center](https://aka.ms/WindowsReleaseHealthinM365)**|n/a|n/a|
-|**[Windows feature update device readiness report](/mem/intune/protect/windows-update-compatibility-reports)**|Yes|Yes|
-|**[Windows feature update compatibility risks reports](/mem/intune/protect/windows-update-compatibility-reports)**|Yes|Yes|
-|**[Windows LTSC Enterprise](/windows/whats-new/ltsc/)**|n/a|n/a|
-|**[Microsoft Desktop Optimization Pack (MDOP) ](/microsoft-desktop-optimization-pack)**|Yes|Yes|
+|**[Five Windows instances per licensed user][EXT-1]**|n/a|n/a|
+|**[36 months (3 years) support on annual feature releases][WIN-9]**|❌|Yes|
+|**[Azure Virtual Desktop, Windows 365 Enterprise and Virtual Desktop Access][AZ-1]**|n/a|n/a|
+|**[Windows release health in the Microsoft 365 admin center][EXT-2]**|n/a|n/a|
+|**[Windows feature update device readiness report][MEM-3]**|Yes|Yes|
+|**[Windows feature update compatibility risks reports][MEM-3]**|Yes|Yes|
+|**[Windows LTSC Enterprise][WIN-10]**|n/a|n/a|
+|**[Microsoft Desktop Optimization Pack (MDOP)][MDOP-1]**|Yes|Yes|
 
 ## Next steps
 
-To learn more about Windows 11 Enterprise E3 and E5 licensing, download the [Windows 11 licensing guide](https://aka.ms/WindowsLicensingGuide). The guide provides additional information to complement the information in this article, including:
+To learn more about Windows 11 Enterprise E3 and E5 licensing, download the [Windows 11 licensing guide][EXT-6]. The guide provides additional information to complement the information in this article, including:
 
 - Description of qualifying operating systems
 - Availability of Windows desktop operating system products in licensing programs
@@ -184,3 +184,29 @@ To learn more about Windows 11 Enterprise E3 and E5 licensing, download the [Win
 - Windows 11 downgrade rights
 - Volume license activation methods
 - How to acquire licenses through Commercial Licensing
+
+[AZ-1]: /azure/virtual-desktop/prerequisites#operating-systems-and-licenses
+[EDGE-1]: /deployedge/microsoft-edge-security-windows-defender-application-guard
+[EXT-1]: https://www.microsoft.com/licensing/terms/productoffering/WindowsDesktopOperatingSystem/EAEAS
+[EXT-2]: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-release-health-now-available-in-the-microsoft-365-admin/ba-p/2235908
+[EXT-3]: https://windows.com/enterprise
+[EXT-4]: https://www.microsoft.com/licensing/product-licensing/products.aspx
+[EXT-5]: https://www.microsoft.com/licensing
+[EXT-6]: https://aka.ms/WindowsLicensingGuide
+[MDOP-1]: /microsoft-desktop-optimization-pack
+[MEM-1]: /mem/analytics/proactive-remediations
+[MEM-2]: /mem/intune/remote-actions/organizational-messages-overview
+[MEM-3]: /mem/intune/protect/windows-update-compatibility-reports
+[UP-1]: /universal-print/
+[WIN-1]: /windows/security/identity-protection/credential-guard/credential-guard
+[WIN-2]: /windows/security/information-protection/bitlocker/bitlocker-overview
+[WIN-3]: /windows/security/information-protection/personal-data-encryption/overview-pde
+[WIN-4]: /windows/client-management/mdm/policy-csp-experience
+[WIN-5]: /windows/deployment/windows-10-subscription-activation
+[WIN-6]: /windows/deployment/windows-autopatch
+[WIN-7]: /windows/deployment/update/deployment-service-overview
+[WIN-8]: /windows/deployment/do/waas-microsoft-connected-cache
+[WIN-9]: /windows/release-health/supported-versions-windows-client#enterprise-and-iot-enterprise-ltsbltsc-editions
+[WIN-10]: /windows/whats-new/ltsc/
+[WINS-1]: /windows-server/remote/remote-access/directaccess/directaccess
+[WINS-2]: /windows-server/remote/remote-access/vpn/always-on-vpn/

From 1bdd74ccc0f54c6dbd765ceaea3c0b29152758c9 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 4 May 2023 11:02:24 -0400
Subject: [PATCH 064/107] updates

---
 .../identity-protection/remote-credential-guard.md     | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index b0e29cd0e4..c492d78079 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -20,9 +20,7 @@ Introduced in Windows 10, version 1607, Windows Defender Remote Credential Guard
 Administrator credentials are highly privileged and must be protected. By using Windows Defender Remote Credential Guard to connect during Remote Desktop sessions, if the target device is compromised, your credentials are not exposed because both credential and credential derivatives are never passed over the network to the target device.
 
 > [!IMPORTANT]
-> For information on Remote Desktop connection scenarios involving helpdesk support, see [Remote Desktop connections and helpdesk support scenarios](#helpdesk) in this article.
-
-<a id="comparing-remote-credential-guard-with-other-remote-desktop-connection-options"></a>
+> For information on Remote Desktop connection scenarios involving helpdesk support, see [Remote Desktop connections and helpdesk support scenarios](#remote-desktop-connections-and-helpdesk-support-scenarios) in this article.
 
 ## Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options
 
@@ -126,10 +124,10 @@ Beginning with Windows 10 version 1703, you can enable Windows Defender Remote C
 
      > [!NOTE]
      > Neither Windows Defender Remote Credential Guard nor Restricted Admin mode will send credentials in clear text to the Remote Desktop server.
-     > When **Restrict Credential Delegation** is enabled, the /restrictedAdmin switch will be ignored. Windows will enforce the policy configuration instead and will use Windows Defender Remote Credential Guard. 
+     > When **Restrict Credential Delegation** is enabled, the /restrictedAdmin switch will be ignored. Windows will enforce the policy configuration instead and will use Windows Defender Remote Credential Guard.
 
-  - If you want to require Windows Defender Remote Credential Guard, choose **Require Remote Credential Guard**. With this setting, a Remote Desktop connection will succeed only if the remote computer meets the [requirements](#reqs) listed earlier in this topic.
-  - If you  want to require Restricted Admin mode, choose **Require Restricted Admin**. For information about Restricted Admin mode, see the table in [Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options](#comparing-remote-credential-guard-with-other-remote-desktop-connection-options), earlier in this topic.
+  - If you want to require Windows Defender Remote Credential Guard, choose **Require Remote Credential Guard**. With this setting, a Remote Desktop connection will succeed only if the remote computer meets the [requirements](#remote-credential-guard-requirements) listed earlier in this topic.
+  - If you  want to require Restricted Admin mode, choose **Require Restricted Admin**. For information about Restricted Admin mode, see the table in  [Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options](#comparing-windows-defender-remote-credential-guard-with-other-remote-desktop-connection-options), earlier in this topic.
 
 1. Click **OK**
 1. Close the Group Policy Management Console

From 4c12435368ca5875d6c8e296019f5484afecab50 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 4 May 2023 14:51:07 -0400
Subject: [PATCH 065/107] update intro articles

---
 .../licensing/36-months-support-period.md     |  22 +++
 includes/licensing/_edition-requirements.md   |  19 ++-
 includes/licensing/_licensing-requirements.md | 157 ++++++++++--------
 .../licensing/access-control-aclsscals.md     |   4 +-
 includes/licensing/account-lockout-policy.md  |   4 +-
 .../licensing/always-on-vpn-device-tunnel.md  |   4 +-
 includes/licensing/applocker.md               |  22 +++
 .../licensing/assigned-access-kiosk-mode.md   |   4 +-
 .../licensing/attack-surface-reduction-asr.md |   4 +-
 ...d-azure-ad-join-with-single-sign-on-sso.md |   4 +-
 includes/licensing/bitlocker.md               |   4 +-
 ...tooth-pairing-and-connection-protection.md |   4 +-
 .../common-criteria-certifications.md         |   4 +-
 .../licensing/controlled-folder-access.md     |   4 +-
 .../device-health-attestation-service.md      |   4 +-
 ...pdate-compatibility-reports-with-intune.md |  22 +++
 includes/licensing/direct-access.md           |   4 +-
 includes/licensing/email-encryption-smime.md  |   4 +-
 includes/licensing/encrypted-hard-drive.md    |   4 +-
 includes/licensing/endpoint-analytics.md      |  22 +++
 ...ed-phishing-protection-with-smartscreen.md |   4 +-
 includes/licensing/exploit-protection.md      |   4 +-
 ...fast-identity-online-fido2-security-key.md |   4 +-
 ...processing-standard-fips-140-validation.md |   4 +-
 includes/licensing/federated-sign-in.md       |   6 +-
 .../hardware-enforced-stack-protection.md     |   4 +-
 ...ypervisor-protected-code-integrity-hvci.md |   4 +-
 ...nel-direct-memory-access-dma-protection.md |   4 +-
 ...local-security-authority-lsa-protection.md |   4 +-
 ...-device-management-mdm-and-group-policy.md |   4 +-
 includes/licensing/measured-boot.md           |   4 +-
 .../microsoft-connected-cache-mcc.md          |  22 +++
 .../licensing/microsoft-defender-antivirus.md |   4 +-
 ...pplication-guard-mdag-configure-via-mdm.md |   4 +-
 ...terprise-mode-and-enterprise-management.md |   4 +-
 ...ion-guard-mdag-for-edge-standalone-mode.md |   4 +-
 ...ication-guard-mdag-for-microsoft-office.md |   4 +-
 ...nder-application-guard-mdag-public-apis.md |   4 +-
 .../microsoft-defender-for-endpoint.md        |   4 +-
 .../microsoft-defender-smartscreen.md         |   4 +-
 ...icrosoft-desktop-optimization-pack-mdop.md |  22 +++
 .../microsoft-pluton-security-processor.md    |   4 +-
 .../microsoft-vulnerable-driver-blocklist.md  |   4 +-
 .../opportunistic-wireless-encryption-owe.md  |   4 +-
 .../organizational-messages-with-intune.md    |  22 +++
 .../licensing/personal-data-encryption-pde.md |   4 +-
 includes/licensing/privacy-resource-usage.md  |   4 +-
 .../privacy-transparency-and-controls.md      |   4 +-
 includes/licensing/remote-wipe.md             |   4 +-
 .../licensing/secure-boot-and-trusted-boot.md |   4 +-
 .../secured-core-configuration-lock.md        |   4 +-
 includes/licensing/secured-core-pc.md         |   4 +-
 includes/licensing/security-baselines.md      |   4 +-
 .../server-message-block-direct-smb-direct.md |   4 +-
 .../server-message-block-smb-file-service.md  |   4 +-
 includes/licensing/smart-app-control.md       |   4 +-
 .../smart-cards-for-windows-service.md        |   4 +-
 includes/licensing/start-menu-and-taskbar.md  |  22 +++
 .../tamper-protection-settings-for-mde.md     |   4 +-
 .../licensing/transport-layer-security-tls.md |   4 +-
 .../trusted-platform-module-tpm-20.md         |   4 +-
 includes/licensing/universal-print.md         |   4 +-
 .../licensing/user-account-control-uac.md     |   4 +-
 .../licensing/virtual-private-network-vpn.md  |   4 +-
 .../virtualization-based-security-vbs.md      |   4 +-
 .../virtualization-rights-vda-avd-and-w365.md |  22 +++
 includes/licensing/wifi-security.md           |   4 +-
 includes/licensing/windows-autopatch.md       |   4 +-
 includes/licensing/windows-autopilot.md       |   4 +-
 includes/licensing/windows-containers.md      |   4 +-
 ...ndows-defender-application-control-wdac.md |   4 +-
 .../windows-defender-credential-guard.md      |   4 +-
 ...indows-defender-remote-credential-guard.md |   4 +-
 .../windows-defender-system-guard.md          |   4 +-
 ...eature-and-expedite-updates-with-intune.md |  22 +++
 includes/licensing/windows-firewall.md        |   4 +-
 ...-business-enhanced-security-sign-in-ess.md |   4 +-
 .../licensing/windows-hello-for-business.md   |   4 +-
 includes/licensing/windows-laps.md            |   4 +-
 .../licensing/windows-presence-sensing.md     |   4 +-
 includes/licensing/windows-sandbox.md         |   4 +-
 ...s-security-policy-settings-and-auditing.md |   4 +-
 .../windows-subscription-activation.md        |  22 +++
 ...-update-for-business-deployment-service.md |  22 +++
 .../licensing/windows-update-for-business.md  |  22 +++
 windows/security/TOC.yml                      |   4 +-
 windows/security/introduction/index.md        |  41 +++--
 .../security-features-edition-requirements.md |  15 +-
 ...ecurity-features-licensing-requirements.md |  14 +-
 89 files changed, 570 insertions(+), 248 deletions(-)
 create mode 100644 includes/licensing/36-months-support-period.md
 create mode 100644 includes/licensing/applocker.md
 create mode 100644 includes/licensing/device-readiness-and-update-compatibility-reports-with-intune.md
 create mode 100644 includes/licensing/endpoint-analytics.md
 create mode 100644 includes/licensing/microsoft-connected-cache-mcc.md
 create mode 100644 includes/licensing/microsoft-desktop-optimization-pack-mdop.md
 create mode 100644 includes/licensing/organizational-messages-with-intune.md
 create mode 100644 includes/licensing/start-menu-and-taskbar.md
 create mode 100644 includes/licensing/virtualization-rights-vda-avd-and-w365.md
 create mode 100644 includes/licensing/windows-feature-and-expedite-updates-with-intune.md
 create mode 100644 includes/licensing/windows-subscription-activation.md
 create mode 100644 includes/licensing/windows-update-for-business-deployment-service.md
 create mode 100644 includes/licensing/windows-update-for-business.md

diff --git a/includes/licensing/36-months-support-period.md b/includes/licensing/36-months-support-period.md
new file mode 100644
index 0000000000..4208a1cc6c
--- /dev/null
+++ b/includes/licensing/36-months-support-period.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support 36 months support period:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+36 months support period license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+||Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md
index ba1ba8a093..2471a1b7f5 100644
--- a/includes/licensing/_edition-requirements.md
+++ b/includes/licensing/_edition-requirements.md
@@ -1,17 +1,17 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
-The following table lists the security features that are available in Windows, and the Windows editions that support them:
-
 | Feature name | Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education |
 |:---|:---:|:---:|:---:|:---:|
+|**[36 months support period](/lifecycle/products/windows-11-enterprise-and-education)**|❌|Yes|❌|Yes|
 |**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|
 |**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|❌|Yes|
+|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|Yes|Yes|Yes|Yes|
 |**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|
 |**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|
 |**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|
@@ -20,9 +20,11 @@ The following table lists the security features that are available in Windows, a
 |**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|
 |**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|
 |**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|
+|**[Device readiness and update compatibility reports with Intune](/mem/intune/protect/windows-update-compatibility-reports)**|Yes|Yes|Yes|Yes|
 |**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|❌|Yes|
 |**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|
 |**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|
+|**[Endpoint Analytics](/mem/analytics/overview)**|Yes|Yes|Yes|Yes|
 |**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|
 |**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|
 |**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes|
@@ -32,8 +34,9 @@ The following table lists the security features that are available in Windows, a
 |**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|
 |**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|
 |**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|
-|**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|
+|**[Manage by Mobile Device Management (MDM) and group policy](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|
 |**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Connected Cache (MCC)](/windows/deployment/do/mcc-enterprise-prerequisites)**|❌|❌|❌|❌|
 |**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|❌|Yes|
 |**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|❌|Yes|
@@ -42,9 +45,11 @@ The following table lists the security features that are available in Windows, a
 |**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|❌|Yes|
 |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Desktop Optimization Pack (MDOP)](/microsoft-desktop-optimization-pack)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|
 |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|
+|**[Organizational messages with Intune](/mem/intune/remote-actions/organizational-messages-overview)**|❌|Yes|❌|Yes|
 |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes|
 |**Privacy Resource Usage**|Yes|Yes|Yes|Yes|
 |**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|
@@ -57,12 +62,14 @@ The following table lists the security features that are available in Windows, a
 |**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|
 |**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
 |**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|
+|**Start menu and taskbar**|Yes|Yes|Yes|Yes|
 |**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|
 |**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|
 |**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|
 |**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes|
 |**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|
 |**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|
+|**[Virtualization rights (VDA, AVD and W365)](/azure/virtual-desktop/prerequisites%23operating-systems-and-licenses)**|❌|Yes|❌|Yes|
 |**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|
 |**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|
 |**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|❌|Yes|
@@ -72,6 +79,7 @@ The following table lists the security features that are available in Windows, a
 |**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|❌|Yes|
 |**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|
 |**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|
+|**[Windows feature and expedite updates with Intune](/mem/intune/protect/windows-10-feature-updates)**|Yes|Yes|Yes|Yes|
 |**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|
@@ -79,3 +87,6 @@ The following table lists the security features that are available in Windows, a
 |**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|
 |**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|
 |**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|
+|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**|Yes|Yes|Yes|Yes|
+|**[Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb)**|Yes|Yes|Yes|Yes|
+|**[Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview)**|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md
index afa913f660..6035077e87 100644
--- a/includes/licensing/_licensing-requirements.md
+++ b/includes/licensing/_licensing-requirements.md
@@ -1,81 +1,92 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
-The following table lists the security features that are available in Windows, and the licensing requirements to use them:
-
 |Feature name|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---|:---:|:---:|:---:|:---:|:---:|
-|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
-|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes|
-|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|Yes|Yes|Yes|
-|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes|
-|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes|
-|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes|
-|**[BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|Yes|
-|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|Yes|
-|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|Yes|
-|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|Yes|
-|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|Yes|Yes|Yes|
-|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|Yes|
-|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|Yes|
-|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|Yes|
-|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes|
-|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes|Yes|
-|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes|
-|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|❌|Yes|Yes|
-|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes|
-|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|Yes|
-|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes|
-|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|Yes|
-|**[Manage by Mobile Device Management (MDM) and group policy](/windows/client-management/mdm/mdm-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|❌|❌|❌|❌|
-|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes|
-|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|❌|❌|Yes|❌|Yes|
-|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes|
-|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes|
-|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes|
-|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes|
-|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|Yes|
-|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes|
-|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|Yes|
-|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|Yes|
-|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes|
-|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|Yes|
-|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|Yes|
-|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
-|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|Yes|
-|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes|
-|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Universal Print](/universal-print/)**|❌|Yes|Yes|Yes|Yes|
-|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes|
-|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes|
-|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|❌|
-|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|Yes|Yes|Yes|
-|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes|
+|**[36 months support period](/lifecycle/products/windows-11-enterprise-and-education)**||Yes|Yes|Yes|Yes|
+|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**||Yes|Yes|Yes|Yes|
+|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**||Yes|Yes|Yes|Yes|
+|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**||Yes|Yes|Yes|Yes|
+|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**||Yes|Yes|Yes|Yes|
+|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**||Yes|Yes|Yes|Yes|
+|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**||Yes|Yes|Yes|Yes|
+|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**||Yes|Yes|Yes|Yes|
+|**[BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview)**||Yes|Yes|Yes|Yes|
+|**Bluetooth pairing and connection protection**||Yes|Yes|Yes|Yes|
+|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**||Yes|Yes|Yes|Yes|
+|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**||Yes|Yes|Yes|Yes|
+|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**||Yes|Yes|Yes|Yes|
+|**[Device readiness and update compatibility reports with Intune](/mem/intune/protect/windows-update-compatibility-reports)**||Yes|Yes|Yes|Yes|
+|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**||Yes|Yes|Yes|Yes|
+|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**||Yes|Yes|Yes|Yes|
+|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**||Yes|Yes|Yes|Yes|
+|**[Endpoint Analytics](/mem/analytics/overview)**||Yes|Yes|Yes|Yes|
+|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**||Yes|Yes|Yes|Yes|
+|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**||Yes|Yes|Yes|Yes|
+|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**||Yes|Yes|Yes|Yes|
+|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**||Yes|Yes|Yes|Yes|
+|**[Federated sign-in](/education/windows/federated-sign-in)**||❌|❌|Yes|Yes|
+|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**||Yes|Yes|Yes|Yes|
+|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**||Yes|Yes|Yes|Yes|
+|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**||Yes|Yes|Yes|Yes|
+|**Local Security Authority (LSA) Protection**||Yes|Yes|Yes|Yes|
+|**[Manage by Mobile Device Management (MDM) and group policy](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**||Yes|Yes|Yes|Yes|
+|**[Measured boot](/windows/compatibility/measured-boot)**||Yes|Yes|Yes|Yes|
+|**[Microsoft Connected Cache (MCC)](/windows/deployment/do/mcc-enterprise-prerequisites)**||❌|❌|❌|❌|
+|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**||Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**||Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**||Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**||Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**||❌|❌|❌|❌|
+|**Microsoft Defender Application Guard (MDAG) public APIs**||Yes|Yes|Yes|Yes|
+|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**||❌|Yes|❌|Yes|
+|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**||Yes|Yes|Yes|Yes|
+|**[Microsoft Desktop Optimization Pack (MDOP)](/microsoft-desktop-optimization-pack)**||Yes|Yes|Yes|Yes|
+|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**||Yes|Yes|Yes|Yes|
+|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**||Yes|Yes|Yes|Yes|
+|**Opportunistic Wireless Encryption (OWE)**||Yes|Yes|Yes|Yes|
+|**[Organizational messages with Intune](/mem/intune/remote-actions/organizational-messages-overview)**||Yes|Yes|Yes|Yes|
+|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**||Yes|Yes|Yes|Yes|
+|**Privacy Resource Usage**||Yes|Yes|Yes|Yes|
+|**Privacy Transparency and Controls**||Yes|Yes|Yes|Yes|
+|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**||Yes|Yes|Yes|Yes|
+|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**||Yes|Yes|Yes|Yes|
+|**[Secured-core configuration lock](/windows/client-management/config-lock)**||Yes|Yes|Yes|Yes|
+|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**||Yes|Yes|Yes|Yes|
+|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**||Yes|Yes|Yes|Yes|
+|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**||Yes|Yes|Yes|Yes|
+|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**||Yes|Yes|Yes|Yes|
+|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**||Yes|Yes|Yes|Yes|
+|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**||Yes|Yes|Yes|Yes|
+|**Start menu and taskbar**||Yes|Yes|Yes|Yes|
+|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**||Yes|Yes|Yes|Yes|
+|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**||Yes|Yes|Yes|Yes|
+|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**||Yes|Yes|Yes|Yes|
+|**[Universal Print](/universal-print/)**||Yes|Yes|Yes|Yes|
+|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**||Yes|Yes|Yes|Yes|
+|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**||Yes|Yes|Yes|Yes|
+|**[Virtualization rights (VDA, AVD and W365)](/azure/virtual-desktop/prerequisites%23operating-systems-and-licenses)**||Yes|Yes|Yes|Yes|
+|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**||Yes|Yes|Yes|Yes|
+|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**||Yes|Yes|Yes|Yes|
+|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**||Yes|Yes|❌|❌|
+|**[Windows Autopilot](/windows/deployment/windows-autopilot)**||Yes|Yes|Yes|Yes|
+|**[Windows containers](/virtualization/windowscontainers/about/)**||Yes|Yes|Yes|Yes|
+|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**||Yes|Yes|Yes|Yes|
+|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**||Yes|Yes|Yes|Yes|
+|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**||Yes|Yes|Yes|Yes|
+|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**||Yes|Yes|Yes|Yes|
+|**[Windows feature and expedite updates with Intune](/mem/intune/protect/windows-10-feature-updates)**||Yes|Yes|Yes|Yes|
+|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**||Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**||Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**||Yes|Yes|Yes|Yes|
+|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**||Yes|Yes|Yes|Yes|
+|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**||Yes|Yes|Yes|Yes|
+|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**||Yes|Yes|Yes|Yes|
+|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**||Yes|Yes|Yes|Yes|
+|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**||Yes|Yes|Yes|Yes|
+|**[Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb)**||Yes|Yes|Yes|Yes|
+|**[Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview)**||Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/access-control-aclsscals.md b/includes/licensing/access-control-aclsscals.md
index fee9b83dd3..f339bd84c4 100644
--- a/includes/licensing/access-control-aclsscals.md
+++ b/includes/licensing/access-control-aclsscals.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Access Control (ACLs/SCALS) license entitlements are granted by the following li
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/account-lockout-policy.md b/includes/licensing/account-lockout-policy.md
index 31328de6f2..c7bb6241a7 100644
--- a/includes/licensing/account-lockout-policy.md
+++ b/includes/licensing/account-lockout-policy.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Account Lockout Policy license entitlements are granted by the following license
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/always-on-vpn-device-tunnel.md b/includes/licensing/always-on-vpn-device-tunnel.md
index 5b43ce08c3..a379e7ad79 100644
--- a/includes/licensing/always-on-vpn-device-tunnel.md
+++ b/includes/licensing/always-on-vpn-device-tunnel.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Always On VPN (device tunnel) license entitlements are granted by the following
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/applocker.md b/includes/licensing/applocker.md
new file mode 100644
index 0000000000..69bd446158
--- /dev/null
+++ b/includes/licensing/applocker.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support AppLocker:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+AppLocker license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+||Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/assigned-access-kiosk-mode.md b/includes/licensing/assigned-access-kiosk-mode.md
index bfc00c4cc6..aba7ff37fe 100644
--- a/includes/licensing/assigned-access-kiosk-mode.md
+++ b/includes/licensing/assigned-access-kiosk-mode.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Assigned Access (kiosk mode) license entitlements are granted by the following l
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/attack-surface-reduction-asr.md b/includes/licensing/attack-surface-reduction-asr.md
index e2c046e4dd..f3213322c4 100644
--- a/includes/licensing/attack-surface-reduction-asr.md
+++ b/includes/licensing/attack-surface-reduction-asr.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Attack surface reduction (ASR) license entitlements are granted by the following
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
index 87edf7eca7..f2d9aa6ebf 100644
--- a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
+++ b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Azure AD join, Active Directory domain join, and Hybrid Azure AD join with singl
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/bitlocker.md b/includes/licensing/bitlocker.md
index 38e2b82e71..cc4b2e43bf 100644
--- a/includes/licensing/bitlocker.md
+++ b/includes/licensing/bitlocker.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ BitLocker license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/bluetooth-pairing-and-connection-protection.md b/includes/licensing/bluetooth-pairing-and-connection-protection.md
index 616dd12ead..34d7ec09fb 100644
--- a/includes/licensing/bluetooth-pairing-and-connection-protection.md
+++ b/includes/licensing/bluetooth-pairing-and-connection-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Bluetooth pairing and connection protection license entitlements are granted by
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/common-criteria-certifications.md b/includes/licensing/common-criteria-certifications.md
index 53c559c7d6..024213280f 100644
--- a/includes/licensing/common-criteria-certifications.md
+++ b/includes/licensing/common-criteria-certifications.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Common Criteria certifications license entitlements are granted by the following
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/controlled-folder-access.md b/includes/licensing/controlled-folder-access.md
index 936de372ba..8897700279 100644
--- a/includes/licensing/controlled-folder-access.md
+++ b/includes/licensing/controlled-folder-access.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Controlled folder access license entitlements are granted by the following licen
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/device-health-attestation-service.md b/includes/licensing/device-health-attestation-service.md
index cf90b200ad..4eeedc00df 100644
--- a/includes/licensing/device-health-attestation-service.md
+++ b/includes/licensing/device-health-attestation-service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Device health attestation service license entitlements are granted by the follow
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/device-readiness-and-update-compatibility-reports-with-intune.md b/includes/licensing/device-readiness-and-update-compatibility-reports-with-intune.md
new file mode 100644
index 0000000000..83dad5c4f9
--- /dev/null
+++ b/includes/licensing/device-readiness-and-update-compatibility-reports-with-intune.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Device readiness and update compatibility reports with Intune:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Device readiness and update compatibility reports with Intune license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+||Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/direct-access.md b/includes/licensing/direct-access.md
index d51c6033ed..bd55346388 100644
--- a/includes/licensing/direct-access.md
+++ b/includes/licensing/direct-access.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Direct Access license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/email-encryption-smime.md b/includes/licensing/email-encryption-smime.md
index 14711602db..dc22baf095 100644
--- a/includes/licensing/email-encryption-smime.md
+++ b/includes/licensing/email-encryption-smime.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Email Encryption (S/MIME) license entitlements are granted by the following lice
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/encrypted-hard-drive.md b/includes/licensing/encrypted-hard-drive.md
index f88b491816..c9860962a4 100644
--- a/includes/licensing/encrypted-hard-drive.md
+++ b/includes/licensing/encrypted-hard-drive.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Encrypted hard drive license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/endpoint-analytics.md b/includes/licensing/endpoint-analytics.md
new file mode 100644
index 0000000000..497d3030d9
--- /dev/null
+++ b/includes/licensing/endpoint-analytics.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Endpoint Analytics:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Endpoint Analytics license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+||Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
index a06a3d4d8a..90585b908b 100644
--- a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
+++ b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Enhanced phishing protection with SmartScreen license entitlements are granted b
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/exploit-protection.md b/includes/licensing/exploit-protection.md
index b5ace06b04..194f986b4f 100644
--- a/includes/licensing/exploit-protection.md
+++ b/includes/licensing/exploit-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Exploit protection license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/fast-identity-online-fido2-security-key.md b/includes/licensing/fast-identity-online-fido2-security-key.md
index 6376058af8..5a3e06df91 100644
--- a/includes/licensing/fast-identity-online-fido2-security-key.md
+++ b/includes/licensing/fast-identity-online-fido2-security-key.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Fast Identity Online (FIDO2) security key license entitlements are granted by th
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/federal-information-processing-standard-fips-140-validation.md b/includes/licensing/federal-information-processing-standard-fips-140-validation.md
index cba61d9588..40e47fb3c8 100644
--- a/includes/licensing/federal-information-processing-standard-fips-140-validation.md
+++ b/includes/licensing/federal-information-processing-standard-fips-140-validation.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Federal Information Processing Standard (FIPS) 140 validation license entitlemen
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md
index 7fbe9537a2..7ee5966b53 100644
--- a/includes/licensing/federated-sign-in.md
+++ b/includes/licensing/federated-sign-in.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -15,8 +15,8 @@ The following table lists the Windows editions that support Federated sign-in:
 
 Federated sign-in license entitlements are granted by the following licenses:
 
-|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|No|No|Yes|Yes|
+||No|No|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/hardware-enforced-stack-protection.md b/includes/licensing/hardware-enforced-stack-protection.md
index 289501a6a5..a51f0a3c14 100644
--- a/includes/licensing/hardware-enforced-stack-protection.md
+++ b/includes/licensing/hardware-enforced-stack-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Hardware-enforced stack protection license entitlements are granted by the follo
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/hypervisor-protected-code-integrity-hvci.md b/includes/licensing/hypervisor-protected-code-integrity-hvci.md
index ba0cf1484b..1026304f72 100644
--- a/includes/licensing/hypervisor-protected-code-integrity-hvci.md
+++ b/includes/licensing/hypervisor-protected-code-integrity-hvci.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Hypervisor-protected Code Integrity (HVCI) license entitlements are granted by t
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/kernel-direct-memory-access-dma-protection.md b/includes/licensing/kernel-direct-memory-access-dma-protection.md
index a171311457..e274721eba 100644
--- a/includes/licensing/kernel-direct-memory-access-dma-protection.md
+++ b/includes/licensing/kernel-direct-memory-access-dma-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Kernel Direct Memory Access (DMA) protection license entitlements are granted by
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/local-security-authority-lsa-protection.md b/includes/licensing/local-security-authority-lsa-protection.md
index ac5cd05741..52bc417812 100644
--- a/includes/licensing/local-security-authority-lsa-protection.md
+++ b/includes/licensing/local-security-authority-lsa-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Local Security Authority (LSA) Protection license entitlements are granted by th
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
index b852cf0a2a..39e45deb89 100644
--- a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
+++ b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Manage by Mobile Device Management (MDM) and group policy license entitlements a
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/measured-boot.md b/includes/licensing/measured-boot.md
index 95c9ef12a9..b52c825259 100644
--- a/includes/licensing/measured-boot.md
+++ b/includes/licensing/measured-boot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Measured boot license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-connected-cache-mcc.md b/includes/licensing/microsoft-connected-cache-mcc.md
new file mode 100644
index 0000000000..d45efe86e0
--- /dev/null
+++ b/includes/licensing/microsoft-connected-cache-mcc.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Connected Cache (MCC):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|No|No|No|
+
+Microsoft Connected Cache (MCC) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+||No|No|No|No|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-antivirus.md b/includes/licensing/microsoft-defender-antivirus.md
index 8fc1f42bb6..39b0dec8a8 100644
--- a/includes/licensing/microsoft-defender-antivirus.md
+++ b/includes/licensing/microsoft-defender-antivirus.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Microsoft Defender Antivirus license entitlements are granted by the following l
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
index fb9dae35ef..950ee7e5c7 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) configure via MDM license entitlemen
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
index 0090aef8d1..ff3b4081cf 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterpr
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
index a87ab98c51..ec4f9aa4cb 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) for Edge standalone mode license ent
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
index 8b646454f9..7fd3537173 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) for Microsoft Office license entitle
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|No|No|No|No|
+||No|No|No|No|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
index 61f06b5748..83dfb73504 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) public APIs license entitlements are
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-for-endpoint.md b/includes/licensing/microsoft-defender-for-endpoint.md
index a730169279..aa22c56bbe 100644
--- a/includes/licensing/microsoft-defender-for-endpoint.md
+++ b/includes/licensing/microsoft-defender-for-endpoint.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Microsoft Defender for Endpoint license entitlements are granted by the followin
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|No|Yes|No|Yes|
+||No|Yes|No|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-smartscreen.md b/includes/licensing/microsoft-defender-smartscreen.md
index 1f1233e529..8e39f1f189 100644
--- a/includes/licensing/microsoft-defender-smartscreen.md
+++ b/includes/licensing/microsoft-defender-smartscreen.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Microsoft Defender SmartScreen license entitlements are granted by the following
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-desktop-optimization-pack-mdop.md b/includes/licensing/microsoft-desktop-optimization-pack-mdop.md
new file mode 100644
index 0000000000..13f935839a
--- /dev/null
+++ b/includes/licensing/microsoft-desktop-optimization-pack-mdop.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Desktop Optimization Pack (MDOP):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Desktop Optimization Pack (MDOP) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+||Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-pluton-security-processor.md b/includes/licensing/microsoft-pluton-security-processor.md
index fef0a04f28..0ca863f6f4 100644
--- a/includes/licensing/microsoft-pluton-security-processor.md
+++ b/includes/licensing/microsoft-pluton-security-processor.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Microsoft Pluton security processor license entitlements are granted by the foll
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-vulnerable-driver-blocklist.md b/includes/licensing/microsoft-vulnerable-driver-blocklist.md
index 2e0d09d51c..0d12fd38dc 100644
--- a/includes/licensing/microsoft-vulnerable-driver-blocklist.md
+++ b/includes/licensing/microsoft-vulnerable-driver-blocklist.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Microsoft Vulnerable Driver Blocklist license entitlements are granted by the fo
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/opportunistic-wireless-encryption-owe.md b/includes/licensing/opportunistic-wireless-encryption-owe.md
index c2db27f073..b75f017ad3 100644
--- a/includes/licensing/opportunistic-wireless-encryption-owe.md
+++ b/includes/licensing/opportunistic-wireless-encryption-owe.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Opportunistic Wireless Encryption (OWE) license entitlements are granted by the
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/organizational-messages-with-intune.md b/includes/licensing/organizational-messages-with-intune.md
new file mode 100644
index 0000000000..b1883a1e1f
--- /dev/null
+++ b/includes/licensing/organizational-messages-with-intune.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Organizational messages with Intune:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Organizational messages with Intune license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+||Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/personal-data-encryption-pde.md b/includes/licensing/personal-data-encryption-pde.md
index e55327fa5a..c4c97923df 100644
--- a/includes/licensing/personal-data-encryption-pde.md
+++ b/includes/licensing/personal-data-encryption-pde.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Personal data encryption (PDE) license entitlements are granted by the following
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/privacy-resource-usage.md b/includes/licensing/privacy-resource-usage.md
index 2726b9940a..a80a71ce3a 100644
--- a/includes/licensing/privacy-resource-usage.md
+++ b/includes/licensing/privacy-resource-usage.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Privacy Resource Usage license entitlements are granted by the following license
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/privacy-transparency-and-controls.md b/includes/licensing/privacy-transparency-and-controls.md
index 45c5829016..621683c547 100644
--- a/includes/licensing/privacy-transparency-and-controls.md
+++ b/includes/licensing/privacy-transparency-and-controls.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Privacy Transparency and Controls license entitlements are granted by the follow
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/remote-wipe.md b/includes/licensing/remote-wipe.md
index f9f9cb9973..7bc335c922 100644
--- a/includes/licensing/remote-wipe.md
+++ b/includes/licensing/remote-wipe.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Remote wipe license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/secure-boot-and-trusted-boot.md b/includes/licensing/secure-boot-and-trusted-boot.md
index eb8e3f243b..74d7936d3b 100644
--- a/includes/licensing/secure-boot-and-trusted-boot.md
+++ b/includes/licensing/secure-boot-and-trusted-boot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Secure Boot and Trusted Boot license entitlements are granted by the following l
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/secured-core-configuration-lock.md b/includes/licensing/secured-core-configuration-lock.md
index 4fca24c0c8..642cd73671 100644
--- a/includes/licensing/secured-core-configuration-lock.md
+++ b/includes/licensing/secured-core-configuration-lock.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Secured-core configuration lock license entitlements are granted by the followin
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/secured-core-pc.md b/includes/licensing/secured-core-pc.md
index 4b939c510e..4845670fc5 100644
--- a/includes/licensing/secured-core-pc.md
+++ b/includes/licensing/secured-core-pc.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Secured-core PC license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/security-baselines.md b/includes/licensing/security-baselines.md
index eece64a0d4..9facaa08ac 100644
--- a/includes/licensing/security-baselines.md
+++ b/includes/licensing/security-baselines.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Security baselines license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/server-message-block-direct-smb-direct.md b/includes/licensing/server-message-block-direct-smb-direct.md
index 08fcde873f..47d6f0d881 100644
--- a/includes/licensing/server-message-block-direct-smb-direct.md
+++ b/includes/licensing/server-message-block-direct-smb-direct.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Server Message Block Direct (SMB Direct) license entitlements are granted by the
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/server-message-block-smb-file-service.md b/includes/licensing/server-message-block-smb-file-service.md
index badab98137..762477d727 100644
--- a/includes/licensing/server-message-block-smb-file-service.md
+++ b/includes/licensing/server-message-block-smb-file-service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Server Message Block (SMB) file service license entitlements are granted by the
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/smart-app-control.md b/includes/licensing/smart-app-control.md
index 92cf1df0fb..7dcc3b0b32 100644
--- a/includes/licensing/smart-app-control.md
+++ b/includes/licensing/smart-app-control.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Smart App Control license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/smart-cards-for-windows-service.md b/includes/licensing/smart-cards-for-windows-service.md
index e3631ecafc..29be818b02 100644
--- a/includes/licensing/smart-cards-for-windows-service.md
+++ b/includes/licensing/smart-cards-for-windows-service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Smart Cards for Windows Service license entitlements are granted by the followin
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/start-menu-and-taskbar.md b/includes/licensing/start-menu-and-taskbar.md
new file mode 100644
index 0000000000..147c942553
--- /dev/null
+++ b/includes/licensing/start-menu-and-taskbar.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Start menu and taskbar:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Start menu and taskbar license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+||Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/tamper-protection-settings-for-mde.md b/includes/licensing/tamper-protection-settings-for-mde.md
index 4a347eb0ad..b4c744071b 100644
--- a/includes/licensing/tamper-protection-settings-for-mde.md
+++ b/includes/licensing/tamper-protection-settings-for-mde.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Tamper protection settings for MDE license entitlements are granted by the follo
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/transport-layer-security-tls.md b/includes/licensing/transport-layer-security-tls.md
index 0827acbdda..8cfd78e987 100644
--- a/includes/licensing/transport-layer-security-tls.md
+++ b/includes/licensing/transport-layer-security-tls.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Transport layer security (TLS) license entitlements are granted by the following
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/trusted-platform-module-tpm-20.md b/includes/licensing/trusted-platform-module-tpm-20.md
index 507e3a42d3..37892f588b 100644
--- a/includes/licensing/trusted-platform-module-tpm-20.md
+++ b/includes/licensing/trusted-platform-module-tpm-20.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Trusted Platform Module (TPM) 2.0 license entitlements are granted by the follow
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/universal-print.md b/includes/licensing/universal-print.md
index 42112d1a59..1e2f1f7384 100644
--- a/includes/licensing/universal-print.md
+++ b/includes/licensing/universal-print.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Universal Print license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/user-account-control-uac.md b/includes/licensing/user-account-control-uac.md
index 152ee532fe..54bd71e9bd 100644
--- a/includes/licensing/user-account-control-uac.md
+++ b/includes/licensing/user-account-control-uac.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ User Account Control (UAC) license entitlements are granted by the following lic
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/virtual-private-network-vpn.md b/includes/licensing/virtual-private-network-vpn.md
index 0749a1c128..644adf2b91 100644
--- a/includes/licensing/virtual-private-network-vpn.md
+++ b/includes/licensing/virtual-private-network-vpn.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Virtual Private Network (VPN) license entitlements are granted by the following
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/virtualization-based-security-vbs.md b/includes/licensing/virtualization-based-security-vbs.md
index 65478e19ff..8b0d6a2a01 100644
--- a/includes/licensing/virtualization-based-security-vbs.md
+++ b/includes/licensing/virtualization-based-security-vbs.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Virtualization-based security (VBS) license entitlements are granted by the foll
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/virtualization-rights-vda-avd-and-w365.md b/includes/licensing/virtualization-rights-vda-avd-and-w365.md
new file mode 100644
index 0000000000..8c77bfd575
--- /dev/null
+++ b/includes/licensing/virtualization-rights-vda-avd-and-w365.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Virtualization rights (VDA, AVD and W365):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Virtualization rights (VDA, AVD and W365) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+||Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/wifi-security.md b/includes/licensing/wifi-security.md
index b48b88988a..19a752b6b6 100644
--- a/includes/licensing/wifi-security.md
+++ b/includes/licensing/wifi-security.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ WiFi Security license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-autopatch.md b/includes/licensing/windows-autopatch.md
index 40aa73aa2e..ebcfd239a8 100644
--- a/includes/licensing/windows-autopatch.md
+++ b/includes/licensing/windows-autopatch.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Windows Autopatch license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|No|No|
+||Yes|Yes|No|No|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-autopilot.md b/includes/licensing/windows-autopilot.md
index e0817f4ba8..da890b8533 100644
--- a/includes/licensing/windows-autopilot.md
+++ b/includes/licensing/windows-autopilot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Windows Autopilot license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-containers.md b/includes/licensing/windows-containers.md
index bcf079d6d5..e0e32758d0 100644
--- a/includes/licensing/windows-containers.md
+++ b/includes/licensing/windows-containers.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Windows containers license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-defender-application-control-wdac.md b/includes/licensing/windows-defender-application-control-wdac.md
index b773a00934..d86996d2bc 100644
--- a/includes/licensing/windows-defender-application-control-wdac.md
+++ b/includes/licensing/windows-defender-application-control-wdac.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Windows Defender Application Control (WDAC) license entitlements are granted by
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-defender-credential-guard.md b/includes/licensing/windows-defender-credential-guard.md
index 5acd060ced..e2af27fbf1 100644
--- a/includes/licensing/windows-defender-credential-guard.md
+++ b/includes/licensing/windows-defender-credential-guard.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Windows Defender Credential Guard license entitlements are granted by the follow
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-defender-remote-credential-guard.md b/includes/licensing/windows-defender-remote-credential-guard.md
index afdb6dbff1..e9753d8390 100644
--- a/includes/licensing/windows-defender-remote-credential-guard.md
+++ b/includes/licensing/windows-defender-remote-credential-guard.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Windows Defender Remote Credential Guard license entitlements are granted by the
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-defender-system-guard.md b/includes/licensing/windows-defender-system-guard.md
index c57688c93f..bce6a705d1 100644
--- a/includes/licensing/windows-defender-system-guard.md
+++ b/includes/licensing/windows-defender-system-guard.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Windows Defender System Guard license entitlements are granted by the following
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-feature-and-expedite-updates-with-intune.md b/includes/licensing/windows-feature-and-expedite-updates-with-intune.md
new file mode 100644
index 0000000000..1eea90833f
--- /dev/null
+++ b/includes/licensing/windows-feature-and-expedite-updates-with-intune.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows feature and expedite updates with Intune:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows feature and expedite updates with Intune license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+||Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-firewall.md b/includes/licensing/windows-firewall.md
index 4527a2042d..e806dc33b2 100644
--- a/includes/licensing/windows-firewall.md
+++ b/includes/licensing/windows-firewall.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Windows Firewall license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
index 76395b418b..344372a9d1 100644
--- a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
+++ b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Windows Hello for Business Enhanced Security Sign-in (ESS) license entitlements
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-hello-for-business.md b/includes/licensing/windows-hello-for-business.md
index 7f8dafb43e..ca1a459066 100644
--- a/includes/licensing/windows-hello-for-business.md
+++ b/includes/licensing/windows-hello-for-business.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Windows Hello for Business license entitlements are granted by the following lic
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-laps.md b/includes/licensing/windows-laps.md
index 2bc6001b15..df4788787b 100644
--- a/includes/licensing/windows-laps.md
+++ b/includes/licensing/windows-laps.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Windows LAPS license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-presence-sensing.md b/includes/licensing/windows-presence-sensing.md
index 7f941aa6ff..03a854f909 100644
--- a/includes/licensing/windows-presence-sensing.md
+++ b/includes/licensing/windows-presence-sensing.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Windows presence sensing license entitlements are granted by the following licen
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-sandbox.md b/includes/licensing/windows-sandbox.md
index bf4a39123f..2551168b7e 100644
--- a/includes/licensing/windows-sandbox.md
+++ b/includes/licensing/windows-sandbox.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Windows Sandbox license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-security-policy-settings-and-auditing.md b/includes/licensing/windows-security-policy-settings-and-auditing.md
index 7582a2d315..762f1fb6c2 100644
--- a/includes/licensing/windows-security-policy-settings-and-auditing.md
+++ b/includes/licensing/windows-security-policy-settings-and-auditing.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/02/2023
+ms.date: 05/04/2023
 ms.topic: include
 ---
 
@@ -17,6 +17,6 @@ Windows Security policy settings and auditing license entitlements are granted b
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
+||Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-subscription-activation.md b/includes/licensing/windows-subscription-activation.md
new file mode 100644
index 0000000000..3b049618a9
--- /dev/null
+++ b/includes/licensing/windows-subscription-activation.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows subscription activation:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows subscription activation license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+||Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-update-for-business-deployment-service.md b/includes/licensing/windows-update-for-business-deployment-service.md
new file mode 100644
index 0000000000..1a7d673606
--- /dev/null
+++ b/includes/licensing/windows-update-for-business-deployment-service.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Update for Business deployment service:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Update for Business deployment service license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+||Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-update-for-business.md b/includes/licensing/windows-update-for-business.md
new file mode 100644
index 0000000000..9f1b4ad742
--- /dev/null
+++ b/includes/licensing/windows-update-for-business.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Update for Business:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Update for Business license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+||Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index fb69d549ce..7803cbdd73 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -8,9 +8,9 @@
     href: zero-trust-windows-device-health.md
   - name: Windows security overview
     href: introduction/index.md
-  - name: Security features edition requirements
+  - name: Security features and edition requirements
     href: introduction/security-features-edition-requirements.md
-  - name: Security features licensing requirements
+  - name: Security features and licensing requirements
     href: introduction/security-features-licensing-requirements.md
 - name: Hardware security
   href: hardware-security/toc.yml
diff --git a/windows/security/introduction/index.md b/windows/security/introduction/index.md
index 913a477cf1..5ce4587626 100644
--- a/windows/security/introduction/index.md
+++ b/windows/security/introduction/index.md
@@ -11,47 +11,46 @@ appliesto:
 
 # Introduction to Windows security
 
-The acceleration of digital transformation and the expansion of both remote and hybrid workplaces brings new opportunities to organizations, communities, and individuals. Our work styles have transformed. And now more than ever, employees need simple, intuitive user experiences to collaborate and stay productive, wherever work happens. But the expansion of access and ability to work anywhere has also introduced new threats and risks. According to data from the Microsoft commissioned Security Signals report, 75% of security decision-makers at the vice-president level and above feel the move to hybrid work leaves their organization more vulnerable to security threats. And [Microsoft's 2022 Work Trend Index](https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/) shows "cybersecurity issues and risks" are top concerns for business decisions makers, who worry about issues like malware, stolen credentials, devices that lack security updates, and physical attacks on lost or stolen devices.
+The acceleration of digital transformation and the expansion of both remote and hybrid work brings new opportunities to organizations, communities, and individuals. This expansion introduces new threats and risks.
+
+Organizations worldwide are adopting a **zero-trust** security model based on the premise that no person or device anywhere can have access until safety and integrity is proven. Windows 11 is built on zero-trust principles to enable hybrid productivity and new experiences anywhere without compromising security. Windows 11 raises the security baselines with new requirements for advanced hardware and software protection that extends from chip to cloud.
 
 ## How Windows 11 enables zero-trust protection
 
 A zero-trust security model gives the right people the right access at the right time. Zero-trust security is based on three principles:
 
 1. Reduce risk by explicitly verifying data points such as user identity, location, and device health for every access request, without exception
-2. When verified, give people and devices access to only necessary resources for the necessary amount of time
-3. Use continuous analytics to drive threat detection and improve defenses
+1. When verified, give people and devices access to only necessary resources for the necessary amount of time
+1. Use continuous analytics to drive threat detection and improve defenses
 
-You should continue to strengthen your zero-trust posture as well. To improve threat detection and defenses, verify end-to-end encryption and use analytics to gain visibility.
+For Windows 11, the zero-trust principle of *verify explicitly* applies to risks introduced by both devices and people. Windows 11 provides chip-to-cloud security, enabling IT administrators to implement strong authorization and authentication processes with features like Windows Hello for Business. IT administrators also gain attestation and measurements for determining if a device meets requirements and can be trusted. In addition, Windows 11 works out-of-the-box with Microsoft Intune and Azure Active Directory, which enable timely and seamless access decisions. Furthermore, IT administrators can easily customize Windows to meet specific user and policy requirements for access, privacy, compliance, and more.
 
-For Windows 11, the zero-trust principle of *verify explicitly* applies to risks introduced by both devices and people. Windows 11 provides chip-to-cloud security, enabling IT administrators to implement strong authorization and authentication processes with tools such as our premier solution Windows Hello for Business. IT administrators also gain attestation and measurements for determining if a device meets requirements and can be trusted. In addition, Windows 11 works out-of-the-box with Microsoft Endpoint Manager and Azure Active Directory, so access decisions and enforcement are seamless. Plus, IT administrators can easily customize Windows 11 to meet specific user and policy requirements for access, privacy, compliance, and more.
+## Overview of Windows 11 security priorities
 
-Individual users also benefit from powerful safeguards including new standards for hardware-based security and passwordless protection that help safeguard data and privacy.
+### Security, by default
 
-## Security, by default
+Windows 11 is a natural evolution of its predecessor, Windows 10. We have collaborated with our manufacturer and silicon partners to incorporate additional hardware security measures that address the increasingly complex security threats of today. These measures not only enable the hybrid work and learning that many organizations now embrace but also help bolster our already strong foundation and resilience against attacks.
 
-Nearly 90% of security decision makers surveyed say outdated hardware leaves organizations more open to attacks and using modern hardware would help protect against future threats. Building on the innovations of Windows 10, we've worked with our manufacturer and silicon partners to provide additional hardware security capabilities to meet the evolving threat landscape and enable hybrid work and learning. The new set of hardware security requirements that comes with Windows 11 supports new ways of working with a foundation that is even stronger and more resilient to attacks.
-
-## Enhanced hardware and operating system security
+### Enhanced hardware and operating system security
 
 With hardware-based isolation security that begins at the chip, Windows 11 stores sensitive data behind additional barriers separated from the operating system. As a result, information including encryption keys and user credentials are protected from unauthorized access and tampering.
 
-In Windows 11, hardware and software work together to protect the operating system. For example, new devices come with virtualization-based security (VBS) and Secure Boot built-in and enabled by default to contain and limit malware exploits. <sup>[\[1\]](#note1)</sup>
+In Windows 11, hardware and software work together to protect the operating system. For example, new devices come with virtualization-based security (VBS) and Secure Boot built-in and enabled by default to contain and limit malware exploits.
 
-## Robust application security and privacy controls
+### Robust application security and privacy controls
 
 To help keep personal and business information protected and private, Windows 11 has multiple layers of application security that safeguard critical data and code integrity. Application isolation and controls, code integrity, privacy controls, and least-privilege principles enable developers to build in security and privacy from the ground up. This integrated security protects against breaches and malware, helps keep data private, and gives IT administrators the controls they need.
 
-In Windows 11, [Microsoft Defender Application Guard](/windows-hardware/design/device-experiences/oem-app-guard) <sup>[\[2\]](#note2)</sup> uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device's location, or access resources like camera and microphone.
+In Windows 11, [Microsoft Defender Application Guard](/windows-hardware/design/device-experiences/oem-app-guard) uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device's location, or access resources like camera and microphone.
 
-## Secured identities
+### Secured identities
 
-Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as TPM 2.0, VBS, and/or Windows Defender Credential Guard, making it harder for attackers to steal credentials from a device. And with Windows Hello, users can quickly sign in with face, fingerprint, or PIN for passwordless protection. <sup>[\[3\]](#note3)</sup>
+Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as TPM 2.0, VBS, and/or Windows Defender Credential Guard, making it harder for attackers to steal credentials from a device. With Windows Hello for Business, users can quickly sign in with face, fingerprint, or PIN for passwordless protection. Windows 11 also supports FIDO2 security keys for passwordless authentication.
 
-## Connecting to cloud services
+### Connecting to cloud services
 
-Microsoft offers comprehensive cloud services for identity, storage, and access management in addition to the tools needed to attest that Windows 11 devices connecting to your network are trustworthy. You can also enforce compliance and conditional access with a modern device management (MDM) service such as Microsoft Endpoint Manager, which works with Azure Active Directory and Microsoft Azure Attestation to control access to applications and data through the cloud. <sup>[\[4\]](#note4)</sup>
+Microsoft offers comprehensive cloud services for identity, storage, and access management in addition to the tools needed to attest that Windows devices connecting to your network are trustworthy. You can also enforce compliance and conditional access with a modern device management (MDM) service such as Microsoft Intune, which works with Azure Active Directory and Microsoft Azure Attestation to control access to applications and data through the cloud.
 
-<sup><a name="note1"></a>[1]</sup> Hypervisor-protected coder integrity, which activates virtualization-based security, is enabled by default on clean installations only.\
-<sup><a name="note2"></a>[2]</sup> Windows 10 Pro and above support Application Guard protection for Microsoft Edge. Microsoft Defender Application Guard for Office requires Windows 10 Enterprise, and Microsoft 365 E5 or Microsoft 365 E5 Security.\
-<sup><a name="note3"></a>[3]</sup> Windows Hello supports multi-factor authentication including facial recognition, fingerprint, and PIN. Requires specialized hardware such as fingerprint reader, illuminated IT sensor or other biometric sensors and capable devices.\
-<sup><a name="note4"></a>[4]</sup> Microsoft Endpoint Manager and Microsoft Azure Active Directory subscriptions sold separately.\
+## Next steps
+
+To learn more about the security features included in Windows 11, download the [Windows 11 Security Book: Powerful security from chip to cloud](https://aka.ms/Windows11SecurityBook).
diff --git a/windows/security/introduction/security-features-edition-requirements.md b/windows/security/introduction/security-features-edition-requirements.md
index 78f752d813..06c6a401ba 100644
--- a/windows/security/introduction/security-features-edition-requirements.md
+++ b/windows/security/introduction/security-features-edition-requirements.md
@@ -1,5 +1,5 @@
 ---
-title: Windows edition requirements
+title: Windows security features and edition requirements
 description: Learn about Windows edition requirements for the feature included in Windows.
 ms.prod: windows-client
 author: paolomatarazzo
@@ -8,12 +8,19 @@ manager: aaroncz
 ms.collection:
 - tier3
 ms.topic: conceptual
-ms.date: 04/03/2023
+ms.date: 05/04/2023
 appliesto:
 - ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 ms.technology: itpro-security
 ---
 
-# Security features Windows edition requirements
+# Windows security features and edition requirements
 
-[!INCLUDE [_edition-requirements](../../../includes/licensing/_edition-requirements.md)]
\ No newline at end of file
+This article lists the security features that are available in Windows, and the Windows editions that support them.
+
+> [!NOTE]
+> The **Windows edition requirements** listed in the following table may be different from the **licensing requirements**. If you're looking for licensing requirements, see [Windows security features and licensing requirements](security-features-licensing-requirements.md).
+
+[!INCLUDE [_edition-requirements](../../../includes/licensing/_edition-requirements.md)]
+
+For more information about Windows licensing, see [Windows Commercial Licensing overview](../../whats-new/windows-licensing.md).
diff --git a/windows/security/introduction/security-features-licensing-requirements.md b/windows/security/introduction/security-features-licensing-requirements.md
index d75b32a689..59a037f15c 100644
--- a/windows/security/introduction/security-features-licensing-requirements.md
+++ b/windows/security/introduction/security-features-licensing-requirements.md
@@ -1,5 +1,5 @@
 ---
-title: Windows security licensing requirements
+title: Windows security features and licensing requirements
 description: Learn about Windows features and licensing requirements for the feature included in Windows.
 ms.prod: windows-client
 author: paolomatarazzo
@@ -14,6 +14,14 @@ appliesto:
 ms.technology: itpro-security
 ---
 
-# Windows security licensing requirements
+# Windows security features and licensing requirements
 
-[!INCLUDE [_licensing-requirements](../../../includes/licensing/_licensing-requirements.md)]
\ No newline at end of file
+
+This article lists the security features that are available in Windows, and the licensing requirements to use them.
+
+> [!NOTE]
+> The **licensing requirements** listed in the following table may be different from the **Windows edition requirements**. If you're looking for Windows edition requirements, see [Windows security features and edition requirements](security-features-edition-requirements.md).
+
+[!INCLUDE [_licensing-requirements](../../../includes/licensing/_licensing-requirements.md)]
+
+For more information about Windows licensing, see [Windows Commercial Licensing overview](../../whats-new/windows-licensing.md).

From 16385a77e99fbb18ac406a2dd5fff07bd24d5c76 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 4 May 2023 14:57:37 -0400
Subject: [PATCH 066/107] link update

---
 .../introduction/security-features-edition-requirements.md      | 2 +-
 .../introduction/security-features-licensing-requirements.md    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/introduction/security-features-edition-requirements.md b/windows/security/introduction/security-features-edition-requirements.md
index 06c6a401ba..45b71f66b6 100644
--- a/windows/security/introduction/security-features-edition-requirements.md
+++ b/windows/security/introduction/security-features-edition-requirements.md
@@ -23,4 +23,4 @@ This article lists the security features that are available in Windows, and the
 
 [!INCLUDE [_edition-requirements](../../../includes/licensing/_edition-requirements.md)]
 
-For more information about Windows licensing, see [Windows Commercial Licensing overview](../../whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing.md).
diff --git a/windows/security/introduction/security-features-licensing-requirements.md b/windows/security/introduction/security-features-licensing-requirements.md
index 59a037f15c..be59b0a473 100644
--- a/windows/security/introduction/security-features-licensing-requirements.md
+++ b/windows/security/introduction/security-features-licensing-requirements.md
@@ -24,4 +24,4 @@ This article lists the security features that are available in Windows, and the
 
 [!INCLUDE [_licensing-requirements](../../../includes/licensing/_licensing-requirements.md)]
 
-For more information about Windows licensing, see [Windows Commercial Licensing overview](../../whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing.md).

From 3dd1b8cab340881fb73548d0379d701485e9e4c7 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 4 May 2023 15:18:06 -0400
Subject: [PATCH 067/107] refreshed include files

---
 .../licensing/36-months-support-period.md     |  22 ---
 includes/licensing/_edition-requirements.md   |  13 --
 includes/licensing/_licensing-requirements.md | 153 ++++++++----------
 .../licensing/access-control-aclsscals.md     |   2 +-
 includes/licensing/account-lockout-policy.md  |   2 +-
 .../licensing/always-on-vpn-device-tunnel.md  |   2 +-
 includes/licensing/applocker.md               |  22 ---
 .../licensing/assigned-access-kiosk-mode.md   |   2 +-
 .../licensing/attack-surface-reduction-asr.md |   2 +-
 ...d-azure-ad-join-with-single-sign-on-sso.md |   2 +-
 includes/licensing/bitlocker.md               |   2 +-
 ...tooth-pairing-and-connection-protection.md |   2 +-
 .../common-criteria-certifications.md         |   2 +-
 .../licensing/controlled-folder-access.md     |   2 +-
 .../device-health-attestation-service.md      |   2 +-
 ...pdate-compatibility-reports-with-intune.md |  22 ---
 includes/licensing/direct-access.md           |   2 +-
 includes/licensing/email-encryption-smime.md  |   2 +-
 includes/licensing/encrypted-hard-drive.md    |   2 +-
 includes/licensing/endpoint-analytics.md      |  22 ---
 ...ed-phishing-protection-with-smartscreen.md |   2 +-
 includes/licensing/exploit-protection.md      |   2 +-
 ...fast-identity-online-fido2-security-key.md |   2 +-
 ...processing-standard-fips-140-validation.md |   2 +-
 includes/licensing/federated-sign-in.md       |   2 +-
 .../hardware-enforced-stack-protection.md     |   2 +-
 ...ypervisor-protected-code-integrity-hvci.md |   2 +-
 ...nel-direct-memory-access-dma-protection.md |   2 +-
 ...local-security-authority-lsa-protection.md |   2 +-
 ...-device-management-mdm-and-group-policy.md |   2 +-
 includes/licensing/measured-boot.md           |   2 +-
 .../microsoft-connected-cache-mcc.md          |  22 ---
 .../licensing/microsoft-defender-antivirus.md |   2 +-
 ...pplication-guard-mdag-configure-via-mdm.md |   2 +-
 ...terprise-mode-and-enterprise-management.md |   2 +-
 ...ion-guard-mdag-for-edge-standalone-mode.md |   2 +-
 ...ication-guard-mdag-for-microsoft-office.md |   2 +-
 ...nder-application-guard-mdag-public-apis.md |   2 +-
 .../microsoft-defender-for-endpoint.md        |   2 +-
 .../microsoft-defender-smartscreen.md         |   2 +-
 ...icrosoft-desktop-optimization-pack-mdop.md |  22 ---
 .../microsoft-pluton-security-processor.md    |   2 +-
 .../microsoft-vulnerable-driver-blocklist.md  |   2 +-
 .../opportunistic-wireless-encryption-owe.md  |   2 +-
 .../organizational-messages-with-intune.md    |  22 ---
 .../licensing/personal-data-encryption-pde.md |   2 +-
 includes/licensing/privacy-resource-usage.md  |   2 +-
 .../privacy-transparency-and-controls.md      |   2 +-
 includes/licensing/remote-wipe.md             |   2 +-
 .../licensing/secure-boot-and-trusted-boot.md |   2 +-
 .../secured-core-configuration-lock.md        |   2 +-
 includes/licensing/secured-core-pc.md         |   2 +-
 includes/licensing/security-baselines.md      |   2 +-
 .../server-message-block-direct-smb-direct.md |   2 +-
 .../server-message-block-smb-file-service.md  |   2 +-
 includes/licensing/smart-app-control.md       |   2 +-
 .../smart-cards-for-windows-service.md        |   2 +-
 includes/licensing/start-menu-and-taskbar.md  |  22 ---
 .../tamper-protection-settings-for-mde.md     |   2 +-
 .../licensing/transport-layer-security-tls.md |   2 +-
 .../trusted-platform-module-tpm-20.md         |   2 +-
 includes/licensing/universal-print.md         |   2 +-
 .../licensing/user-account-control-uac.md     |   2 +-
 .../licensing/virtual-private-network-vpn.md  |   2 +-
 .../virtualization-based-security-vbs.md      |   2 +-
 .../virtualization-rights-vda-avd-and-w365.md |  22 ---
 includes/licensing/wifi-security.md           |   2 +-
 includes/licensing/windows-autopatch.md       |   2 +-
 includes/licensing/windows-autopilot.md       |   2 +-
 includes/licensing/windows-containers.md      |   2 +-
 ...ndows-defender-application-control-wdac.md |   2 +-
 .../windows-defender-credential-guard.md      |   2 +-
 ...indows-defender-remote-credential-guard.md |   2 +-
 .../windows-defender-system-guard.md          |   2 +-
 ...eature-and-expedite-updates-with-intune.md |  22 ---
 includes/licensing/windows-firewall.md        |   2 +-
 ...-business-enhanced-security-sign-in-ess.md |   2 +-
 .../licensing/windows-hello-for-business.md   |   2 +-
 includes/licensing/windows-laps.md            |   2 +-
 .../licensing/windows-presence-sensing.md     |   2 +-
 includes/licensing/windows-sandbox.md         |   2 +-
 ...s-security-policy-settings-and-auditing.md |   2 +-
 .../windows-subscription-activation.md        |  22 ---
 ...-update-for-business-deployment-service.md |  22 ---
 .../licensing/windows-update-for-business.md  |  22 ---
 85 files changed, 140 insertions(+), 452 deletions(-)
 delete mode 100644 includes/licensing/36-months-support-period.md
 delete mode 100644 includes/licensing/applocker.md
 delete mode 100644 includes/licensing/device-readiness-and-update-compatibility-reports-with-intune.md
 delete mode 100644 includes/licensing/endpoint-analytics.md
 delete mode 100644 includes/licensing/microsoft-connected-cache-mcc.md
 delete mode 100644 includes/licensing/microsoft-desktop-optimization-pack-mdop.md
 delete mode 100644 includes/licensing/organizational-messages-with-intune.md
 delete mode 100644 includes/licensing/start-menu-and-taskbar.md
 delete mode 100644 includes/licensing/virtualization-rights-vda-avd-and-w365.md
 delete mode 100644 includes/licensing/windows-feature-and-expedite-updates-with-intune.md
 delete mode 100644 includes/licensing/windows-subscription-activation.md
 delete mode 100644 includes/licensing/windows-update-for-business-deployment-service.md
 delete mode 100644 includes/licensing/windows-update-for-business.md

diff --git a/includes/licensing/36-months-support-period.md b/includes/licensing/36-months-support-period.md
deleted file mode 100644
index 4208a1cc6c..0000000000
--- a/includes/licensing/36-months-support-period.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 05/04/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support 36 months support period:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
-
-36 months support period license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md
index 2471a1b7f5..207141f3e5 100644
--- a/includes/licensing/_edition-requirements.md
+++ b/includes/licensing/_edition-requirements.md
@@ -7,11 +7,9 @@ ms.topic: include
 
 | Feature name | Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education |
 |:---|:---:|:---:|:---:|:---:|
-|**[36 months support period](/lifecycle/products/windows-11-enterprise-and-education)**|❌|Yes|❌|Yes|
 |**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|
 |**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|❌|Yes|
-|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|Yes|Yes|Yes|Yes|
 |**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|
 |**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|
 |**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|
@@ -20,11 +18,9 @@ ms.topic: include
 |**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|
 |**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|
 |**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|
-|**[Device readiness and update compatibility reports with Intune](/mem/intune/protect/windows-update-compatibility-reports)**|Yes|Yes|Yes|Yes|
 |**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|❌|Yes|
 |**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|
 |**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|
-|**[Endpoint Analytics](/mem/analytics/overview)**|Yes|Yes|Yes|Yes|
 |**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|
 |**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|
 |**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes|
@@ -36,7 +32,6 @@ ms.topic: include
 |**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|
 |**[Manage by Mobile Device Management (MDM) and group policy](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|
 |**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Connected Cache (MCC)](/windows/deployment/do/mcc-enterprise-prerequisites)**|❌|❌|❌|❌|
 |**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|❌|Yes|
 |**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|❌|Yes|
@@ -45,11 +40,9 @@ ms.topic: include
 |**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|❌|Yes|
 |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Desktop Optimization Pack (MDOP)](/microsoft-desktop-optimization-pack)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|
 |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|
-|**[Organizational messages with Intune](/mem/intune/remote-actions/organizational-messages-overview)**|❌|Yes|❌|Yes|
 |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes|
 |**Privacy Resource Usage**|Yes|Yes|Yes|Yes|
 |**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|
@@ -62,14 +55,12 @@ ms.topic: include
 |**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|
 |**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
 |**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|
-|**Start menu and taskbar**|Yes|Yes|Yes|Yes|
 |**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|
 |**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|
 |**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|
 |**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes|
 |**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|
 |**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|
-|**[Virtualization rights (VDA, AVD and W365)](/azure/virtual-desktop/prerequisites%23operating-systems-and-licenses)**|❌|Yes|❌|Yes|
 |**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|
 |**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|
 |**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|❌|Yes|
@@ -79,7 +70,6 @@ ms.topic: include
 |**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|❌|Yes|
 |**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|
 |**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|
-|**[Windows feature and expedite updates with Intune](/mem/intune/protect/windows-10-feature-updates)**|Yes|Yes|Yes|Yes|
 |**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|
@@ -87,6 +77,3 @@ ms.topic: include
 |**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|
 |**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|
 |**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|
-|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**|Yes|Yes|Yes|Yes|
-|**[Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb)**|Yes|Yes|Yes|Yes|
-|**[Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview)**|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md
index 6035077e87..a27829cbab 100644
--- a/includes/licensing/_licensing-requirements.md
+++ b/includes/licensing/_licensing-requirements.md
@@ -7,86 +7,73 @@ ms.topic: include
 
 |Feature name|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---|:---:|:---:|:---:|:---:|:---:|
-|**[36 months support period](/lifecycle/products/windows-11-enterprise-and-education)**||Yes|Yes|Yes|Yes|
-|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**||Yes|Yes|Yes|Yes|
-|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**||Yes|Yes|Yes|Yes|
-|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**||Yes|Yes|Yes|Yes|
-|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**||Yes|Yes|Yes|Yes|
-|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**||Yes|Yes|Yes|Yes|
-|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**||Yes|Yes|Yes|Yes|
-|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**||Yes|Yes|Yes|Yes|
-|**[BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview)**||Yes|Yes|Yes|Yes|
-|**Bluetooth pairing and connection protection**||Yes|Yes|Yes|Yes|
-|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**||Yes|Yes|Yes|Yes|
-|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**||Yes|Yes|Yes|Yes|
-|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**||Yes|Yes|Yes|Yes|
-|**[Device readiness and update compatibility reports with Intune](/mem/intune/protect/windows-update-compatibility-reports)**||Yes|Yes|Yes|Yes|
-|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**||Yes|Yes|Yes|Yes|
-|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**||Yes|Yes|Yes|Yes|
-|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**||Yes|Yes|Yes|Yes|
-|**[Endpoint Analytics](/mem/analytics/overview)**||Yes|Yes|Yes|Yes|
-|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**||Yes|Yes|Yes|Yes|
-|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**||Yes|Yes|Yes|Yes|
-|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**||Yes|Yes|Yes|Yes|
-|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**||Yes|Yes|Yes|Yes|
-|**[Federated sign-in](/education/windows/federated-sign-in)**||❌|❌|Yes|Yes|
-|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**||Yes|Yes|Yes|Yes|
-|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**||Yes|Yes|Yes|Yes|
-|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**||Yes|Yes|Yes|Yes|
-|**Local Security Authority (LSA) Protection**||Yes|Yes|Yes|Yes|
-|**[Manage by Mobile Device Management (MDM) and group policy](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**||Yes|Yes|Yes|Yes|
-|**[Measured boot](/windows/compatibility/measured-boot)**||Yes|Yes|Yes|Yes|
-|**[Microsoft Connected Cache (MCC)](/windows/deployment/do/mcc-enterprise-prerequisites)**||❌|❌|❌|❌|
-|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**||Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**||Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**||Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**||Yes|Yes|Yes|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**||❌|❌|❌|❌|
-|**Microsoft Defender Application Guard (MDAG) public APIs**||Yes|Yes|Yes|Yes|
-|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**||❌|Yes|❌|Yes|
-|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**||Yes|Yes|Yes|Yes|
-|**[Microsoft Desktop Optimization Pack (MDOP)](/microsoft-desktop-optimization-pack)**||Yes|Yes|Yes|Yes|
-|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**||Yes|Yes|Yes|Yes|
-|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**||Yes|Yes|Yes|Yes|
-|**Opportunistic Wireless Encryption (OWE)**||Yes|Yes|Yes|Yes|
-|**[Organizational messages with Intune](/mem/intune/remote-actions/organizational-messages-overview)**||Yes|Yes|Yes|Yes|
-|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**||Yes|Yes|Yes|Yes|
-|**Privacy Resource Usage**||Yes|Yes|Yes|Yes|
-|**Privacy Transparency and Controls**||Yes|Yes|Yes|Yes|
-|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**||Yes|Yes|Yes|Yes|
-|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**||Yes|Yes|Yes|Yes|
-|**[Secured-core configuration lock](/windows/client-management/config-lock)**||Yes|Yes|Yes|Yes|
-|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**||Yes|Yes|Yes|Yes|
-|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**||Yes|Yes|Yes|Yes|
-|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**||Yes|Yes|Yes|Yes|
-|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**||Yes|Yes|Yes|Yes|
-|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**||Yes|Yes|Yes|Yes|
-|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**||Yes|Yes|Yes|Yes|
-|**Start menu and taskbar**||Yes|Yes|Yes|Yes|
-|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**||Yes|Yes|Yes|Yes|
-|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**||Yes|Yes|Yes|Yes|
-|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**||Yes|Yes|Yes|Yes|
-|**[Universal Print](/universal-print/)**||Yes|Yes|Yes|Yes|
-|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**||Yes|Yes|Yes|Yes|
-|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**||Yes|Yes|Yes|Yes|
-|**[Virtualization rights (VDA, AVD and W365)](/azure/virtual-desktop/prerequisites%23operating-systems-and-licenses)**||Yes|Yes|Yes|Yes|
-|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**||Yes|Yes|Yes|Yes|
-|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**||Yes|Yes|Yes|Yes|
-|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**||Yes|Yes|❌|❌|
-|**[Windows Autopilot](/windows/deployment/windows-autopilot)**||Yes|Yes|Yes|Yes|
-|**[Windows containers](/virtualization/windowscontainers/about/)**||Yes|Yes|Yes|Yes|
-|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**||Yes|Yes|Yes|Yes|
-|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**||Yes|Yes|Yes|Yes|
-|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**||Yes|Yes|Yes|Yes|
-|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**||Yes|Yes|Yes|Yes|
-|**[Windows feature and expedite updates with Intune](/mem/intune/protect/windows-10-feature-updates)**||Yes|Yes|Yes|Yes|
-|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**||Yes|Yes|Yes|Yes|
-|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**||Yes|Yes|Yes|Yes|
-|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**||Yes|Yes|Yes|Yes|
-|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**||Yes|Yes|Yes|Yes|
-|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**||Yes|Yes|Yes|Yes|
-|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**||Yes|Yes|Yes|Yes|
-|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**||Yes|Yes|Yes|Yes|
-|**[Windows subscription activation](/windows/deployment/windows-10-subscription-activation)**||Yes|Yes|Yes|Yes|
-|**[Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb)**||Yes|Yes|Yes|Yes|
-|**[Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview)**||Yes|Yes|Yes|Yes|
+|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
+|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes|
+|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|Yes|Yes|Yes|
+|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes|
+|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes|
+|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes|
+|**[BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|Yes|
+|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|Yes|
+|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|Yes|
+|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|Yes|
+|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|Yes|Yes|Yes|
+|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|Yes|
+|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|Yes|
+|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|Yes|
+|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes|
+|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes|Yes|
+|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes|
+|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|❌|Yes|Yes|
+|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes|
+|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|Yes|
+|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes|
+|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|Yes|
+|**[Manage by Mobile Device Management (MDM) and group policy](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|Yes|
+|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|❌|❌|❌|❌|
+|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|❌|❌|Yes|❌|Yes|
+|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes|
+|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes|
+|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes|
+|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes|
+|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|Yes|
+|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes|
+|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|Yes|
+|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|Yes|
+|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes|
+|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|Yes|
+|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|Yes|
+|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
+|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|Yes|
+|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes|
+|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Universal Print](/universal-print/)**|❌|Yes|Yes|Yes|Yes|
+|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes|
+|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes|
+|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|❌|
+|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|Yes|Yes|Yes|
+|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/access-control-aclsscals.md b/includes/licensing/access-control-aclsscals.md
index f339bd84c4..74b2f49090 100644
--- a/includes/licensing/access-control-aclsscals.md
+++ b/includes/licensing/access-control-aclsscals.md
@@ -17,6 +17,6 @@ Access Control (ACLs/SCALS) license entitlements are granted by the following li
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/account-lockout-policy.md b/includes/licensing/account-lockout-policy.md
index c7bb6241a7..f73aa4228c 100644
--- a/includes/licensing/account-lockout-policy.md
+++ b/includes/licensing/account-lockout-policy.md
@@ -17,6 +17,6 @@ Account Lockout Policy license entitlements are granted by the following license
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/always-on-vpn-device-tunnel.md b/includes/licensing/always-on-vpn-device-tunnel.md
index a379e7ad79..74b2333a3d 100644
--- a/includes/licensing/always-on-vpn-device-tunnel.md
+++ b/includes/licensing/always-on-vpn-device-tunnel.md
@@ -17,6 +17,6 @@ Always On VPN (device tunnel) license entitlements are granted by the following
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/applocker.md b/includes/licensing/applocker.md
deleted file mode 100644
index 69bd446158..0000000000
--- a/includes/licensing/applocker.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 05/04/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support AppLocker:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-AppLocker license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/assigned-access-kiosk-mode.md b/includes/licensing/assigned-access-kiosk-mode.md
index aba7ff37fe..a2f4b745bb 100644
--- a/includes/licensing/assigned-access-kiosk-mode.md
+++ b/includes/licensing/assigned-access-kiosk-mode.md
@@ -17,6 +17,6 @@ Assigned Access (kiosk mode) license entitlements are granted by the following l
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/attack-surface-reduction-asr.md b/includes/licensing/attack-surface-reduction-asr.md
index f3213322c4..666af08c54 100644
--- a/includes/licensing/attack-surface-reduction-asr.md
+++ b/includes/licensing/attack-surface-reduction-asr.md
@@ -17,6 +17,6 @@ Attack surface reduction (ASR) license entitlements are granted by the following
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
index f2d9aa6ebf..b093cd8faa 100644
--- a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
+++ b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
@@ -17,6 +17,6 @@ Azure AD join, Active Directory domain join, and Hybrid Azure AD join with singl
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/bitlocker.md b/includes/licensing/bitlocker.md
index cc4b2e43bf..cf1f80b079 100644
--- a/includes/licensing/bitlocker.md
+++ b/includes/licensing/bitlocker.md
@@ -17,6 +17,6 @@ BitLocker license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/bluetooth-pairing-and-connection-protection.md b/includes/licensing/bluetooth-pairing-and-connection-protection.md
index 34d7ec09fb..494fee6609 100644
--- a/includes/licensing/bluetooth-pairing-and-connection-protection.md
+++ b/includes/licensing/bluetooth-pairing-and-connection-protection.md
@@ -17,6 +17,6 @@ Bluetooth pairing and connection protection license entitlements are granted by
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/common-criteria-certifications.md b/includes/licensing/common-criteria-certifications.md
index 024213280f..dbb9d1669a 100644
--- a/includes/licensing/common-criteria-certifications.md
+++ b/includes/licensing/common-criteria-certifications.md
@@ -17,6 +17,6 @@ Common Criteria certifications license entitlements are granted by the following
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/controlled-folder-access.md b/includes/licensing/controlled-folder-access.md
index 8897700279..855d0cf28f 100644
--- a/includes/licensing/controlled-folder-access.md
+++ b/includes/licensing/controlled-folder-access.md
@@ -17,6 +17,6 @@ Controlled folder access license entitlements are granted by the following licen
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/device-health-attestation-service.md b/includes/licensing/device-health-attestation-service.md
index 4eeedc00df..f8fdb1e381 100644
--- a/includes/licensing/device-health-attestation-service.md
+++ b/includes/licensing/device-health-attestation-service.md
@@ -17,6 +17,6 @@ Device health attestation service license entitlements are granted by the follow
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/device-readiness-and-update-compatibility-reports-with-intune.md b/includes/licensing/device-readiness-and-update-compatibility-reports-with-intune.md
deleted file mode 100644
index 83dad5c4f9..0000000000
--- a/includes/licensing/device-readiness-and-update-compatibility-reports-with-intune.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 05/04/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Device readiness and update compatibility reports with Intune:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Device readiness and update compatibility reports with Intune license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/direct-access.md b/includes/licensing/direct-access.md
index bd55346388..f1b2da9ef5 100644
--- a/includes/licensing/direct-access.md
+++ b/includes/licensing/direct-access.md
@@ -17,6 +17,6 @@ Direct Access license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/email-encryption-smime.md b/includes/licensing/email-encryption-smime.md
index dc22baf095..07e14851b2 100644
--- a/includes/licensing/email-encryption-smime.md
+++ b/includes/licensing/email-encryption-smime.md
@@ -17,6 +17,6 @@ Email Encryption (S/MIME) license entitlements are granted by the following lice
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/encrypted-hard-drive.md b/includes/licensing/encrypted-hard-drive.md
index c9860962a4..e365c0d71c 100644
--- a/includes/licensing/encrypted-hard-drive.md
+++ b/includes/licensing/encrypted-hard-drive.md
@@ -17,6 +17,6 @@ Encrypted hard drive license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/endpoint-analytics.md b/includes/licensing/endpoint-analytics.md
deleted file mode 100644
index 497d3030d9..0000000000
--- a/includes/licensing/endpoint-analytics.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 05/04/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Endpoint Analytics:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Endpoint Analytics license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
index 90585b908b..4f4c059f8b 100644
--- a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
+++ b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
@@ -17,6 +17,6 @@ Enhanced phishing protection with SmartScreen license entitlements are granted b
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/exploit-protection.md b/includes/licensing/exploit-protection.md
index 194f986b4f..c774cb4f5e 100644
--- a/includes/licensing/exploit-protection.md
+++ b/includes/licensing/exploit-protection.md
@@ -17,6 +17,6 @@ Exploit protection license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/fast-identity-online-fido2-security-key.md b/includes/licensing/fast-identity-online-fido2-security-key.md
index 5a3e06df91..b47385e2f5 100644
--- a/includes/licensing/fast-identity-online-fido2-security-key.md
+++ b/includes/licensing/fast-identity-online-fido2-security-key.md
@@ -17,6 +17,6 @@ Fast Identity Online (FIDO2) security key license entitlements are granted by th
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/federal-information-processing-standard-fips-140-validation.md b/includes/licensing/federal-information-processing-standard-fips-140-validation.md
index 40e47fb3c8..ff0563a439 100644
--- a/includes/licensing/federal-information-processing-standard-fips-140-validation.md
+++ b/includes/licensing/federal-information-processing-standard-fips-140-validation.md
@@ -17,6 +17,6 @@ Federal Information Processing Standard (FIPS) 140 validation license entitlemen
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md
index 7ee5966b53..28e69d8a5e 100644
--- a/includes/licensing/federated-sign-in.md
+++ b/includes/licensing/federated-sign-in.md
@@ -17,6 +17,6 @@ Federated sign-in license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||No|No|Yes|Yes|
+|No|No|No|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/hardware-enforced-stack-protection.md b/includes/licensing/hardware-enforced-stack-protection.md
index a51f0a3c14..50ae05045a 100644
--- a/includes/licensing/hardware-enforced-stack-protection.md
+++ b/includes/licensing/hardware-enforced-stack-protection.md
@@ -17,6 +17,6 @@ Hardware-enforced stack protection license entitlements are granted by the follo
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/hypervisor-protected-code-integrity-hvci.md b/includes/licensing/hypervisor-protected-code-integrity-hvci.md
index 1026304f72..8f6b16cf28 100644
--- a/includes/licensing/hypervisor-protected-code-integrity-hvci.md
+++ b/includes/licensing/hypervisor-protected-code-integrity-hvci.md
@@ -17,6 +17,6 @@ Hypervisor-protected Code Integrity (HVCI) license entitlements are granted by t
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/kernel-direct-memory-access-dma-protection.md b/includes/licensing/kernel-direct-memory-access-dma-protection.md
index e274721eba..7c805915cb 100644
--- a/includes/licensing/kernel-direct-memory-access-dma-protection.md
+++ b/includes/licensing/kernel-direct-memory-access-dma-protection.md
@@ -17,6 +17,6 @@ Kernel Direct Memory Access (DMA) protection license entitlements are granted by
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/local-security-authority-lsa-protection.md b/includes/licensing/local-security-authority-lsa-protection.md
index 52bc417812..af4fb5b47f 100644
--- a/includes/licensing/local-security-authority-lsa-protection.md
+++ b/includes/licensing/local-security-authority-lsa-protection.md
@@ -17,6 +17,6 @@ Local Security Authority (LSA) Protection license entitlements are granted by th
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
index 39e45deb89..7330817deb 100644
--- a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
+++ b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
@@ -17,6 +17,6 @@ Manage by Mobile Device Management (MDM) and group policy license entitlements a
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/measured-boot.md b/includes/licensing/measured-boot.md
index b52c825259..39c560d47f 100644
--- a/includes/licensing/measured-boot.md
+++ b/includes/licensing/measured-boot.md
@@ -17,6 +17,6 @@ Measured boot license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-connected-cache-mcc.md b/includes/licensing/microsoft-connected-cache-mcc.md
deleted file mode 100644
index d45efe86e0..0000000000
--- a/includes/licensing/microsoft-connected-cache-mcc.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 05/04/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Microsoft Connected Cache (MCC):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|No|No|No|No|
-
-Microsoft Connected Cache (MCC) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-||No|No|No|No|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-antivirus.md b/includes/licensing/microsoft-defender-antivirus.md
index 39b0dec8a8..ba5bb932ea 100644
--- a/includes/licensing/microsoft-defender-antivirus.md
+++ b/includes/licensing/microsoft-defender-antivirus.md
@@ -17,6 +17,6 @@ Microsoft Defender Antivirus license entitlements are granted by the following l
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
index 950ee7e5c7..453b5db930 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
@@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) configure via MDM license entitlemen
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
index ff3b4081cf..36c1c33234 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
@@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterpr
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
index ec4f9aa4cb..23bf14013f 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
@@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) for Edge standalone mode license ent
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
index 7fd3537173..2ccf97f2da 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
@@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) for Microsoft Office license entitle
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||No|No|No|No|
+|No|No|No|No|No|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
index 83dfb73504..bf903c766f 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
@@ -17,6 +17,6 @@ Microsoft Defender Application Guard (MDAG) public APIs license entitlements are
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-for-endpoint.md b/includes/licensing/microsoft-defender-for-endpoint.md
index aa22c56bbe..be03daf05e 100644
--- a/includes/licensing/microsoft-defender-for-endpoint.md
+++ b/includes/licensing/microsoft-defender-for-endpoint.md
@@ -17,6 +17,6 @@ Microsoft Defender for Endpoint license entitlements are granted by the followin
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||No|Yes|No|Yes|
+|No|No|Yes|No|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-defender-smartscreen.md b/includes/licensing/microsoft-defender-smartscreen.md
index 8e39f1f189..a946b12155 100644
--- a/includes/licensing/microsoft-defender-smartscreen.md
+++ b/includes/licensing/microsoft-defender-smartscreen.md
@@ -17,6 +17,6 @@ Microsoft Defender SmartScreen license entitlements are granted by the following
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-desktop-optimization-pack-mdop.md b/includes/licensing/microsoft-desktop-optimization-pack-mdop.md
deleted file mode 100644
index 13f935839a..0000000000
--- a/includes/licensing/microsoft-desktop-optimization-pack-mdop.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 05/04/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Microsoft Desktop Optimization Pack (MDOP):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Microsoft Desktop Optimization Pack (MDOP) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-pluton-security-processor.md b/includes/licensing/microsoft-pluton-security-processor.md
index 0ca863f6f4..2190c8a4ab 100644
--- a/includes/licensing/microsoft-pluton-security-processor.md
+++ b/includes/licensing/microsoft-pluton-security-processor.md
@@ -17,6 +17,6 @@ Microsoft Pluton security processor license entitlements are granted by the foll
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-vulnerable-driver-blocklist.md b/includes/licensing/microsoft-vulnerable-driver-blocklist.md
index 0d12fd38dc..39e258739c 100644
--- a/includes/licensing/microsoft-vulnerable-driver-blocklist.md
+++ b/includes/licensing/microsoft-vulnerable-driver-blocklist.md
@@ -17,6 +17,6 @@ Microsoft Vulnerable Driver Blocklist license entitlements are granted by the fo
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/opportunistic-wireless-encryption-owe.md b/includes/licensing/opportunistic-wireless-encryption-owe.md
index b75f017ad3..e0203c3e4d 100644
--- a/includes/licensing/opportunistic-wireless-encryption-owe.md
+++ b/includes/licensing/opportunistic-wireless-encryption-owe.md
@@ -17,6 +17,6 @@ Opportunistic Wireless Encryption (OWE) license entitlements are granted by the
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/organizational-messages-with-intune.md b/includes/licensing/organizational-messages-with-intune.md
deleted file mode 100644
index b1883a1e1f..0000000000
--- a/includes/licensing/organizational-messages-with-intune.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 05/04/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Organizational messages with Intune:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
-
-Organizational messages with Intune license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/personal-data-encryption-pde.md b/includes/licensing/personal-data-encryption-pde.md
index c4c97923df..3ca149f34f 100644
--- a/includes/licensing/personal-data-encryption-pde.md
+++ b/includes/licensing/personal-data-encryption-pde.md
@@ -17,6 +17,6 @@ Personal data encryption (PDE) license entitlements are granted by the following
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/privacy-resource-usage.md b/includes/licensing/privacy-resource-usage.md
index a80a71ce3a..054bf054cc 100644
--- a/includes/licensing/privacy-resource-usage.md
+++ b/includes/licensing/privacy-resource-usage.md
@@ -17,6 +17,6 @@ Privacy Resource Usage license entitlements are granted by the following license
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/privacy-transparency-and-controls.md b/includes/licensing/privacy-transparency-and-controls.md
index 621683c547..711440f7a5 100644
--- a/includes/licensing/privacy-transparency-and-controls.md
+++ b/includes/licensing/privacy-transparency-and-controls.md
@@ -17,6 +17,6 @@ Privacy Transparency and Controls license entitlements are granted by the follow
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/remote-wipe.md b/includes/licensing/remote-wipe.md
index 7bc335c922..5f5e79eeb6 100644
--- a/includes/licensing/remote-wipe.md
+++ b/includes/licensing/remote-wipe.md
@@ -17,6 +17,6 @@ Remote wipe license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/secure-boot-and-trusted-boot.md b/includes/licensing/secure-boot-and-trusted-boot.md
index 74d7936d3b..8c60a8b048 100644
--- a/includes/licensing/secure-boot-and-trusted-boot.md
+++ b/includes/licensing/secure-boot-and-trusted-boot.md
@@ -17,6 +17,6 @@ Secure Boot and Trusted Boot license entitlements are granted by the following l
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/secured-core-configuration-lock.md b/includes/licensing/secured-core-configuration-lock.md
index 642cd73671..9a2f06088b 100644
--- a/includes/licensing/secured-core-configuration-lock.md
+++ b/includes/licensing/secured-core-configuration-lock.md
@@ -17,6 +17,6 @@ Secured-core configuration lock license entitlements are granted by the followin
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/secured-core-pc.md b/includes/licensing/secured-core-pc.md
index 4845670fc5..f22319bbdb 100644
--- a/includes/licensing/secured-core-pc.md
+++ b/includes/licensing/secured-core-pc.md
@@ -17,6 +17,6 @@ Secured-core PC license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/security-baselines.md b/includes/licensing/security-baselines.md
index 9facaa08ac..a615d3af13 100644
--- a/includes/licensing/security-baselines.md
+++ b/includes/licensing/security-baselines.md
@@ -17,6 +17,6 @@ Security baselines license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/server-message-block-direct-smb-direct.md b/includes/licensing/server-message-block-direct-smb-direct.md
index 47d6f0d881..ba99c98579 100644
--- a/includes/licensing/server-message-block-direct-smb-direct.md
+++ b/includes/licensing/server-message-block-direct-smb-direct.md
@@ -17,6 +17,6 @@ Server Message Block Direct (SMB Direct) license entitlements are granted by the
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/server-message-block-smb-file-service.md b/includes/licensing/server-message-block-smb-file-service.md
index 762477d727..a271907d88 100644
--- a/includes/licensing/server-message-block-smb-file-service.md
+++ b/includes/licensing/server-message-block-smb-file-service.md
@@ -17,6 +17,6 @@ Server Message Block (SMB) file service license entitlements are granted by the
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/smart-app-control.md b/includes/licensing/smart-app-control.md
index 7dcc3b0b32..ff42750aab 100644
--- a/includes/licensing/smart-app-control.md
+++ b/includes/licensing/smart-app-control.md
@@ -17,6 +17,6 @@ Smart App Control license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/smart-cards-for-windows-service.md b/includes/licensing/smart-cards-for-windows-service.md
index 29be818b02..98f271770f 100644
--- a/includes/licensing/smart-cards-for-windows-service.md
+++ b/includes/licensing/smart-cards-for-windows-service.md
@@ -17,6 +17,6 @@ Smart Cards for Windows Service license entitlements are granted by the followin
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/start-menu-and-taskbar.md b/includes/licensing/start-menu-and-taskbar.md
deleted file mode 100644
index 147c942553..0000000000
--- a/includes/licensing/start-menu-and-taskbar.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 05/04/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Start menu and taskbar:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Start menu and taskbar license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/tamper-protection-settings-for-mde.md b/includes/licensing/tamper-protection-settings-for-mde.md
index b4c744071b..95a86ec97c 100644
--- a/includes/licensing/tamper-protection-settings-for-mde.md
+++ b/includes/licensing/tamper-protection-settings-for-mde.md
@@ -17,6 +17,6 @@ Tamper protection settings for MDE license entitlements are granted by the follo
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/transport-layer-security-tls.md b/includes/licensing/transport-layer-security-tls.md
index 8cfd78e987..9af6799b44 100644
--- a/includes/licensing/transport-layer-security-tls.md
+++ b/includes/licensing/transport-layer-security-tls.md
@@ -17,6 +17,6 @@ Transport layer security (TLS) license entitlements are granted by the following
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/trusted-platform-module-tpm-20.md b/includes/licensing/trusted-platform-module-tpm-20.md
index 37892f588b..b2e593986b 100644
--- a/includes/licensing/trusted-platform-module-tpm-20.md
+++ b/includes/licensing/trusted-platform-module-tpm-20.md
@@ -17,6 +17,6 @@ Trusted Platform Module (TPM) 2.0 license entitlements are granted by the follow
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/universal-print.md b/includes/licensing/universal-print.md
index 1e2f1f7384..9c6572d61e 100644
--- a/includes/licensing/universal-print.md
+++ b/includes/licensing/universal-print.md
@@ -17,6 +17,6 @@ Universal Print license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/user-account-control-uac.md b/includes/licensing/user-account-control-uac.md
index 54bd71e9bd..9da42619fe 100644
--- a/includes/licensing/user-account-control-uac.md
+++ b/includes/licensing/user-account-control-uac.md
@@ -17,6 +17,6 @@ User Account Control (UAC) license entitlements are granted by the following lic
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/virtual-private-network-vpn.md b/includes/licensing/virtual-private-network-vpn.md
index 644adf2b91..aa184cdbb6 100644
--- a/includes/licensing/virtual-private-network-vpn.md
+++ b/includes/licensing/virtual-private-network-vpn.md
@@ -17,6 +17,6 @@ Virtual Private Network (VPN) license entitlements are granted by the following
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/virtualization-based-security-vbs.md b/includes/licensing/virtualization-based-security-vbs.md
index 8b0d6a2a01..bab3110e7a 100644
--- a/includes/licensing/virtualization-based-security-vbs.md
+++ b/includes/licensing/virtualization-based-security-vbs.md
@@ -17,6 +17,6 @@ Virtualization-based security (VBS) license entitlements are granted by the foll
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/virtualization-rights-vda-avd-and-w365.md b/includes/licensing/virtualization-rights-vda-avd-and-w365.md
deleted file mode 100644
index 8c77bfd575..0000000000
--- a/includes/licensing/virtualization-rights-vda-avd-and-w365.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 05/04/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Virtualization rights (VDA, AVD and W365):
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|No|Yes|No|Yes|
-
-Virtualization rights (VDA, AVD and W365) license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/wifi-security.md b/includes/licensing/wifi-security.md
index 19a752b6b6..edb7a92967 100644
--- a/includes/licensing/wifi-security.md
+++ b/includes/licensing/wifi-security.md
@@ -17,6 +17,6 @@ WiFi Security license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-autopatch.md b/includes/licensing/windows-autopatch.md
index ebcfd239a8..85f7df53dc 100644
--- a/includes/licensing/windows-autopatch.md
+++ b/includes/licensing/windows-autopatch.md
@@ -17,6 +17,6 @@ Windows Autopatch license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|No|No|
+|No|Yes|Yes|No|No|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-autopilot.md b/includes/licensing/windows-autopilot.md
index da890b8533..e187e7a3fa 100644
--- a/includes/licensing/windows-autopilot.md
+++ b/includes/licensing/windows-autopilot.md
@@ -17,6 +17,6 @@ Windows Autopilot license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-containers.md b/includes/licensing/windows-containers.md
index e0e32758d0..f3f9962827 100644
--- a/includes/licensing/windows-containers.md
+++ b/includes/licensing/windows-containers.md
@@ -17,6 +17,6 @@ Windows containers license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-defender-application-control-wdac.md b/includes/licensing/windows-defender-application-control-wdac.md
index d86996d2bc..66d6ac70dc 100644
--- a/includes/licensing/windows-defender-application-control-wdac.md
+++ b/includes/licensing/windows-defender-application-control-wdac.md
@@ -17,6 +17,6 @@ Windows Defender Application Control (WDAC) license entitlements are granted by
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-defender-credential-guard.md b/includes/licensing/windows-defender-credential-guard.md
index e2af27fbf1..c134726708 100644
--- a/includes/licensing/windows-defender-credential-guard.md
+++ b/includes/licensing/windows-defender-credential-guard.md
@@ -17,6 +17,6 @@ Windows Defender Credential Guard license entitlements are granted by the follow
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|No|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-defender-remote-credential-guard.md b/includes/licensing/windows-defender-remote-credential-guard.md
index e9753d8390..b638a7c661 100644
--- a/includes/licensing/windows-defender-remote-credential-guard.md
+++ b/includes/licensing/windows-defender-remote-credential-guard.md
@@ -17,6 +17,6 @@ Windows Defender Remote Credential Guard license entitlements are granted by the
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-defender-system-guard.md b/includes/licensing/windows-defender-system-guard.md
index bce6a705d1..0c747b64c5 100644
--- a/includes/licensing/windows-defender-system-guard.md
+++ b/includes/licensing/windows-defender-system-guard.md
@@ -17,6 +17,6 @@ Windows Defender System Guard license entitlements are granted by the following
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-feature-and-expedite-updates-with-intune.md b/includes/licensing/windows-feature-and-expedite-updates-with-intune.md
deleted file mode 100644
index 1eea90833f..0000000000
--- a/includes/licensing/windows-feature-and-expedite-updates-with-intune.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 05/04/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows feature and expedite updates with Intune:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows feature and expedite updates with Intune license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-firewall.md b/includes/licensing/windows-firewall.md
index e806dc33b2..2e0754b3ac 100644
--- a/includes/licensing/windows-firewall.md
+++ b/includes/licensing/windows-firewall.md
@@ -17,6 +17,6 @@ Windows Firewall license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
index 344372a9d1..3d0c015bc5 100644
--- a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
+++ b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
@@ -17,6 +17,6 @@ Windows Hello for Business Enhanced Security Sign-in (ESS) license entitlements
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-hello-for-business.md b/includes/licensing/windows-hello-for-business.md
index ca1a459066..f48b9316b7 100644
--- a/includes/licensing/windows-hello-for-business.md
+++ b/includes/licensing/windows-hello-for-business.md
@@ -17,6 +17,6 @@ Windows Hello for Business license entitlements are granted by the following lic
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-laps.md b/includes/licensing/windows-laps.md
index df4788787b..d462168228 100644
--- a/includes/licensing/windows-laps.md
+++ b/includes/licensing/windows-laps.md
@@ -17,6 +17,6 @@ Windows LAPS license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-presence-sensing.md b/includes/licensing/windows-presence-sensing.md
index 03a854f909..c6cc796c33 100644
--- a/includes/licensing/windows-presence-sensing.md
+++ b/includes/licensing/windows-presence-sensing.md
@@ -17,6 +17,6 @@ Windows presence sensing license entitlements are granted by the following licen
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-sandbox.md b/includes/licensing/windows-sandbox.md
index 2551168b7e..7ed933449c 100644
--- a/includes/licensing/windows-sandbox.md
+++ b/includes/licensing/windows-sandbox.md
@@ -17,6 +17,6 @@ Windows Sandbox license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-security-policy-settings-and-auditing.md b/includes/licensing/windows-security-policy-settings-and-auditing.md
index 762f1fb6c2..270d3267ee 100644
--- a/includes/licensing/windows-security-policy-settings-and-auditing.md
+++ b/includes/licensing/windows-security-policy-settings-and-auditing.md
@@ -17,6 +17,6 @@ Windows Security policy settings and auditing license entitlements are granted b
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
+|Yes|Yes|Yes|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-subscription-activation.md b/includes/licensing/windows-subscription-activation.md
deleted file mode 100644
index 3b049618a9..0000000000
--- a/includes/licensing/windows-subscription-activation.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 05/04/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows subscription activation:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows subscription activation license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-update-for-business-deployment-service.md b/includes/licensing/windows-update-for-business-deployment-service.md
deleted file mode 100644
index 1a7d673606..0000000000
--- a/includes/licensing/windows-update-for-business-deployment-service.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 05/04/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows Update for Business deployment service:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows Update for Business deployment service license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/windows-update-for-business.md b/includes/licensing/windows-update-for-business.md
deleted file mode 100644
index 9f1b4ad742..0000000000
--- a/includes/licensing/windows-update-for-business.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 05/04/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Windows Update for Business:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Windows Update for Business license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-||Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

From 1bbcdf12664de38ea2db9f4a978497a1312665a8 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 4 May 2023 15:57:39 -0400
Subject: [PATCH 068/107] fixed broken links

---
 .../introduction/security-features-edition-requirements.md   | 4 ++--
 .../introduction/security-features-licensing-requirements.md | 5 ++---
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/windows/security/introduction/security-features-edition-requirements.md b/windows/security/introduction/security-features-edition-requirements.md
index 45b71f66b6..0cffb54f8f 100644
--- a/windows/security/introduction/security-features-edition-requirements.md
+++ b/windows/security/introduction/security-features-edition-requirements.md
@@ -19,8 +19,8 @@ ms.technology: itpro-security
 This article lists the security features that are available in Windows, and the Windows editions that support them.
 
 > [!NOTE]
-> The **Windows edition requirements** listed in the following table may be different from the **licensing requirements**. If you're looking for licensing requirements, see [Windows security features and licensing requirements](security-features-licensing-requirements.md).
+> The **Windows edition** requirements listed in the following table may be different from the **licensing** requirements. If you're looking for licensing requirements, see [Windows security features and licensing requirements](security-features-licensing-requirements.md).
 
 [!INCLUDE [_edition-requirements](../../../includes/licensing/_edition-requirements.md)]
 
-For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/introduction/security-features-licensing-requirements.md b/windows/security/introduction/security-features-licensing-requirements.md
index be59b0a473..df7e5bdcec 100644
--- a/windows/security/introduction/security-features-licensing-requirements.md
+++ b/windows/security/introduction/security-features-licensing-requirements.md
@@ -16,12 +16,11 @@ ms.technology: itpro-security
 
 # Windows security features and licensing requirements
 
-
 This article lists the security features that are available in Windows, and the licensing requirements to use them.
 
 > [!NOTE]
-> The **licensing requirements** listed in the following table may be different from the **Windows edition requirements**. If you're looking for Windows edition requirements, see [Windows security features and edition requirements](security-features-edition-requirements.md).
+> The **licensing** requirements listed in the following table may be different from the **Windows edition** requirements. If you're looking for Windows edition requirements, see [Windows security features and edition requirements](security-features-edition-requirements.md).
 
 [!INCLUDE [_licensing-requirements](../../../includes/licensing/_licensing-requirements.md)]
 
-For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing.md).
+For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing).

From 442636a641eca5a1298fe8f4d93f5b930ae18c46 Mon Sep 17 00:00:00 2001
From: Carmen Forsmann <cmforsmann@live.com>
Date: Thu, 4 May 2023 17:47:07 -0600
Subject: [PATCH 069/107] Update wufb-reports-do.md

The sample was missing the null-terminator, which is required.
---
 windows/deployment/update/wufb-reports-do.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/wufb-reports-do.md b/windows/deployment/update/wufb-reports-do.md
index 580d459ff8..9c2455ffd2 100644
--- a/windows/deployment/update/wufb-reports-do.md
+++ b/windows/deployment/update/wufb-reports-do.md
@@ -92,7 +92,7 @@ There are several calculated values that appear on the Delivery Optimization rep
 In the **Efficiency By Group** subsection, the **GroupID** is displayed as an encoded SHA256 hash. You can create a mapping of original to encoded GroupIDs using the following PowerShell example:
 
 ```powershell
-$text = "<myEncodedGroupID>" ;
+$text = "<myEncodedGroupID>`0"; (the null-terminator (`0) must be included in the string hash)
 
 $hashObj = [System.Security.Cryptography.HashAlgorithm]::Create('sha256') ; $dig = $hashObj.ComputeHash([System.Text.Encoding]::Unicode.GetBytes($text)) ; $digB64 = [System.Convert]::ToBase64String($dig) ; Write-Host "$text ==> $digB64"
 ```

From 7542f48c1c7dcf17565094634043f395439086f7 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Fri, 5 May 2023 07:05:28 -0400
Subject: [PATCH 070/107] updates

---
 windows/security/TOC.yml                                  | 4 ++--
 .../credential-guard/credential-guard-requirements.md     | 4 +++-
 .../credential-guard/credential-guard.md                  | 2 --
 windows/security/introduction/index.md                    | 8 ++++----
 windows/security/zero-trust-windows-device-health.md      | 6 +++---
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index fb69d549ce..1577d1b22c 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -4,10 +4,10 @@
   expanded: true
 - name: Introduction
   items:
-  - name: Zero Trust and Windows
-    href: zero-trust-windows-device-health.md
   - name: Windows security overview
     href: introduction/index.md
+  - name: Zero Trust and Windows
+    href: zero-trust-windows-device-health.md
   - name: Security features edition requirements
     href: introduction/security-features-edition-requirements.md
   - name: Security features licensing requirements
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index ea7bf02bae..2afb9f4a6a 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -66,6 +66,8 @@ Applications may cause performance issues when they attempt to hook the isolated
 
 Services or protocols that rely on Kerberos, such as file shares, remote desktop, or BranchCache, continue to work and are not affected by Windows Defender Credential Guard.
 
+[!INCLUDE [windows-defender-credential-guard](../../../../includes/licensing/windows-defender-credential-guard.md)]
+
 ## Security considerations
 
 All computers that meet baseline protections for hardware, firmware, and software can use Windows Defender Credential Guard.
@@ -96,7 +98,7 @@ The following tables describe baseline protections, plus protections for improve
 |Protections for Improved Security|Description|
 |---|---|
 |Hardware: **IOMMU** (input/output memory management unit)|**Requirement**: </br> - VT-D or AMD Vi IOMMU </br> </br> **Security benefits**: </br> - An IOMMU can enhance system resiliency against memory attacks. For more information, see [Advanced Configuration and Power Interface (ACPI) description tables](/windows-hardware/drivers/bringup/acpi-system-description-tables)|
-|Firmware: **Securing Boot Configuration and Management**|**Requirements**: </br> - BIOS password or stronger authentication must be supported. </br> - In the BIOS configuration, BIOS authentication must be set. </br> - There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system. </br> - In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.|
+|Firmware: **Securing Boot Configuration and Management**|**Requirements**: </br> - BIOS password or stronger authentication must be supported. </br> - In the BIOS configuration, BIOS authentication must be set. </br> - There must be support for protected BIOS option to configure list of permitted boot devices (for example, "Boot only from internal hard drive") and boot device order, overriding BOOTORDER modification made by operating system. </br> - In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.|
 |Firmware: **Secure MOR, revision 2 implementation**|**Requirement**: </br> - Secure MOR, revision 2 implementation|
 
 ### 2016 Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016
diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md
index d8fd5081a5..af00a1aef1 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard.md
@@ -21,8 +21,6 @@ By enabling Windows Defender Credential Guard, the following features and soluti
 > [!NOTE]
 > As of Windows 11, version 22H2, Windows Defender Credential Guard has been enabled by default on all devices which meet the minimum requirements as specified in the [Default Enablement](credential-guard-manage.md#default-enablement) section. For information about known issues related to default enablement, see [Credential Guard: Known Issues](credential-guard-known-issues.md#known-issue-single-sign-on-sso-for-network-services-breaks-after-upgrading-to-windows-11-version-22h2).
 
-[!INCLUDE [windows-defender-credential-guard](../../../../includes/licensing/windows-defender-credential-guard.md)]
-
 ## Related topics
 
 - [Protecting network passwords with Windows Defender Credential Guard](https://www.microsoft.com/itshowcase/Article/Content/831/Protecting-network-passwords-with-Windows-10-Credential-Guard)
diff --git a/windows/security/introduction/index.md b/windows/security/introduction/index.md
index 913a477cf1..17297c9eb5 100644
--- a/windows/security/introduction/index.md
+++ b/windows/security/introduction/index.md
@@ -13,17 +13,17 @@ appliesto:
 
 The acceleration of digital transformation and the expansion of both remote and hybrid workplaces brings new opportunities to organizations, communities, and individuals. Our work styles have transformed. And now more than ever, employees need simple, intuitive user experiences to collaborate and stay productive, wherever work happens. But the expansion of access and ability to work anywhere has also introduced new threats and risks. According to data from the Microsoft commissioned Security Signals report, 75% of security decision-makers at the vice-president level and above feel the move to hybrid work leaves their organization more vulnerable to security threats. And [Microsoft's 2022 Work Trend Index](https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/) shows "cybersecurity issues and risks" are top concerns for business decisions makers, who worry about issues like malware, stolen credentials, devices that lack security updates, and physical attacks on lost or stolen devices.
 
-## How Windows 11 enables zero-trust protection
+## How Windows 11 enables Zero Trust protection
 
-A zero-trust security model gives the right people the right access at the right time. Zero-trust security is based on three principles:
+A Zero Trust security model gives the right people the right access at the right time. Zero Trust security is based on three principles:
 
 1. Reduce risk by explicitly verifying data points such as user identity, location, and device health for every access request, without exception
 2. When verified, give people and devices access to only necessary resources for the necessary amount of time
 3. Use continuous analytics to drive threat detection and improve defenses
 
-You should continue to strengthen your zero-trust posture as well. To improve threat detection and defenses, verify end-to-end encryption and use analytics to gain visibility.
+You should continue to strengthen your Zero Trust posture as well. To improve threat detection and defenses, verify end-to-end encryption and use analytics to gain visibility.
 
-For Windows 11, the zero-trust principle of *verify explicitly* applies to risks introduced by both devices and people. Windows 11 provides chip-to-cloud security, enabling IT administrators to implement strong authorization and authentication processes with tools such as our premier solution Windows Hello for Business. IT administrators also gain attestation and measurements for determining if a device meets requirements and can be trusted. In addition, Windows 11 works out-of-the-box with Microsoft Endpoint Manager and Azure Active Directory, so access decisions and enforcement are seamless. Plus, IT administrators can easily customize Windows 11 to meet specific user and policy requirements for access, privacy, compliance, and more.
+For Windows 11, the Zero Trust principle of *verify explicitly* applies to risks introduced by both devices and people. Windows 11 provides chip-to-cloud security, enabling IT administrators to implement strong authorization and authentication processes with tools such as our premier solution Windows Hello for Business. IT administrators also gain attestation and measurements for determining if a device meets requirements and can be trusted. In addition, Windows 11 works out-of-the-box with Microsoft Endpoint Manager and Azure Active Directory, so access decisions and enforcement are seamless. Plus, IT administrators can easily customize Windows 11 to meet specific user and policy requirements for access, privacy, compliance, and more.
 
 Individual users also benefit from powerful safeguards including new standards for hardware-based security and passwordless protection that help safeguard data and privacy.
 
diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md
index d6159d39a6..64a4233745 100644
--- a/windows/security/zero-trust-windows-device-health.md
+++ b/windows/security/zero-trust-windows-device-health.md
@@ -13,7 +13,7 @@ ms.date: 12/31/2017
 ---
 
 # Zero Trust and Windows device health
-Organizations need a security model that more effectively adapts to the complexity of the modern work environment. IT admins need to embrace the hybrid workplace, while protecting people, devices, apps, and data wherever they’re located. Implementing a Zero Trust model for security helps address today's complex environments.
+Organizations need a security model that more effectively adapts to the complexity of the modern work environment. IT admins need to embrace the hybrid workplace, while protecting people, devices, apps, and data wherever they're located. Implementing a Zero Trust model for security helps address today's complex environments.
 
 The [Zero Trust](https://www.microsoft.com/security/business/zero-trust) principles are:
 
@@ -27,12 +27,12 @@ The Zero Trust concept of **verify explicitly** applies to the risks introduced
 
 [Conditional access](/azure/active-directory/conditional-access/overview) evaluates identity signals to confirm that users are who they say they are before they're granted access to corporate resources. 
 
-Windows 11 supports device health attestation, helping to confirm that devices are in a good state and haven't been tampered with. This capability helps users access corporate resources whether they’re in the office, at home, or when they’re traveling.
+Windows 11 supports device health attestation, helping to confirm that devices are in a good state and haven't been tampered with. This capability helps users access corporate resources whether they're in the office, at home, or when they're traveling.
 
 Attestation helps verify the identity and status of essential components and that the device, firmware, and boot process haven't been altered. Information about the firmware, boot process, and software, is used to validate the security state of the device. This information is cryptographically stored in the security co-processor Trusted Platform Module (TPM). Once the device is attested, it can be granted access to resources.
 
 ## Device health attestation on Windows
- Many security risks can emerge during the boot process as this process can be the most privileged component of the whole system. The verification process uses remote attestation as the secure channel to determine and present the device’s health. Remote attestation determines:
+ Many security risks can emerge during the boot process as this process can be the most privileged component of the whole system. The verification process uses remote attestation as the secure channel to determine and present the device's health. Remote attestation determines:
 
 - If the device can be trusted
 - If the operating system booted correctly

From d1468452849027666f4fdbab6dda872e9e6790de Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Fri, 5 May 2023 08:17:19 -0400
Subject: [PATCH 071/107] removed and redirected article

---
 .openpublishing.redirection.json              |  5 ++++
 .../security/information-protection/index.md  | 24 -------------------
 .../data-protection/toc.yml                   |  4 ++--
 3 files changed, 7 insertions(+), 26 deletions(-)
 delete mode 100644 windows/security/information-protection/index.md

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 49135c37f0..c2fb4c8e6c 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -20809,6 +20809,11 @@
       "source_path": "store-for-business/sign-up-microsoft-store-for-business.md",
       "redirect_url": "/microsoft-store",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "security/information-protection/index.md",
+      "redirect_url": "/security/encryption-data-protection",
+      "redirect_document_id": false
     }
   ]
 }
diff --git a/windows/security/information-protection/index.md b/windows/security/information-protection/index.md
deleted file mode 100644
index f84702dd1c..0000000000
--- a/windows/security/information-protection/index.md
+++ /dev/null
@@ -1,24 +0,0 @@
----
-title: Information protection (Windows 10)
-description: Learn more about how to protect sensitive data across your organization.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 03/09/2023
-ms.technology: itpro-security
----
-
-# Information protection
-
-Learn more about how to secure documents and other data across your organization.
-
-| Section | Description |
-|-|-|
-| [BitLocker](bitlocker/bitlocker-overview.md)| Provides information about BitLocker, which is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. |
-| [Encrypted Hard Drive](encrypted-hard-drive.md)| Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. |
-| [Kernel DMA Protection](kernel-dma-protection-for-thunderbolt.md)| Kernel DMA Protection protects PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to PCI accessible ports, such as Thunderbolt&trade; 3 ports. |
-| [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection/protect-enterprise-data-using-wip.md)|Provides info about how to create a Windows Information Protection policy that can help protect against potential corporate data leakage.|
-| [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)| Windows 10 supports features to help prevent rootkits and bootkits from loading during the startup process. |
-| [Trusted Platform Module](tpm/trusted-platform-module-top-node.md)| Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that helps you with actions such as generating, storing, and limiting the use of cryptographic keys.  |
diff --git a/windows/security/operating-system-security/data-protection/toc.yml b/windows/security/operating-system-security/data-protection/toc.yml
index bd7afea8da..56500215a0 100644
--- a/windows/security/operating-system-security/data-protection/toc.yml
+++ b/windows/security/operating-system-security/data-protection/toc.yml
@@ -99,8 +99,8 @@ items:
       href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md
     - name: Disable allowing users to select when a password is required when resuming from connected standby for PDE
       href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md
-  - name: Configure S/MIME for Windows
-    href: ../../identity-protection/configure-s-mime.md
+- name: Configure S/MIME for Windows
+  href: ../../identity-protection/configure-s-mime.md
 - name: Windows Information Protection (WIP)
   href: ../../information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
   items:

From 7490ae825b0f8c7bc35d17f17a579ea4770da584 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Fri, 5 May 2023 08:27:41 -0400
Subject: [PATCH 072/107] updates

---
 .openpublishing.redirection.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index c2fb4c8e6c..e51c5d4efc 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -20811,8 +20811,8 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "security/information-protection/index.md",
-      "redirect_url": "/security/encryption-data-protection",
+      "source_path": "windows/security/information-protection/index.md",
+      "redirect_url": "/windows/security/encryption-data-protection",
       "redirect_document_id": false
     }
   ]

From 601c36224d3237f75b4268df0b22369d09085088 Mon Sep 17 00:00:00 2001
From: "Steve DiAcetis (MSFT)"
 <52939067+SteveDiAcetis@users.noreply.github.com>
Date: Fri, 5 May 2023 12:14:42 -0700
Subject: [PATCH 073/107] Update media-dynamic-update.md

Small edits on copy code.
---
 windows/deployment/update/media-dynamic-update.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md
index b28c4a6975..fcc83b1ea0 100644
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@@ -420,11 +420,11 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
     if ($IMAGE.ImageIndex -eq "2") {
 
         # Save setup.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder
-        Copy-Item -Path $WINPE_MOUNT"\sources\setup.exe" -Destination $WORKING_PATH"\setup.exe" -Force -Recurse -ErrorAction stop | Out-Null
+        Copy-Item -Path $WINPE_MOUNT"\sources\setup.exe" -Destination $WORKING_PATH"\setup.exe" -Force -ErrorAction stop | Out-Null
         
         # Save serviced boot manager files later copy to the root media.
-        Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgfw.efi" -Destination $WORKING_PATH"\bootmgfw.efi" -Force -Recurse -ErrorAction stop | Out-Null
-        Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgr.efi" -Destination $WORKING_PATH"\bootmgr.efi" -Force -Recurse -ErrorAction stop | Out-Null
+        Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgfw.efi" -Destination $WORKING_PATH"\bootmgfw.efi" -Force -ErrorAction stop | Out-Null
+        Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgr.efi" -Destination $WORKING_PATH"\bootmgr.efi" -Force -ErrorAction stop | Out-Null
     
     }
         
@@ -565,12 +565,12 @@ Foreach ($File in $MEDIA_NEW_FILES){
         ($File.Name -ieq "bootaa64.efi")) 
     {
         Write-Output "$(Get-TS): Copying $WORKING_PATH\bootmgfw.efi to $($File.FullName)"
-        Copy-Item -Path $WORKING_PATH"\bootmgfw.efi" -Destination $File.FullName -Force -Recurse -ErrorAction stop | Out-Null
+        Copy-Item -Path $WORKING_PATH"\bootmgfw.efi" -Destination $File.FullName -Force -ErrorAction stop | Out-Null
     }
     elseif ($File.Name -ieq "bootmgr.efi") 
     {
         Write-Output "$(Get-TS): Copying $WORKING_PATH\bootmgr.efi to $($File.FullName)"
-        Copy-Item -Path $WORKING_PATH"\bootmgr.efi" -Destination $File.FullName -Force -Recurse -ErrorAction stop | Out-Null
+        Copy-Item -Path $WORKING_PATH"\bootmgr.efi" -Destination $File.FullName -Force -ErrorAction stop | Out-Null
     }
 }
 

From c741449916f8bae8da2d59f7c9106e63b10cf887 Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Fri, 5 May 2023 16:38:41 -0400
Subject: [PATCH 074/107] Add tamper protection note to Defender CSP

---
 windows/client-management/mdm/defender-csp.md |  2 ++
 ...icy-csp-admx-microsoftdefenderantivirus.md | 30 +++++++++++++++++++
 .../mdm/policy-csp-defender.md                | 24 +++++++++++++++
 3 files changed, 56 insertions(+)

diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 7550924275..a036a0332b 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -2212,6 +2212,8 @@ Tamper protection helps protect important security features from unwanted change
 
 <!-- Device-Configuration-TamperProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- Device-Configuration-TamperProtection-Editable-End -->
 
 <!-- Device-Configuration-TamperProtection-DFProperties-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index 07eef1894d..0a138841a5 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -115,6 +115,8 @@ Enabling or disabling this policy may lead to unexpected or unsupported behavior
 
 <!-- DisableAntiSpywareDefender-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- DisableAntiSpywareDefender-Editable-End -->
 
 <!-- DisableAntiSpywareDefender-DFProperties-Begin -->
@@ -244,6 +246,8 @@ Real-time Protection -> Do not enable the "Turn off real-time protection" policy
 
 <!-- DisableBlockAtFirstSeen-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- DisableBlockAtFirstSeen-Editable-End -->
 
 <!-- DisableBlockAtFirstSeen-DFProperties-Begin -->
@@ -366,6 +370,8 @@ Real-time protection consists of always-on scanning with file and process behavi
 
 <!-- DisableRealtimeMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- DisableRealtimeMonitoring-Editable-End -->
 
 <!-- DisableRealtimeMonitoring-DFProperties-Begin -->
@@ -426,6 +432,8 @@ This policy setting allows you to configure whether Microsoft Defender Antivirus
 
 <!-- DisableRoutinelyTakingAction-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- DisableRoutinelyTakingAction-Editable-End -->
 
 <!-- DisableRoutinelyTakingAction-DFProperties-Begin -->
@@ -482,6 +490,8 @@ This policy setting allows you specify a list of file types that should be exclu
 
 <!-- Exclusions_Extensions-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- Exclusions_Extensions-Editable-End -->
 
 <!-- Exclusions_Extensions-DFProperties-Begin -->
@@ -538,6 +548,8 @@ This policy setting allows you to disable scheduled and real-time scanning for f
 
 <!-- Exclusions_Paths-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- Exclusions_Paths-Editable-End -->
 
 <!-- Exclusions_Paths-DFProperties-Begin -->
@@ -594,6 +606,8 @@ This policy setting allows you to disable real-time scanning for any file opened
 
 <!-- Exclusions_Processes-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- Exclusions_Processes-Editable-End -->
 
 <!-- Exclusions_Processes-DFProperties-Begin -->
@@ -1577,6 +1591,8 @@ This policy setting allows you to configure behavior monitoring.
 
 <!-- RealtimeProtection_DisableBehaviorMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- RealtimeProtection_DisableBehaviorMonitoring-Editable-End -->
 
 <!-- RealtimeProtection_DisableBehaviorMonitoring-DFProperties-Begin -->
@@ -1637,6 +1653,8 @@ This policy setting allows you to configure scanning for all downloaded files an
 
 <!-- RealtimeProtection_DisableIOAVProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- RealtimeProtection_DisableIOAVProtection-Editable-End -->
 
 <!-- RealtimeProtection_DisableIOAVProtection-DFProperties-Begin -->
@@ -1697,6 +1715,8 @@ This policy setting allows you to configure monitoring for file and program acti
 
 <!-- RealtimeProtection_DisableOnAccessProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- RealtimeProtection_DisableOnAccessProtection-Editable-End -->
 
 <!-- RealtimeProtection_DisableOnAccessProtection-DFProperties-Begin -->
@@ -1817,6 +1837,8 @@ This policy setting allows you to configure process scanning when real-time prot
 
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-Editable-End -->
 
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-DFProperties-Begin -->
@@ -2540,6 +2562,8 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus enha
 
 <!-- Reporting_DisableEnhancedNotifications-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- Reporting_DisableEnhancedNotifications-Editable-End -->
 
 <!-- Reporting_DisableEnhancedNotifications-DFProperties-Begin -->
@@ -3069,6 +3093,8 @@ This policy setting allows you to configure scans for malicious software and unw
 
 <!-- Scan_DisableArchiveScanning-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- Scan_DisableArchiveScanning-Editable-End -->
 
 <!-- Scan_DisableArchiveScanning-DFProperties-Begin -->
@@ -5551,6 +5577,8 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus noti
 
 <!-- UX_Configuration_Notification_Suppress-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- UX_Configuration_Notification_Suppress-Editable-End -->
 
 <!-- UX_Configuration_Notification_Suppress-DFProperties-Begin -->
@@ -5609,6 +5637,8 @@ If you enable this setting AM UI won't show reboot notifications.
 
 <!-- UX_Configuration_SuppressRebootNotification-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- UX_Configuration_SuppressRebootNotification-Editable-End -->
 
 <!-- UX_Configuration_SuppressRebootNotification-DFProperties-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 1f26de308e..77b56fa11d 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -46,6 +46,8 @@ This policy setting allows you to configure scans for malicious software and unw
 
 <!-- AllowArchiveScanning-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowArchiveScanning-Editable-End -->
 
 <!-- AllowArchiveScanning-DFProperties-Begin -->
@@ -113,6 +115,8 @@ This policy setting allows you to configure behavior monitoring.
 
 <!-- AllowBehaviorMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowBehaviorMonitoring-Editable-End -->
 
 <!-- AllowBehaviorMonitoring-DFProperties-Begin -->
@@ -193,6 +197,8 @@ In Windows 10, Basic membership is no longer available, so setting the value to
 
 <!-- AllowCloudProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowCloudProtection-Editable-End -->
 
 <!-- AllowCloudProtection-DFProperties-Begin -->
@@ -457,6 +463,8 @@ Allows or disallows Windows Defender Intrusion Prevention functionality.
 
 <!-- AllowIntrusionPreventionSystem-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowIntrusionPreventionSystem-Editable-End -->
 
 <!-- AllowIntrusionPreventionSystem-DFProperties-Begin -->
@@ -510,6 +518,8 @@ This policy setting allows you to configure scanning for all downloaded files an
 
 <!-- AllowIOAVProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowIOAVProtection-Editable-End -->
 
 <!-- AllowIOAVProtection-DFProperties-Begin -->
@@ -577,6 +587,8 @@ This policy setting allows you to configure monitoring for file and program acti
 
 <!-- AllowOnAccessProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowOnAccessProtection-Editable-End -->
 
 <!-- AllowOnAccessProtection-DFProperties-Begin -->
@@ -640,6 +652,8 @@ Allows or disallows Windows Defender Realtime Monitoring functionality.
 
 <!-- AllowRealtimeMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowRealtimeMonitoring-Editable-End -->
 
 <!-- AllowRealtimeMonitoring-DFProperties-Begin -->
@@ -769,6 +783,8 @@ Allows or disallows Windows Defender Script Scanning functionality.
 
 <!-- AllowScriptScanning-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- AllowScriptScanning-Editable-End -->
 
 <!-- AllowScriptScanning-DFProperties-Begin -->
@@ -1891,6 +1907,8 @@ This policy setting allows you specify a list of file types that should be exclu
 
 <!-- ExcludedExtensions-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- ExcludedExtensions-Editable-End -->
 
 <!-- ExcludedExtensions-DFProperties-Begin -->
@@ -1945,6 +1963,8 @@ This policy setting allows you to disable scheduled and real-time scanning for f
 
 <!-- ExcludedPaths-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- ExcludedPaths-Editable-End -->
 
 <!-- ExcludedPaths-DFProperties-Begin -->
@@ -1999,6 +2019,8 @@ This policy setting allows you to disable real-time scanning for any file opened
 
 <!-- ExcludedProcesses-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
 <!-- ExcludedProcesses-Editable-End -->
 
 <!-- ExcludedProcesses-DFProperties-Begin -->
@@ -2790,6 +2812,8 @@ Valid remediation action values are:
 
 <!-- ThreatSeverityDefaultAction-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
 <!-- ThreatSeverityDefaultAction-Editable-End -->
 
 <!-- ThreatSeverityDefaultAction-DFProperties-Begin -->

From addc93c14d62045116049cd694bfaa1e628a88cc Mon Sep 17 00:00:00 2001
From: "Steve DiAcetis (MSFT)"
 <52939067+SteveDiAcetis@users.noreply.github.com>
Date: Fri, 5 May 2023 14:40:03 -0700
Subject: [PATCH 075/107] Update
 windows/deployment/update/media-dynamic-update.md

Co-authored-by: Meghan Stewart <33289333+mestew@users.noreply.github.com>
---
 windows/deployment/update/media-dynamic-update.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md
index fcc83b1ea0..b611f235f1 100644
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@@ -539,7 +539,7 @@ Move-Item -Path $WORKING_PATH"\install2.wim" -Destination $MEDIA_NEW_PATH"\sourc
 
 ### Update remaining media files
 
-This part of the script updates the Setup files. It simply copies the individual files in the Setup Dynamic Update package to the new media. This step brings an updated Setup files as needed, along with the latest compatibility database, and replacement component manifests. This script also does a final replacement of setup.exe and boot manager files using the previously saved versions from WinPE.
+This part of the script updates the Setup files. It simply copies the individual files in the Setup Dynamic Update package to the new media. This step brings in updated Setup files as needed, along with the latest compatibility database, and replacement component manifests. This script also does a final replacement of setup.exe and boot manager files using the previously saved versions from WinPE.
 
 ```powershell
 #

From 52888f92d925ebe9152107b0d8d4875a9c33c77a Mon Sep 17 00:00:00 2001
From: "Steve DiAcetis (MSFT)"
 <52939067+SteveDiAcetis@users.noreply.github.com>
Date: Fri, 5 May 2023 14:40:25 -0700
Subject: [PATCH 076/107] Update
 windows/deployment/update/media-dynamic-update.md

Co-authored-by: Meghan Stewart <33289333+mestew@users.noreply.github.com>
---
 windows/deployment/update/media-dynamic-update.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md
index b611f235f1..1fa2b50c6f 100644
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@@ -301,7 +301,7 @@ Move-Item -Path $WORKING_PATH"\winre2.wim" -Destination $WORKING_PATH"\winre.wim
 
 ### Update WinPE
 
-This script is similar to the one that updates WinRE, but instead it mounts Boot.wim, applies the packages with the latest cumulative update last, and saves. It repeats this for all images inside of Boot.wim, typically two images. It starts by applying the servicing stack Dynamic Update. Since the script is customizing this media with Japanese, it installs the language pack from the WinPE folder on the language pack ISO. Additionally, add font support and text to speech (TTS) support. Since the script is adding a new language, it rebuilds lang.ini, used to identify languages installed in the image. For the second image, we'll save setup.exe for later use, to ensure this version matches the \sources\setup.exe version from the installation media. If these binaries are not identical, Windows Setup will fail during installation. We'll also save serviced boot manager files for later use in the script. Finally, it cleans and exports Boot.wim, and copies it back to the new media.
+This script is similar to the one that updates WinRE, but instead it mounts Boot.wim, applies the packages with the latest cumulative update last, and saves. It repeats this for all images inside of Boot.wim, typically two images. It starts by applying the servicing stack Dynamic Update. Since the script is customizing this media with Japanese, it installs the language pack from the WinPE folder on the language pack ISO. Additionally, it adds font support and text to speech (TTS) support. Since the script is adding a new language, it rebuilds lang.ini, used to identify languages installed in the image. For the second image, we'll save setup.exe for later use, to ensure this version matches the \sources\setup.exe version from the installation media. If these binaries are not identical, Windows Setup will fail during installation. We'll also save the serviced boot manager files for later use in the script. Finally, the script cleans and exports Boot.wim, and copies it back to the new media.
 
 ```powershell
 #

From 355de9f8b9066eff923416011eea5d063493decb Mon Sep 17 00:00:00 2001
From: Andre Della Monica <andredm@microsoft.com>
Date: Fri, 5 May 2023 18:01:21 -0500
Subject: [PATCH 077/107] Changes

---
 .../windows-autopatch-groups-manage-autopatch-groups.md   | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
index 2eed6eee26..3829c25f13 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
@@ -127,7 +127,7 @@ You **can’t** delete the Default Autopatch group. However, you can delete a Cu
 
 > [!IMPORTANT]
 > The Windows Autopatch groups functionaliy is in **public preview**. This feature is being actively developed and not all device conflict detection and resolution scenarios are working as expected.
-> Fore more information on what to expect for this scenario during public preview, see [Known issues](#known-issues).
+> For more information on what to expect for this scenario during public preview, see [Known issues](#known-issues).
 
 Overlap in device membership is a common scenario when working with device-based Azure AD groups since sometimes dynamic queries can be large in scope or the same assigned device membership can be used across different Azure AD groups.
 
@@ -190,6 +190,12 @@ The Windows Autopatch team is aware that all device conflict scenarios listed be
 - Device conflict detection and resolution within an Autopatch group.
 - Custom to Cstom Autopatch group device conflict detection.
 
+> [!TIP]
+> Follow these two best practices to minimize device conflict scenarios when using Autopatch groups during the public preview:
+> 
+> - Review your software update deployment requirements thoroughly, and if your deployment requirements allow, try using the default Autopatch group as much as possible, instead of start creating custom Autopatch groups. You can customize the default Autopatch to have up to 15 deployment rings, and using your existing device-based Azure AD groups with custom update deployment cadences.
+> - If creating custom Autopatch groups, try to avoid using device-based Azure AD groups that have device membership overlaps with the devices that are already registered with the Windows Autopatch service, and already belong to the default Autopatch group.
+
 ### Autopatch group Azure AD group remediator
 
 - **Status: Active**

From 3d125559793f81b405514f2e77a1da2225379cd9 Mon Sep 17 00:00:00 2001
From: Andre Della Monica <andredm@microsoft.com>
Date: Fri, 5 May 2023 18:06:44 -0500
Subject: [PATCH 078/107] Changes

---
 .../deploy/windows-autopatch-groups-manage-autopatch-groups.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
index 3829c25f13..44b449f3c7 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
@@ -191,7 +191,7 @@ The Windows Autopatch team is aware that all device conflict scenarios listed be
 - Custom to Cstom Autopatch group device conflict detection.
 
 > [!TIP]
-> Follow these two best practices to minimize device conflict scenarios when using Autopatch groups during the public preview:
+> Follow these two best practices to help minimize device conflict scenarios when using Autopatch groups during the public preview:
 > 
 > - Review your software update deployment requirements thoroughly, and if your deployment requirements allow, try using the default Autopatch group as much as possible, instead of start creating custom Autopatch groups. You can customize the default Autopatch to have up to 15 deployment rings, and using your existing device-based Azure AD groups with custom update deployment cadences.
 > - If creating custom Autopatch groups, try to avoid using device-based Azure AD groups that have device membership overlaps with the devices that are already registered with the Windows Autopatch service, and already belong to the default Autopatch group.

From 15902826a416b3d028c8700c20530a21a3c56359 Mon Sep 17 00:00:00 2001
From: Andre Della Monica <andredm@microsoft.com>
Date: Fri, 5 May 2023 18:10:13 -0500
Subject: [PATCH 079/107] Changes

---
 .../deploy/windows-autopatch-groups-manage-autopatch-groups.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
index 44b449f3c7..0e01af10eb 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
@@ -193,7 +193,7 @@ The Windows Autopatch team is aware that all device conflict scenarios listed be
 > [!TIP]
 > Follow these two best practices to help minimize device conflict scenarios when using Autopatch groups during the public preview:
 > 
-> - Review your software update deployment requirements thoroughly, and if your deployment requirements allow, try using the default Autopatch group as much as possible, instead of start creating custom Autopatch groups. You can customize the default Autopatch to have up to 15 deployment rings, and using your existing device-based Azure AD groups with custom update deployment cadences.
+> - Review your software update deployment requirements thoroughly, and if your deployment requirements allow, try using the default Autopatch group as much as possible, instead of start creating custom Autopatch groups. You can customize the default Autopatch to have up to 15 deployment rings, and you can use your existing device-based Azure AD groups with custom update deployment cadences.
 > - If creating custom Autopatch groups, try to avoid using device-based Azure AD groups that have device membership overlaps with the devices that are already registered with the Windows Autopatch service, and already belong to the default Autopatch group.
 
 ### Autopatch group Azure AD group remediator

From fbbfabfedf8683cdeec1e17abb883f1c0be754a1 Mon Sep 17 00:00:00 2001
From: Arnab Mitra <38724550+msarnabm@users.noreply.github.com>
Date: Sat, 6 May 2023 14:02:13 -0500
Subject: [PATCH 080/107] Fixing typo in Custom to Cstom

FYI @andredm7
---
 .../deploy/windows-autopatch-groups-manage-autopatch-groups.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
index 2eed6eee26..7776ca2706 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
@@ -188,7 +188,7 @@ The Windows Autopatch team is aware that all device conflict scenarios listed be
 
 - Default to Custom Autopatch device conflict detection and resolution.
 - Device conflict detection and resolution within an Autopatch group.
-- Custom to Cstom Autopatch group device conflict detection.
+- Custom to Custom Autopatch group device conflict detection.
 
 ### Autopatch group Azure AD group remediator
 

From 22df2b95142394eb5a351868331666903ad077da Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Mon, 8 May 2023 07:32:03 -0700
Subject: [PATCH 081/107] Update
 windows-autopatch-groups-manage-autopatch-groups.md

---
 .../windows-autopatch-groups-manage-autopatch-groups.md     | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
index 0e01af10eb..cb21c2f54e 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
@@ -191,10 +191,10 @@ The Windows Autopatch team is aware that all device conflict scenarios listed be
 - Custom to Cstom Autopatch group device conflict detection.
 
 > [!TIP]
-> Follow these two best practices to help minimize device conflict scenarios when using Autopatch groups during the public preview:
+> Use the following two best practices to help minimize device conflict scenarios when using Autopatch groups during the public preview:
 > 
-> - Review your software update deployment requirements thoroughly, and if your deployment requirements allow, try using the default Autopatch group as much as possible, instead of start creating custom Autopatch groups. You can customize the default Autopatch to have up to 15 deployment rings, and you can use your existing device-based Azure AD groups with custom update deployment cadences.
-> - If creating custom Autopatch groups, try to avoid using device-based Azure AD groups that have device membership overlaps with the devices that are already registered with the Windows Autopatch service, and already belong to the default Autopatch group.
+> - Review your software update deployment requirements thoroughly. If your deployment requirements allow, try using the Default Autopatch group as much as possible, instead of start creating Custom Autopatch groups. You can customize the Default Autopatch to have up to 15 deployment rings, and you can use your existing device-based Azure AD groups with custom update deployment cadences.
+> - If creating Custom Autopatch groups, try to avoid using device-based Azure AD groups that have device membership overlaps with the devices that are already registered with Windows Autopatch, and already belong to the Default Autopatch group.
 
 ### Autopatch group Azure AD group remediator
 

From a31e8268510c41b36197a9dc6c8ffaf3c117a694 Mon Sep 17 00:00:00 2001
From: Andre Della Monica <andredm@microsoft.com>
Date: Mon, 8 May 2023 11:03:42 -0500
Subject: [PATCH 082/107] More changes

---
 .../windows-autopatch-device-registration-overview.md      | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
index 3dab9cc693..0ef3ffa548 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
@@ -1,7 +1,7 @@
 ---
 title: Device registration overview
 description: This article provides an overview on how to register devices in Autopatch
-ms.date: 05/02/2023
+ms.date: 05/08/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -141,6 +141,9 @@ If your Autopatch groups have more than five deployment rings, and you must move
 
 If you want to move devices to different deployment rings (either service or software update-based), after Windows Autopatch's deployment ring assignment, you can repeat the following steps for one or more devices from the **Registered** tab.
 
+> [!IMPORTANT]
+> It's only supported to move devices in between deployment rings within the same Autopatch group. It's not supported to move devices in between deployment rings across different Autopatch groups, if you try to select a device that belongs to one Autopatch group, and another device that belongs to a different Autopatch group, you receive the following error message on the top right corner of the Microsoft Intune portal: "**An error occurred. Please select devices within the same Autopatch group**.
+
 **To move devices in between deployment rings:**
 
 > [!NOTE]
@@ -150,7 +153,7 @@ If you want to move devices to different deployment rings (either service or sof
 1. In the **Windows Autopatch** section, select **Devices**.
 1. In the **Registered** tab, select one or more devices you want to assign. All selected devices will be assigned to the deployment ring you specify.
 1. Select **Device actions** from the menu.
-1. Select **Assign device group**. A fly-in opens.
+1. Select **Assign ring**. A fly-in opens.
 1. Use the dropdown menu to select the deployment ring to move devices to, and then select Save. The Ring assigned by column will change to Pending.
 1. When the assignment is complete, the **Ring assigned by** column changes to Admin (which indicates that you made the change) and the **Ring** column shows the new deployment ring assignment.
 

From c116a6720781de1420d23e616e5f80fb1ca2a72a Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Mon, 8 May 2023 09:14:06 -0700
Subject: [PATCH 083/107] Update
 windows-autopatch-device-registration-overview.md

---
 .../deploy/windows-autopatch-device-registration-overview.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
index 0ef3ffa548..d36818f0fc 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
@@ -142,7 +142,7 @@ If your Autopatch groups have more than five deployment rings, and you must move
 If you want to move devices to different deployment rings (either service or software update-based), after Windows Autopatch's deployment ring assignment, you can repeat the following steps for one or more devices from the **Registered** tab.
 
 > [!IMPORTANT]
-> It's only supported to move devices in between deployment rings within the same Autopatch group. It's not supported to move devices in between deployment rings across different Autopatch groups, if you try to select a device that belongs to one Autopatch group, and another device that belongs to a different Autopatch group, you receive the following error message on the top right corner of the Microsoft Intune portal: "**An error occurred. Please select devices within the same Autopatch group**.
+> You can only move devices in between deployment rings within the **same** Autopatch group. You can't move devices in between deployment rings across different Autopatch groups. If you try to select a device that belongs to one Autopatch group, and another device that belongs to a different Autopatch group, you receive the following error message on the top right corner of the Microsoft Intune portal: "**An error occurred. Please select devices within the same Autopatch group**.
 
 **To move devices in between deployment rings:**
 

From 47b2aa5ca820b19fb0f673690de097ee73c0e223 Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Mon, 8 May 2023 09:15:25 -0700
Subject: [PATCH 084/107] Update
 windows-autopatch-device-registration-overview.md

---
 .../deploy/windows-autopatch-device-registration-overview.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
index d36818f0fc..f511e6481b 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
@@ -142,7 +142,7 @@ If your Autopatch groups have more than five deployment rings, and you must move
 If you want to move devices to different deployment rings (either service or software update-based), after Windows Autopatch's deployment ring assignment, you can repeat the following steps for one or more devices from the **Registered** tab.
 
 > [!IMPORTANT]
-> You can only move devices in between deployment rings within the **same** Autopatch group. You can't move devices in between deployment rings across different Autopatch groups. If you try to select a device that belongs to one Autopatch group, and another device that belongs to a different Autopatch group, you receive the following error message on the top right corner of the Microsoft Intune portal: "**An error occurred. Please select devices within the same Autopatch group**.
+> You can only move devices in between deployment rings within the **same** Autopatch group. You can't move devices in between deployment rings across different Autopatch groups. If you try to select a device that belongs to one Autopatch group, and another device that belongs to a different Autopatch group, you'll receive the following error message on the top right corner of the Microsoft Intune portal: "**An error occurred. Please select devices within the same Autopatch group**.
 
 **To move devices in between deployment rings:**
 

From 0da0569ad6cac1af3d4c2b4866d7ce806f0c9df8 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 8 May 2023 12:32:07 -0400
Subject: [PATCH 085/107] caution text for Win11

---
 .../hello-for-business/feature-multifactor-unlock.md     | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
index c4e5d43423..7947712bea 100644
--- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
+++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
@@ -29,6 +29,11 @@ The policy setting has three components:
 
 ## Configure unlock factors
 
+> [!CAUTION]
+> On Windows 11, the group policy [DontDisplayLastUserName](/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name) or the [InteractiveLogon_DoNotDisplayLastSignedIn CSP](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#interactivelogon_donotdisplaylastsignedin) are known to interfere with the ability to use multi-factor unlock.
+>
+> Disabling the group policy DontDisplayLastUserName or changing the InteractiveLogon_DoNotDisplayLastSignedIn CSP to 0 will let you use multi-factor unlock.
+
 The **First unlock factor credential providers** and **Second unlock factor credential providers** portion of the policy setting each contain a comma separated list of credential providers.
 
 Supported credential providers include:
@@ -40,8 +45,8 @@ Supported credential providers include:
 |Facial Recognition| `{8AF662BF-65A0-4D0A-A540-A338A999D36F}`|
 |Trusted Signal<br>(Phone proximity, Network location) | `{27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}`|
 
->[!NOTE]
->Multifactor unlock does not support third-party credential providers or credential providers not listed in the above table.
+> [!NOTE]
+> Multifactor unlock does not support third-party credential providers or credential providers not listed in the above table.
 
 The default credential providers for the **First unlock factor credential provider** include:
 

From fd80eca0a4fe4a90c0807abf24212dd5fbd355bb Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 8 May 2023 12:37:33 -0400
Subject: [PATCH 086/107] caution text for Win11

---
 .../hello-for-business/feature-multifactor-unlock.md          | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
index 7947712bea..cf9c8484b0 100644
--- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
+++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
@@ -30,9 +30,7 @@ The policy setting has three components:
 ## Configure unlock factors
 
 > [!CAUTION]
-> On Windows 11, the group policy [DontDisplayLastUserName](/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name) or the [InteractiveLogon_DoNotDisplayLastSignedIn CSP](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#interactivelogon_donotdisplaylastsignedin) are known to interfere with the ability to use multi-factor unlock.
->
-> Disabling the group policy DontDisplayLastUserName or changing the InteractiveLogon_DoNotDisplayLastSignedIn CSP to 0 will let you use multi-factor unlock.
+> On Windows 11, when the [DontDisplayLastUserName](/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name) security policy is enabled, it is known to interfere with the ability to use multi factor unlock.
 
 The **First unlock factor credential providers** and **Second unlock factor credential providers** portion of the policy setting each contain a comma separated list of credential providers.
 

From e33939cd55a83816ad0b57d7edbbc81a705ced07 Mon Sep 17 00:00:00 2001
From: tiaraquan <tiaraquan@microsoft.com>
Date: Mon, 8 May 2023 10:10:10 -0700
Subject: [PATCH 087/107] fixed links

---
 .../operate/windows-autopatch-device-alerts.md                | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md
index 789a3b23e3..b1a830efeb 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md
@@ -58,12 +58,12 @@ Alert resolutions are provided through the Windows Update service and provide th
 | `DeviceRegistrationInvalidGlobalDeviceId` | The device isn't able to register or authenticate properly with Windows Update because of an invalid Global Device ID. |The Windows Update service has reported that the MSA Service may be disabled preventing Global Device ID assignment.<p>Check that the MSA Service is running or able to run on device.</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
 | `DeviceRegistrationIssue` | The device isn't able to register or authenticate properly with Windows Update. | The Windows Update service has reported a device registration issue.<p>For more information, see [Windows Autopatch post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
 | `DeviceRegistrationNoTrustType` | The device isn't able to register or authenticate properly with Windows Update because it can't establish Trust. | The Windows Update service has reported a device registration issue.<p>For more information, see [Windows Autopatch post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `DiskFull` | The installation couldn't be completed because the Windows partition is full. | The Windows Update service has reported there's insufficient disk space to perform the update. Free up disk space on the Windows partition and retry the installation.<p>For more information, see [Free up space for Windows Updates](/windows/free-up-space-for-windows-updates-429b12ba-f514-be0b-4924-ca6d16fa1d65#:~:text=Here%E2%80%99s%20how%20to%20get%20more%20storage%20space%20on,to%20Windows%20needs%20space%20to%20update.%20More%20items).</p> |
+| `DiskFull` | The installation couldn't be completed because the Windows partition is full. | The Windows Update service has reported there's insufficient disk space to perform the update. Free up disk space on the Windows partition and retry the installation.<p>For more information, see [Free up space for Windows Updates](https://support.microsoft.com/windows/free-up-space-for-windows-updates-429b12ba-f514-be0b-4924-ca6d16fa1d65).</p> |
 | `DownloadCancelled` | Windows Update couldn't download the update because the update server stopped the connection. | The Windows Update service has reported an issue with your update server. Validate your network is working and retry the download. If the alert persists, review your network configuration to make sure that this computer can access the internet.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).</p> |
 | `DownloadConnectionIssue` | Windows Update couldn't connect to the update server and the update couldn't download. | The Windows Update service has reported an issue connecting to Windows Update. Review your network configuration, and to make sure that this computer can access the internet and Windows Update Online.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
 | `DownloadCredentialsIssue` | Windows Update couldn't download the file because the Background Intelligent Transfer Service (BITS) couldn't connect to the internet. A proxy server or firewall on your network might require credentials. | The Windows Update service Windows has reported it failed to connect to Windows Updates. This can often be an issue with an Application Gateway or HTTP proxy, or an issue on the client. Retry the download.<p>Review your network configuration to make sure that this computer can access the internet. Validate and/or allowlist Windows Update and Delivery Optimization endpoint.</p><p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
 | `DownloadIssue` | There was an issue downloading the update. | The Windows Update service has reported it failed to connect to Windows Updates. This can often be an issue with an Application Gateway or HTTP proxy, or an issue on the client.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `DownloadIssueServiceDisabled` | There was a problem with the Background Intelligent Transfer Service (BITS). The BITS service or a service it depends on might be disabled. | The Windows Updates service has reported that the BITS service is disabled. In the local client services, make sure that the Background Intelligent Transfer Service is enabled. If the service isn't running, try starting it manually. For more information, see [Issues with BITS](/security-updates/WindowsUpdateServices/18127392).<p>If it will not start, check the event log for errors or [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `DownloadIssueServiceDisabled` | There was a problem with the Background Intelligent Transfer Service (BITS). The BITS service or a service it depends on might be disabled. | The Windows Updates service has reported that the BITS service is disabled. In the local client services, make sure that the Background Intelligent Transfer Service is enabled. If the service isn't running, try starting it manually. For more information, see [Issues with BITS](https://learn.microsoft.com/security-updates/WindowsUpdateServices/18127392).<p>If it will not start, check the event log for errors or [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
 | `DownloadTimeout` | A timeout occurred while Windows tried to contact the update service or the server containing the update's payload. | The Windows Update service has reported it attempted to download the payload and the connection timed out.<p>Retry downloading the payload. If not successful, review your network configuration to make sure that this computer can access the internet.</p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5). |
 | `EndOfService` | The device is on a version of Windows that has passed its end of service date. | Windows Update service has reported the current version is past End of Service. Update device to a version that is currently serviced in [Feature update overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md).<p>For more information on OS versioning, see [Windows 10 release information](/windows/release-health/release-information).</p> |
 | `EndOfServiceApproaching` | The device is on a version of Windows that is approaching its end of service date. | Update device to a version that is currently serviced in [Feature update overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md).<p>For more information on OS versioning, see [Windows 10 release information](/windows/release-health/release-information).</p> |

From 86b74f0c7b421f00e3c4351f7536ef74d877e33d Mon Sep 17 00:00:00 2001
From: tiaraquan <tiaraquan@microsoft.com>
Date: Mon, 8 May 2023 11:34:45 -0700
Subject: [PATCH 088/107] Buh :poop: need :coffee:

---
 .../operate/windows-autopatch-device-alerts.md                | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md
index b1a830efeb..fe0551604d 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md
@@ -61,9 +61,9 @@ Alert resolutions are provided through the Windows Update service and provide th
 | `DiskFull` | The installation couldn't be completed because the Windows partition is full. | The Windows Update service has reported there's insufficient disk space to perform the update. Free up disk space on the Windows partition and retry the installation.<p>For more information, see [Free up space for Windows Updates](https://support.microsoft.com/windows/free-up-space-for-windows-updates-429b12ba-f514-be0b-4924-ca6d16fa1d65).</p> |
 | `DownloadCancelled` | Windows Update couldn't download the update because the update server stopped the connection. | The Windows Update service has reported an issue with your update server. Validate your network is working and retry the download. If the alert persists, review your network configuration to make sure that this computer can access the internet.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).</p> |
 | `DownloadConnectionIssue` | Windows Update couldn't connect to the update server and the update couldn't download. | The Windows Update service has reported an issue connecting to Windows Update. Review your network configuration, and to make sure that this computer can access the internet and Windows Update Online.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `DownloadCredentialsIssue` | Windows Update couldn't download the file because the Background Intelligent Transfer Service (BITS) couldn't connect to the internet. A proxy server or firewall on your network might require credentials. | The Windows Update service Windows has reported it failed to connect to Windows Updates. This can often be an issue with an Application Gateway or HTTP proxy, or an issue on the client. Retry the download.<p>Review your network configuration to make sure that this computer can access the internet. Validate and/or allowlist Windows Update and Delivery Optimization endpoint.</p><p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `DownloadCredentialsIssue` | Windows Update couldn't download the file because the Background Intelligent Transfer Service ([BITS](/windows/win32/bits/about-bits)) couldn't connect to the internet. A proxy server or firewall on your network might require credentials. | The Windows Update service Windows has reported it failed to connect to Windows Updates. This can often be an issue with an Application Gateway or HTTP proxy, or an issue on the client. Retry the download.<p>Review your network configuration to make sure that this computer can access the internet. Validate and/or allowlist Windows Update and Delivery Optimization endpoint.</p><p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
 | `DownloadIssue` | There was an issue downloading the update. | The Windows Update service has reported it failed to connect to Windows Updates. This can often be an issue with an Application Gateway or HTTP proxy, or an issue on the client.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
-| `DownloadIssueServiceDisabled` | There was a problem with the Background Intelligent Transfer Service (BITS). The BITS service or a service it depends on might be disabled. | The Windows Updates service has reported that the BITS service is disabled. In the local client services, make sure that the Background Intelligent Transfer Service is enabled. If the service isn't running, try starting it manually. For more information, see [Issues with BITS](https://learn.microsoft.com/security-updates/WindowsUpdateServices/18127392).<p>If it will not start, check the event log for errors or [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
+| `DownloadIssueServiceDisabled` | There was a problem with the Background Intelligent Transfer Service (BITS). The BITS service or a service it depends on might be disabled. | The Windows Updates service has reported that the BITS service is disabled. In the local client services, make sure that the Background Intelligent Transfer Service is enabled. If the service isn't running, try starting it manually. For more information, see [Issues with BITS](/windows/win32/bits/about-bits).<p>If it will not start, check the event log for errors or [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
 | `DownloadTimeout` | A timeout occurred while Windows tried to contact the update service or the server containing the update's payload. | The Windows Update service has reported it attempted to download the payload and the connection timed out.<p>Retry downloading the payload. If not successful, review your network configuration to make sure that this computer can access the internet.</p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5). |
 | `EndOfService` | The device is on a version of Windows that has passed its end of service date. | Windows Update service has reported the current version is past End of Service. Update device to a version that is currently serviced in [Feature update overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md).<p>For more information on OS versioning, see [Windows 10 release information](/windows/release-health/release-information).</p> |
 | `EndOfServiceApproaching` | The device is on a version of Windows that is approaching its end of service date. | Update device to a version that is currently serviced in [Feature update overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md).<p>For more information on OS versioning, see [Windows 10 release information](/windows/release-health/release-information).</p> |

From 81fef4d3a1a6fb7451285755c1b6b51066205b5b Mon Sep 17 00:00:00 2001
From: Annie Bader <131500875+anniebader@users.noreply.github.com>
Date: Mon, 8 May 2023 12:36:16 -0700
Subject: [PATCH 089/107] Learn Editor: Update
 policies-in-policy-csp-supported-by-hololens2.md

---
 ...es-in-policy-csp-supported-by-hololens2.md | 38 +++++++++++--------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index 11a4bb0c2c..b34efa313a 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -24,14 +24,15 @@ ms.date: 02/03/2023
 - [Authentication/PreferredAadTenantDomainName](policy-csp-authentication.md#preferredaadtenantdomainname)
 - [Bluetooth/AllowDiscoverableMode](policy-csp-bluetooth.md#allowdiscoverablemode)
 - [Bluetooth/LocalDeviceName](policy-csp-bluetooth.md#localdevicename)
-- [Browser/AllowAutofill](policy-csp-browser.md#allowautofill)
-- [Browser/AllowCookies](policy-csp-browser.md#allowcookies)
-- [Browser/AllowDoNotTrack](policy-csp-browser.md#allowdonottrack)
-- [Browser/AllowPasswordManager](policy-csp-browser.md#allowpasswordmanager)
-- [Browser/AllowPopups](policy-csp-browser.md#allowpopups)
-- [Browser/AllowSearchSuggestionsinAddressBar](policy-csp-browser.md#allowsearchsuggestionsinaddressbar)
-- [Browser/AllowSmartScreen](policy-csp-browser.md#allowsmartscreen)
+- [Browser/AllowAutofill](policy-csp-browser.md#allowautofill) <sup>13</sup>
+- [Browser/AllowCookies](policy-csp-browser.md#allowcookies) <sup>13</sup>
+- [Browser/AllowDoNotTrack](policy-csp-browser.md#allowdonottrack) <sup>13</sup>
+- [Browser/AllowPasswordManager](policy-csp-browser.md#allowpasswordmanager) <sup>13</sup>
+- [Browser/AllowPopups](policy-csp-browser.md#allowpopups) <sup>13</sup>
+- [Browser/AllowSearchSuggestionsinAddressBar](policy-csp-browser.md#allowsearchsuggestionsinaddressbar) <sup>13</sup>
+- [Browser/AllowSmartScreen](policy-csp-browser.md#allowsmartscreen) <sup>13</sup>
 - [Connectivity/AllowBluetooth](policy-csp-connectivity.md#allowbluetooth)
+- [Connectivity/AllowConnectedDevices](https://https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-connectivity#allowconnecteddevices) <sup>12</sup>
 - [Connectivity/AllowUSBConnection](policy-csp-connectivity.md#allowusbconnection)
 - [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#docachehost) <sup>10</sup>
 - [DeliveryOptimization/DOCacheHostSource](policy-csp-deliveryoptimization.md#docachehostsource) <sup>10</sup>
@@ -66,7 +67,6 @@ ms.date: 02/03/2023
 - [MixedReality/ConfigureNtpClient](./policy-csp-mixedreality.md#configurentpclient) <sup>12</sup>
 - [MixedReality/DisallowNetworkConnectivityPassivePolling](./policy-csp-mixedreality.md#disallownetworkconnectivitypassivepolling) <sup>12</sup>
 - [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#fallbackdiagnostics) <sup>9</sup>
-- [MixedReality/HeadTrackingMode](policy-csp-mixedreality.md#headtrackingmode) <sup>9</sup>
 - [MixedReality/ManualDownDirectionDisabled](policy-csp-mixedreality.md#manualdowndirectiondisabled) <sup>*[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update)</sup>
 - [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#microphonedisabled) <sup>9</sup>
 - [MixedReality/NtpClientEnabled](./policy-csp-mixedreality.md#ntpclientenabled) <sup>12</sup>
@@ -74,14 +74,13 @@ ms.date: 02/03/2023
 - [MixedReality/SkipTrainingDuringSetup](./policy-csp-mixedreality.md#skiptrainingduringsetup) <sup>12</sup>
 - [MixedReality/VisitorAutoLogon](policy-csp-mixedreality.md#visitorautologon) <sup>10</sup>
 - [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#volumebuttondisabled) <sup>9</sup>
-- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#displayofftimeoutonbattery) <sup>9</sup>
-- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#displayofftimeoutpluggedin) <sup>9</sup>
-- [Power/EnergySaverBatteryThresholdOnBattery](./policy-csp-power.md#energysaverbatterythresholdonbattery) <sup>9</sup>
-- [Power/EnergySaverBatteryThresholdPluggedIn](./policy-csp-power.md#energysaverbatterythresholdpluggedin) <sup>9</sup>
-- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#standbytimeoutonbattery) <sup>9</sup>
-- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#standbytimeoutpluggedin) <sup>9</sup>
+- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#displayofftimeoutonbattery) <sup>9, 14</sup>
+- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#displayofftimeoutpluggedin) <sup>9, 14</sup>
+- [Power/EnergySaverBatteryThresholdOnBattery](./policy-csp-power.md#energysaverbatterythresholdonbattery) <sup>9, 14</sup>
+- [Power/EnergySaverBatteryThresholdPluggedIn](./policy-csp-power.md#energysaverbatterythresholdpluggedin) <sup>9, 14</sup>
+- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#standbytimeoutonbattery) <sup>9, 14</sup>
+- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#standbytimeoutpluggedin) <sup>9, 14</sup>
 - [Privacy/AllowInputPersonalization](policy-csp-privacy.md#allowinputpersonalization)
-- [Privacy/DisablePrivacyExperience](./policy-csp-privacy.md#disableprivacyexperience) <sup>Insider</sup>
 - [Privacy/LetAppsAccessAccountInfo](policy-csp-privacy.md#letappsaccessaccountinfo)
 - [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](policy-csp-privacy.md#letappsaccessaccountinfo_forceallowtheseapps)
 - [Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps](policy-csp-privacy.md#letappsaccessaccountinfo_forcedenytheseapps)
@@ -99,6 +98,9 @@ ms.date: 02/03/2023
 - [Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps](policy-csp-privacy.md#letappsaccessgazeinput_forcedenytheseapps) <sup>8</sup>
 - [Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps](policy-csp-privacy.md#letappsaccessgazeinput_userincontroloftheseapps) <sup>8</sup>
 - [Privacy/LetAppsAccessLocation](policy-csp-privacy.md#letappsaccesslocation)
+- [Privacy/LetAppsAccessLocation_ForceAllowTheseApps](/windows/client-management/mdm/policy-csp-privacy) <sup>12</sup>
+- [Privacy/LetAppsAccessLocation_ForceDenyTheseApps](/windows/client-management/mdm/policy-csp-privacy) <sup>12</sup>
+- [Privacy/LetAppsAccessLocation_UserInControlOfTheseApps](/windows/client-management/mdm/policy-csp-privacy) <sup>12</sup>
 - [Privacy/LetAppsAccessMicrophone](policy-csp-privacy.md#letappsaccessmicrophone)
 - [Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps](policy-csp-privacy.md#letappsaccessmicrophone_forceallowtheseapps) <sup>8</sup>
 - [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](policy-csp-privacy.md#letappsaccessmicrophone_forcedenytheseapps) <sup>8</sup>
@@ -115,10 +117,11 @@ ms.date: 02/03/2023
 - [Storage/ConfigStorageSenseCloudContentDehydrationThreshold](policy-csp-storage.md#configstoragesensecloudcontentdehydrationthreshold) <sup>12</sup>
 - [Storage/ConfigStorageSenseDownloadsCleanupThreshold](policy-csp-storage.md#configstoragesensedownloadscleanupthreshold) <sup>12</sup>
 - [Storage/ConfigStorageSenseGlobalCadence](policy-csp-storage.md#configstoragesenseglobalcadence) <sup>12</sup>
-- [System/AllowCommercialDataPipeline](policy-csp-system.md#allowcommercialdatapipeline)
 - [System/AllowLocation](policy-csp-system.md#allowlocation)
 - [System/AllowStorageCard](policy-csp-system.md#allowstoragecard)
 - [System/AllowTelemetry](policy-csp-system.md#allowtelemetry)
+- [System/ConfigureTelemetryOptInSettingsUx](/windows/client-management/mdm/policy-csp-system) <sup>12</sup>
+- [System/DisableDeviceDelete](/windows/client-management/mdm/policy-csp-system) <sup>12</sup>
 - [TimeLanguageSettings/ConfigureTimeZone](./policy-csp-timelanguagesettings.md#configuretimezone) <sup>9</sup>
 - [Update/ActiveHoursEnd](./policy-csp-update.md#activehoursend) <sup>9</sup>
 - [Update/ActiveHoursMaxRange](./policy-csp-update.md#activehoursmaxrange) <sup>9</sup>
@@ -160,8 +163,11 @@ Footnotes:
 - 10 - Available in [Windows Holographic, version 21H1](/hololens/hololens-release-notes#windows-holographic-version-21h1)
 - 11 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2)
 - 12 - Available in [Windows Holographic, version 22H2](/hololens/hololens-release-notes#windows-holographic-version-22h2)
+- 13 - Refer to [Configuring Policy Settings for the New Microsoft Edge](https://https://learn.microsoft.com/en-us/hololens/hololens-new-edge#configuring-policy-settings-for-the-new-microsoft-edge)
+- 14 - Refer to [New Power Policies for Hololens 2](https://https://learn.microsoft.com/en-us/hololens/hololens-release-notes-2004#new-power-policies-for-hololens-2)
 - Insider - Available in our current [HoloLens Insider builds](/hololens/hololens-insider).
 
 ## Related topics
 
 [Policy CSP](policy-configuration-service-provider.md)
+

From db667fcb9396f62574b8831ad3b8ac307782ecb5 Mon Sep 17 00:00:00 2001
From: Annie Bader <131500875+anniebader@users.noreply.github.com>
Date: Mon, 8 May 2023 12:42:23 -0700
Subject: [PATCH 090/107] Learn Editor: Update
 policies-in-policy-csp-supported-by-hololens2.md

---
 .../mdm/policies-in-policy-csp-supported-by-hololens2.md       | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index b34efa313a..9b6055ecd4 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -171,3 +171,6 @@ Footnotes:
 
 [Policy CSP](policy-configuration-service-provider.md)
 
+[Full HoloLens CSP Details](/windows/client-management/mdm/configuration-service-provider-support)
+
+

From 8b8fbb16765546f6a0a38cf7274939cf5bc4ca2a Mon Sep 17 00:00:00 2001
From: Annie Bader <131500875+anniebader@users.noreply.github.com>
Date: Mon, 8 May 2023 12:43:53 -0700
Subject: [PATCH 091/107] Learn Editor: Update
 policies-in-policy-csp-supported-by-hololens2.md

---
 .../mdm/policies-in-policy-csp-supported-by-hololens2.md         | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index 9b6055ecd4..5ba4ed05ed 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -174,3 +174,4 @@ Footnotes:
 [Full HoloLens CSP Details](/windows/client-management/mdm/configuration-service-provider-support)
 
 
+

From 80ba4de4b165cd4c195765b558d97ee0cddcb613 Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Mon, 8 May 2023 15:59:32 -0400
Subject: [PATCH 092/107] Update
 windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md

---
 .../mdm/policies-in-policy-csp-supported-by-hololens2.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index 5ba4ed05ed..db966de7af 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -163,7 +163,7 @@ Footnotes:
 - 10 - Available in [Windows Holographic, version 21H1](/hololens/hololens-release-notes#windows-holographic-version-21h1)
 - 11 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2)
 - 12 - Available in [Windows Holographic, version 22H2](/hololens/hololens-release-notes#windows-holographic-version-22h2)
-- 13 - Refer to [Configuring Policy Settings for the New Microsoft Edge](https://https://learn.microsoft.com/en-us/hololens/hololens-new-edge#configuring-policy-settings-for-the-new-microsoft-edge)
+- 13 - Refer to [Configuring Policy Settings for the New Microsoft Edge](/hololens/hololens-new-edge#configuring-policy-settings-for-the-new-microsoft-edge)
 - 14 - Refer to [New Power Policies for Hololens 2](https://https://learn.microsoft.com/en-us/hololens/hololens-release-notes-2004#new-power-policies-for-hololens-2)
 - Insider - Available in our current [HoloLens Insider builds](/hololens/hololens-insider).
 

From 3cb29ffa2375c7a0bf98683eaf8c96fa1178aba8 Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Mon, 8 May 2023 15:59:48 -0400
Subject: [PATCH 093/107] Update
 windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md

---
 .../mdm/policies-in-policy-csp-supported-by-hololens2.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index db966de7af..c3a72db09c 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -164,7 +164,7 @@ Footnotes:
 - 11 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2)
 - 12 - Available in [Windows Holographic, version 22H2](/hololens/hololens-release-notes#windows-holographic-version-22h2)
 - 13 - Refer to [Configuring Policy Settings for the New Microsoft Edge](/hololens/hololens-new-edge#configuring-policy-settings-for-the-new-microsoft-edge)
-- 14 - Refer to [New Power Policies for Hololens 2](https://https://learn.microsoft.com/en-us/hololens/hololens-release-notes-2004#new-power-policies-for-hololens-2)
+- 14 - Refer to [New Power Policies for Hololens 2](/hololens/hololens-release-notes-2004#new-power-policies-for-hololens-2)
 - Insider - Available in our current [HoloLens Insider builds](/hololens/hololens-insider).
 
 ## Related topics

From 8aa8bbea34b11a31827566968f1396a54d793b8b Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Mon, 8 May 2023 15:59:58 -0400
Subject: [PATCH 094/107] Update
 windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md

---
 .../mdm/policies-in-policy-csp-supported-by-hololens2.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index c3a72db09c..e45320b0b7 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -32,7 +32,7 @@ ms.date: 02/03/2023
 - [Browser/AllowSearchSuggestionsinAddressBar](policy-csp-browser.md#allowsearchsuggestionsinaddressbar) <sup>13</sup>
 - [Browser/AllowSmartScreen](policy-csp-browser.md#allowsmartscreen) <sup>13</sup>
 - [Connectivity/AllowBluetooth](policy-csp-connectivity.md#allowbluetooth)
-- [Connectivity/AllowConnectedDevices](https://https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-connectivity#allowconnecteddevices) <sup>12</sup>
+- [Connectivity/AllowConnectedDevices](policy-csp-connectivity.md#allowconnecteddevices) <sup>12</sup>
 - [Connectivity/AllowUSBConnection](policy-csp-connectivity.md#allowusbconnection)
 - [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#docachehost) <sup>10</sup>
 - [DeliveryOptimization/DOCacheHostSource](policy-csp-deliveryoptimization.md#docachehostsource) <sup>10</sup>

From 153d716a38947b658b06b610f784777e8e544609 Mon Sep 17 00:00:00 2001
From: yutoadachi <101614356+yut0adachi@users.noreply.github.com>
Date: Tue, 9 May 2023 18:54:07 +0900
Subject: [PATCH 095/107] Update hello-hybrid-cert-whfb-provision.md

The attached image on this document say "YES" about this step and the correct configuration is also like that. It needs to be corrected because it will cause confusion to readers.
---
 .../hello-for-business/hello-hybrid-cert-whfb-provision.md    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
index 629d9c561e..934a3f70de 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
@@ -139,7 +139,7 @@ To configure Windows Hello for Business using an *account protection* policy:
 1. Under *Block Windows Hello for Business*, select **Disabled** and multiple policies become available
     - These policies are optional to configure, but it's recommended to configure *Enable to use a Trusted Platform Module (TPM)* to **Yes**
     - For more information about these policies, see [MDM policy settings for Windows Hello for Business](hello-manage-in-organization.md#mdm-policy-settings-for-windows-hello-for-business)
-1. Under *Enable to certificate for on-premises resources*, select **Disabled** and multiple policies become available
+1. Under *Enable to certificate for on-premises resources*, select **YES**
 1. Select **Next**
 1. Optionally, add *scope tags* > **Next**
 1. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**
@@ -195,4 +195,4 @@ The certificate authority validates the certificate was signed by the registrati
 [MEM-3]: /mem/intune/configuration/custom-settings-configure
 [MEM-4]: /windows/client-management/mdm/passportforwork-csp
 [MEM-5]: /mem/intune/protect/endpoint-security-account-protection-policy
-[MEM-6]: /mem/intune/protect/identity-protection-configure
\ No newline at end of file
+[MEM-6]: /mem/intune/protect/identity-protection-configure

From becce49f2617608d16a276c0c351c7d5ffe94b18 Mon Sep 17 00:00:00 2001
From: yutoadachi <101614356+yut0adachi@users.noreply.github.com>
Date: Tue, 9 May 2023 19:08:24 +0900
Subject: [PATCH 096/107] Update hello-hybrid-cloud-kerberos-trust-provision.md

Some mistakes in this document. It needs to be corrected because it will cause confusion.
---
 .../hello-hybrid-cloud-kerberos-trust-provision.md            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md
index 1367cb8301..9cd071eac6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md
@@ -67,7 +67,7 @@ To configure Windows Hello for Business using an account protection policy:
 1. Under **Block Windows Hello for Business**, select **Disabled** and multiple policies become available.
     - These policies are optional to configure, but it's recommended to configure **Enable to use a Trusted Platform Module (TPM)** to **Yes**.
     - For more information about these policies, see [MDM policy settings for Windows Hello for Business](hello-manage-in-organization.md#mdm-policy-settings-for-windows-hello-for-business).
-1. Under **Enable to certificate for on-premises resources**, select **Disabled** and multiple policies become available.
+1. Under **Enable to certificate for on-premises resources**, select **Not configured**
 1. Select **Next**.
 1. Optionally, add **scope tags** and select **Next**.
 1. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**.
@@ -138,7 +138,7 @@ You can configure Windows Hello for Business cloud Kerberos trust using a Group
 ---
 
 > [!IMPORTANT]
-> If the **Use certificate for on-premises authentication** policy is enabled, certificate trust will take precedence over cloud Kerberos trust. Ensure that the machines that you want to enable cloud Kerberos trust have this policy **not configured** or **disabled**.
+> If the **Use certificate for on-premises authentication** policy is enabled, certificate trust will take precedence over cloud Kerberos trust. Ensure that the machines that you want to enable cloud Kerberos trust have this policy **not configured**.
 
 ## Provision Windows Hello for Business
 

From b4429a7875a53eb562c172b2212a4322bc843bb0 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Tue, 9 May 2023 10:03:34 -0700
Subject: [PATCH 097/107] Added notes about ECC crypto

---
 .../event-tag-explanations.md                 | 60 +++++++++----------
 .../operations/known-issues.md                | 10 +++-
 .../select-types-of-rules-to-create.md        | 11 ++--
 3 files changed, 44 insertions(+), 37 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
index 04be400ff9..cc7b86329f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
@@ -13,7 +13,7 @@ author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
-ms.date: 03/24/2023
+ms.date: 05/09/2023
 ms.technology: itpro-security
 ms.topic: article
 ---
@@ -62,35 +62,35 @@ Represents why verification failed, or if it succeeded.
 
 | VerificationError Value | Explanation |
 |---|----------|
-| 0 | Successfully verified signature |
-| 1 | File has an invalid hash |
-| 2 | File contains shared writable sections |
-| 3 | File isn't signed|
-| 4 | Revoked signature |
-| 5 | Expired signature |
-| 6 | File is signed using a weak hashing algorithm, which doesn't meet the minimum policy |
-| 7 | Invalid root certificate |
-| 8 | Signature was unable to be validated; generic error |
-| 9 | Signing time not trusted |
-| 10 | The file must be signed using page hashes for this scenario |
-| 11 | Page hash mismatch |
-| 12 | Not valid for a PPL (Protected Process Light) |
-| 13 | Not valid for a PP (Protected Process) |
-| 14 | The signature is missing the required ARM processor EKU |
-| 15 | Failed WHQL check |
-| 16 | Default policy signing level not met |
-| 17 | Custom policy signing level not met; returned when signature doesn't validate against an SBCP-defined set of certs |
-| 18 | Custom signing level not met; returned if signature fails to match `CISigners` in UMCI |
-| 19 | Binary is revoked based on its file hash |
-| 20 | SHA1 cert hash's timestamp is missing or after valid cutoff as defined by Weak Crypto Policy |
-| 21 | Failed to pass Windows Defender Application Control policy |
-| 22 | Not Isolated User Mode (IUM)) signed; indicates an attempt to load a non-trustlet binary into a trustlet |
-| 23 | Invalid image hash |
-| 24 | Flight root not allowed; indicates trying to run flight-signed code on production OS |
-| 25 | Anti-cheat policy violation |
-| 26 | Explicitly denied by WADC policy |
-| 27 | The signing chain appears to be tampered/invalid |
-| 28 | Resource page hash mismatch |
+| 0 | Successfully verified signature. |
+| 1 | File has an invalid hash. |
+| 2 | File contains shared writable sections. |
+| 3 | File isn't signed. |
+| 4 | Revoked signature. |
+| 5 | Expired signature. |
+| 6 | File is signed using a weak hashing algorithm, which doesn't meet the minimum policy. |
+| 7 | Invalid root certificate. |
+| 8 | Signature was unable to be validated; generic error. |
+| 9 | Signing time not trusted. |
+| 10 | The file must be signed using page hashes for this scenario. |
+| 11 | Page hash mismatch. |
+| 12 | Not valid for a PPL (Protected Process Light). |
+| 13 | Not valid for a PP (Protected Process). |
+| 14 | The signature is missing the required ARM processor EKU. |
+| 15 | Failed WHQL check. |
+| 16 | Default policy signing level not met. |
+| 17 | Custom policy signing level not met; returned when signature doesn't validate against an SBCP-defined set of certs. |
+| 18 | Custom signing level not met; returned if signature fails to match `CISigners` in UMCI. |
+| 19 | Binary is revoked based on its file hash. |
+| 20 | SHA1 cert hash's timestamp is missing or after valid cutoff as defined by Weak Crypto Policy. |
+| 21 | Failed to pass Windows Defender Application Control policy. |
+| 22 | Not Isolated User Mode (IUM)) signed; indicates an attempt to load a standard Windows binary into a virtualization-based security (VBS) trustlet. |
+| 23 | Invalid image hash. This error can indicate file corruption or a problem with the file's signature. Signatures using elliptic curve cryptography (ECC), such as ECDSA, return this VerificationError. |
+| 24 | Flight root not allowed; indicates trying to run flight-signed code on production OS. |
+| 25 | Anti-cheat policy violation. |
+| 26 | Explicitly denied by WADC policy. |
+| 27 | The signing chain appears to be tampered/invalid. |
+| 28 | Resource page hash mismatch. |
 
 ## Policy activation event Options
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md
index 0aa63e99f8..a9c0d42e86 100644
--- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md
+++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md
@@ -9,7 +9,7 @@ ms.reviewer: jogeurte
 ms.author: jogeurte
 ms.manager: jsuther
 manager: aaroncz
-ms.date: 04/04/2023
+ms.date: 05/09/2023
 ms.technology: itpro-security
 ms.topic: article
 ms.localizationpriority: medium
@@ -51,7 +51,7 @@ When the WDAC engine evaluates files against the active set of policies on the d
 
 1. Explicit deny rules - if any explicit deny rule exists for the file, it's blocked even if other rules are created to try to allow it. Deny rules can use any [rule level](/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create#windows-defender-application-control-file-rule-levels). Use the most specific rule level practical when creating deny rules to avoid blocking more than you intend.
 
-2. Explicit allow rules - if any explicit allow rul exists for the file, it's allowed by the policy.
+2. Explicit allow rules - if any explicit allow rule exists for the file, the file runs.
 
 3. WDAC then checks for the [Managed Installer extended attribute (EA)](/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer) or the [Intelligent Security Graph (ISG) EA](/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph) on the file. If either EA exists and the policy enables the corresponding option, then the file is allowed.
 
@@ -71,7 +71,11 @@ When Managed Installer and ISG are enabled, 3091 and 3092 events are logged when
 
 ### .NET native images may generate false positive block events
 
-In some cases, the code integrity logs where Windows Defender Application Control errors and warnings are written include error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image falls back to its corresponding assembly and .NET will regenerate the native image at its next scheduled maintenance window.
+In some cases, the code integrity logs where Windows Defender Application Control errors and warnings are written include error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image falls back to its corresponding assembly and .NET regenerates the native image at its next scheduled maintenance window.
+
+### Signatures using elliptical curve cryptography (ECC) aren't supported
+
+WDAC signer-based rules only work with RSA cryptography. ECC algorithms, such as ECDSA, aren't supported. If you try to allow files by signature based on ECC signatures, you'll see VerificationError = 23 on the corresponding 3089 signature information events. You can authorize the files instead by hash or file attribute rules, or using other signer rules if the file is also signed with signatures using RSA.
 
 ### MSI installers are treated as user writeable on Windows 10 when allowed by FilePath rule
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
index aa785afde2..ac8c1073a4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@@ -13,7 +13,7 @@ author: jgeurten
 ms.reviewer: jsuther1974
 ms.author: vinpa
 manager: aaroncz
-ms.date: 04/05/2023
+ms.date: 05/09/2023
 ms.technology: itpro-security
 ms.topic: article
 ---
@@ -48,7 +48,7 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru
 | **1 Enabled:Boot Menu Protection** | This option isn't currently supported. | No |
 | **2 Required:WHQL** | By default, kernel drivers that aren't Windows Hardware Quality Labs (WHQL) signed are allowed to run. Enabling this rule requires that every driver is WHQL signed and removes legacy driver support. Kernel drivers built for Windows 10 should be WHQL certified. | No |
 | **3 Enabled:Audit Mode (Default)** | Instructs WDAC to log information about applications, binaries, and scripts that would have been blocked, if the policy was enforced. You can use this option to identify the potential impact of your WDAC policy, and use the audit events to refine the policy before enforcement. To enforce a WDAC policy, delete this option. | No |
-| **4 Disabled:Flight Signing** | If enabled, binaries from Windows Insider builds aren't trusted. This option is useful for organizations that only want to run released binaries, not pre-release Windows builds. | No |
+| **4 Disabled:Flight Signing** | If enabled, binaries from Windows Insider builds aren't trusted. This option is useful for organizations that only want to run released binaries, not prerelease Windows builds. | No |
 | **5 Enabled:Inherit Default Policy** | This option is reserved for future use and currently has no effect. | Yes |
 | **6 Enabled:Unsigned System Integrity Policy (Default)** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and any supplemental policies must also be signed. The certificates that are trusted for future policy updates must be identified in the UpdatePolicySigners section. Certificates that are trusted for supplemental policies must be identified in the SupplementalPolicySigners section. | Yes |
 | **7 Allowed:Debug Policy Augmented** | This option isn't currently supported. | Yes |
@@ -72,6 +72,9 @@ File rule levels allow administrators to specify the level at which they want to
 
 Each file rule level has advantages and disadvantages. Use Table 2 to select the appropriate protection level for your available administrative resources and WDAC deployment scenario.
 
+> [!NOTE]
+> WDAC signer-based rules only work with RSA cryptography. ECC algorithms, such as ECDSA, aren't supported. If you try to allow files by signature based on ECC signatures, you'll see VerificationError = 23 on the corresponding 3089 signature information events. Files can be allowed instead by hash or file attribute rules, or using other signer rules if the file is also signed with signatures using RSA.
+
 ### Table 2. Windows Defender Application Control policy - file rule levels
 
 | Rule level | Description |
@@ -82,7 +85,7 @@ Each file rule level has advantages and disadvantages. Use Table 2 to select the
 | **SignedVersion** | This level combines the publisher rule with a version number. It allows anything to run from the specified publisher with a version at or above the specified version number. |
 | **Publisher** | This level combines the PcaCertificate level (typically one certificate below the root) and the common name (CN) of the leaf certificate. You can use this rule level to trust a certificate issued by a particular CA and issued to a specific company you trust (such as Intel, for device drivers). |
 | **FilePublisher** | This level combines the "FileName" attribute of the signed file, plus "Publisher" (PCA certificate with CN of leaf), plus a minimum version number. This option trusts specific files from the specified publisher, with a version at or above the specified version number. |
-| **LeafCertificate** | Adds trusted signers at the individual signing certificate level. The benefit of using this level versus the individual hash level is that new versions of the product will have different hash values but typically the same signing certificate. When this level is used, no policy update would be needed to run the new version of the application. However, leaf certificates typically have shorter validity periods than other certificate levels, so the WDAC policy must be updated whenever these certificates change. |
+| **LeafCertificate** | Adds trusted signers at the individual signing certificate level. The benefit of using this level versus the individual hash level is that new versions of the product have different hash values but typically the same signing certificate. When this level is used, no policy update would be needed to run the new version of the application. However, leaf certificates typically have shorter validity periods than other certificate levels, so the WDAC policy must be updated whenever these certificates change. |
 | **PcaCertificate** | Adds the highest available certificate in the provided certificate chain to signers. This level is typically one certificate below the root because the scan doesn't resolve the complete certificate chain via the local root stores or with an online check. |
 | **RootCertificate** | Not supported. |
 | **WHQL** | Only trusts binaries that have been submitted to Microsoft and signed by the Windows Hardware Qualification Lab (WHQL). This level is primarily for kernel binaries. |
@@ -175,7 +178,7 @@ The Authenticode/PE image hash can be calculated for digitally signed and unsign
 The PowerShell cmdlet produces an Authenticode Sha1 Hash, Sha256 Hash, Sha1 Page Hash, Sha256 Page Hash.
 During validation, WDAC selects which hashes are calculated based on how the file is signed and the scenario in which the file is used.  For example, if the file is page-hash signed, WDAC validates each page of the file and avoids loading the entire file in memory to calculate the full sha256 authenticode hash.
 
-In the cmdlets, rather than try to predict which hash will be used, we pre-calculate and use the four hashes (sha1/sha2 authenticode, and sha1/sha2 of first page).  This method is also resilient to changes in how the file is signed since your WDAC policy has more than one hash available for the file already.
+In the cmdlets, rather than try to predict which hash will be used, we precalculate and use the four hashes (sha1/sha2 authenticode, and sha1/sha2 of first page).  This method is also resilient to changes in how the file is signed since your WDAC policy has more than one hash available for the file already.
 
 ### Why does scan create eight hash rules for certain XML files?
 

From 36d691beadd33ab15610479b54fa38363f986fec Mon Sep 17 00:00:00 2001
From: Amy Zhou <amyzhou@microsoft.com>
Date: Tue, 9 May 2023 13:15:08 -0700
Subject: [PATCH 098/107] mounting instructions and fixed overview

---
 windows/deployment/do/mcc-isp-create-provision-deploy.md | 3 +++
 windows/deployment/do/mcc-isp-overview.md                | 3 ---
 windows/deployment/do/waas-microsoft-connected-cache.md  | 2 ++
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/do/mcc-isp-create-provision-deploy.md b/windows/deployment/do/mcc-isp-create-provision-deploy.md
index 52602d6b5f..6c6b6a11f0 100644
--- a/windows/deployment/do/mcc-isp-create-provision-deploy.md
+++ b/windows/deployment/do/mcc-isp-create-provision-deploy.md
@@ -114,6 +114,9 @@ There are five IDs that the device provisioning script takes as input in order t
 
 #### Provision your server
 
+> [!IMPORTANT]
+> Have you correctly mounted your disk? Your MCC will not be successfully installed without this important step. Before provisioning your server, ensure your disk is correctly mounted by following the instructions here: [Attach a data disk to a Linux VM](/azure/virtual-machines/linux/attach-disk-portal#find-the-disk).
+
 :::image type="content" source="images/mcc-isp-deploy-cache-node-numbered.png" alt-text="Screenshot of the server provisioning tab within cache node configuration in Azure portal.":::
 
 1. After completing cache node provisioning, navigate to the **Server provisioning** tab. Select **Download provisioning package** to download the installation package to your server.  
diff --git a/windows/deployment/do/mcc-isp-overview.md b/windows/deployment/do/mcc-isp-overview.md
index a1e7335919..a5bb6ef9df 100644
--- a/windows/deployment/do/mcc-isp-overview.md
+++ b/windows/deployment/do/mcc-isp-overview.md
@@ -38,6 +38,3 @@ Microsoft Connected Cache uses Delivery Optimization as the backbone for Microso
 - Xbox: Xbox Game Pass (PC only)
 
 For the full list of content endpoints that Microsoft Connected Cache for ISPs supports, see [Microsoft Connected Cache content and services endpoints](delivery-optimization-endpoints.md).
-
-## How it works
-
diff --git a/windows/deployment/do/waas-microsoft-connected-cache.md b/windows/deployment/do/waas-microsoft-connected-cache.md
index b616087474..b65a32025e 100644
--- a/windows/deployment/do/waas-microsoft-connected-cache.md
+++ b/windows/deployment/do/waas-microsoft-connected-cache.md
@@ -42,6 +42,8 @@ Microsoft Connected Cache (MCC) for Internet Service Providers is currently in p
 
 Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. MCC can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune. Learn more at [Microsoft Connected Cache for Enterprise and Education Overview](mcc-ent-edu-overview.md).
 
+Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For Microsoft Connected Cache in Configuration Manager (generally available starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache)
+
 ## Next steps
 
 - [Microsoft Connected Cache for ISPs Overview](mcc-isp-overview.md)

From a2ec379662fa352b97d62357b5ff2676893c642a Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Tue, 9 May 2023 14:24:40 -0700
Subject: [PATCH 099/107] 7876532-links

---
 windows/deployment/update/WIP4Biz-intro.md                  | 2 +-
 windows/deployment/update/eval-infra-tools.md               | 2 +-
 .../update/waas-servicing-channels-windows-10-updates.md    | 6 +++---
 windows/deployment/upgrade/windows-10-edition-upgrades.md   | 1 -
 .../volume-activation/volume-activation-windows-10.md       | 2 +-
 5 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md
index 15954efa93..ba129003a6 100644
--- a/windows/deployment/update/WIP4Biz-intro.md
+++ b/windows/deployment/update/WIP4Biz-intro.md
@@ -44,7 +44,7 @@ Windows 10 Insider Preview builds offer organizations a valuable and exciting op
 |Release channel  |**Fast Ring:** Insider Preview builds in the Fast Ring are released approximately once a week and contain the very latest features. This makes them ideal for feature exploration.|
 |Users    |    Because Fast Ring builds are released so early in the development cycle, we recommend limiting feature exploration in your organization to IT administrators and developers running Insider Preview builds on secondary devices.     |
 |Tasks   |  - Install and manage Insider Preview builds on devices (per device or centrally across multiple devices)<br>  - Explore new features in Windows designed for organizations, including new features related to current and planned line of business applications<br> - Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) for a summary of current features.      |
-|Feedback   |  - This helps us make adjustments to features as quickly as possible.<br> - Encourage users to sign into the Feedback Hub using their Azure Active Directory work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organization’s domain.)<br> - [Learn how to provide effective feedback in the Feedback Hub](https://insider.windows.com/how-to-feedback/)       |
+|Feedback   |  - This helps us make adjustments to features as quickly as possible.<br> - Encourage users to sign into the Feedback Hub using their Azure Active Directory work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organization’s domain.)<br> - [Learn how to provide effective feedback in the Feedback Hub](/windows-insider/feedback)       |
 
 ## Validate Insider Preview builds 
 Along with exploring new features, you also have the option to validate your apps and infrastructure on Insider Preview builds. Early validation has several benefits:
diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md
index 14e8129982..4a20d28511 100644
--- a/windows/deployment/update/eval-infra-tools.md
+++ b/windows/deployment/update/eval-infra-tools.md
@@ -45,7 +45,7 @@ Keep security baselines current to help ensure that your environment is secure a
 
 There are a number of Windows policies (set by Group Policy, Intune, or other methods) that affect when Windows updates are installed, deferral, end-user experience, and many other aspects. Check these policies to make sure they are set appropriately.
 
-- **Windows Administrative templates**: Each Windows client feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 10, version 1909](https://www.microsoft.com/download/100591).
+- **Windows Administrative templates**: Each Windows client feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 11, version 22H2](https://www.microsoft.com/download/details.aspx?id=104593).
 - **Policies for update compliance and end-user experience**: A number of settings affect when a device installs updates, whether and for how long a user can defer an update, restart behavior after installation, and many other aspects of update behavior. It's especially important to look for existing policies that are out of date or could conflict with new ones. 
 
 
diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
index 1b6ef429f8..82f1a7f953 100644
--- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
@@ -48,10 +48,10 @@ The General Availability Channel is the default servicing channel for all Window
 
 To get started with the Windows Insider Program for Business, follows these steps:
 
-1. On the [Windows Insider](https://insider.windows.com) website, go to **For Business > Getting Started** to [register your organizational Azure AD account](https://insider.windows.com/insidersigninaad/).
-2. **Register your domain**. Rather than have each user register individually for Insider Preview builds, administrators can [register their domain](https://insider.windows.com/for-business-organization-admin/) and control settings centrally.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
+1. On the [Windows Insider](https://www.microsoft.com/windowsinsider/for-business) website, select **Register** to register your organizational Azure AD account.
+2. Follow the prompts to register your tenant.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register.
 3. Make sure the **Allow Telemetry** setting is set to **2** or higher.
-4. For Windows 10, version 1709 or later, set policies to manage preview builds and their delivery:
+4. For Windows devices, set policies to manage preview builds and their delivery:
 
 The **Manage preview builds** setting gives administrators control over enabling or disabling preview build installation on a device. You can also decide to stop preview builds once the release is public.
 * Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business** - *Manage preview builds*
diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md
index ea38090b1d..c3c3acaa55 100644
--- a/windows/deployment/upgrade/windows-10-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md
@@ -22,7 +22,6 @@ ms.date: 10/28/2022
 
 With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md). Downgrading the edition of Windows is discussed in the [License expiration](#license-expiration) section on this page.
 
-For a list of operating systems that qualify for the Windows 10 Pro Upgrade or Windows 10 Enterprise Upgrade through Microsoft Volume Licensing, see [Windows 10 Qualifying Operating Systems](https://download.microsoft.com/download/2/d/1/2d14fe17-66c2-4d4c-af73-e122930b60f6/Windows10-QOS.pdf).
 
 The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer.
 
diff --git a/windows/deployment/volume-activation/volume-activation-windows-10.md b/windows/deployment/volume-activation/volume-activation-windows-10.md
index 29dfd02ddc..3c213a2a45 100644
--- a/windows/deployment/volume-activation/volume-activation-windows-10.md
+++ b/windows/deployment/volume-activation/volume-activation-windows-10.md
@@ -27,7 +27,7 @@ ms.technology: itpro-fundamentals
 > [!TIP]
 > Are you looking for volume licensing information?
 >
-> - [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](https://go.microsoft.com/fwlink/p/?LinkId=620104)
+> - [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](https://www.microsoft.com/download/details.aspx?id=11091)
 
 > [!TIP]
 > Are you looking for information on retail activation?

From 1cf424c686bd845a19bf44f561bab75b7220a6fc Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Tue, 9 May 2023 15:01:55 -0700
Subject: [PATCH 100/107] edits

---
 windows/deployment/do/TOC.yml                      |  2 +-
 windows/deployment/do/mcc-ent-edu-overview.md      | 14 ++++++--------
 .../do/mcc-isp-create-provision-deploy.md          | 14 +++++++++-----
 windows/deployment/do/mcc-isp-overview.md          |  2 +-
 .../do/waas-microsoft-connected-cache.md           |  2 +-
 windows/deployment/update/media-dynamic-update.md  |  2 +-
 6 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/windows/deployment/do/TOC.yml b/windows/deployment/do/TOC.yml
index 41763a5c9a..4e9dc9cb0c 100644
--- a/windows/deployment/do/TOC.yml
+++ b/windows/deployment/do/TOC.yml
@@ -27,7 +27,7 @@
       href: delivery-optimization-test.md
 - name: Microsoft Connected Cache
   items:
-    - name: What is Microsoft Connected Cache
+    - name: What is Microsoft Connected Cache?
       href: waas-microsoft-connected-cache.md
     - name: MCC for Enterprise and Education
       items:
diff --git a/windows/deployment/do/mcc-ent-edu-overview.md b/windows/deployment/do/mcc-ent-edu-overview.md
index ac1fd7ba34..5702d64fde 100644
--- a/windows/deployment/do/mcc-ent-edu-overview.md
+++ b/windows/deployment/do/mcc-ent-edu-overview.md
@@ -6,7 +6,7 @@ ms.prod: windows-client
 author: amymzhou
 ms.author: amyzhou
 ms.topic: article
-ms.date: 12/31/2017
+ms.date: 05/09/2023
 ms.technology: itpro-updates
 ms.collection: tier3
 ---
@@ -19,14 +19,12 @@ ms.collection: tier3
 - Windows 11
 
 > [!IMPORTANT]
-> Microsoft Connected Cache is currently a preview feature. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
-
-> [!NOTE]
-> We're still accepting Enterprise and Education customers to join the early preview. To register your interest, fill out the survey located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup).
+> - Microsoft Connected Cache is currently a preview feature. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+> - We're still accepting Enterprise and Education customers to join the early preview. To register your interest, fill out the survey located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup).
 
 Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. MCC can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune.
 
-Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For Microsoft Connected Cache in Configuration Manager (generally available starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache).
+Microsoft Connected Cache (MCC) for Enterprise and Education (early preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For information about Microsoft Connected Cache in Configuration Manager (generally available, starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache).
 
 ## Supported scenarios
 
@@ -48,7 +46,7 @@ For the full list of content endpoints that Microsoft Connected Cache for Enterp
 
 ## How it works
 
-MCC is a hybrid (mix of on-premises and cloud resources) SaaS solution built as an Azure IoT Edge module and Docker compatible Linux container deployed to your Windows devices. The Delivery Optimization team chose IoT Edge for Linux on Windows (EFLOW) as a secure, reliable container management infrastructure. EFLOW is a Linux virtual machine, based on Microsoft's first party CBL-Mariner operating system. It’s built with the IoT Edge runtime and validated as a tier 1 supported environment for IoT Edge workloads. MCC will be a Linux IoT Edge module running on the Windows Host OS.  
+MCC is a hybrid (mix of on-premises and cloud resources) SaaS solution built as an Azure IoT Edge module and Docker compatible Linux container deployed to your Windows devices. The Delivery Optimization team chose IoT Edge for Linux on Windows (EFLOW) as a secure, reliable container management infrastructure. EFLOW is a Linux virtual machine, based on Microsoft's first party CBL-Mariner operating system. It's built with the IoT Edge runtime and validated as a tier 1 supported environment for IoT Edge workloads. MCC is a Linux IoT Edge module running on the Windows Host OS.  
 
 1. The Azure Management Portal is used to create MCC nodes.
 1. The MCC container is deployed and provisioned to the server using the installer provided in the portal.
@@ -56,7 +54,7 @@ MCC is a hybrid (mix of on-premises and cloud resources) SaaS solution built as
 1. Microsoft end-user devices make range requests for content from the MCC node.
 1. The MCC node pulls content from the CDN, seeds its local cache stored on disk, and delivers the content to the client.
 1. Subsequent requests from end-user devices for content will now come from cache.
-1. If the MCC node is unavailable, the client will pull content from CDN to ensure uninterrupted service for your subscribers.
+1. If the MCC node is unavailable, the client pulls content from CDN to ensure uninterrupted service for your subscribers.
 
 The following diagram displays an overview of how MCC functions:
 
diff --git a/windows/deployment/do/mcc-isp-create-provision-deploy.md b/windows/deployment/do/mcc-isp-create-provision-deploy.md
index 6c6b6a11f0..d7bf5ee7a4 100644
--- a/windows/deployment/do/mcc-isp-create-provision-deploy.md
+++ b/windows/deployment/do/mcc-isp-create-provision-deploy.md
@@ -6,7 +6,7 @@ ms.prod: windows-client
 author: nidos
 ms.author: nidos
 ms.topic: article
-ms.date: 12/31/2017
+ms.date: 05/09/2023
 ms.technology: itpro-updates
 ms.collection: tier3
 ---
@@ -18,7 +18,7 @@ ms.collection: tier3
 - Windows 10
 - Windows 11
 
-This article outlines how to create, provision, and deploy your Microsoft Connected Cache nodes. The creation and provisioning of your cache node takes place in Azure portal. The deployment of your cache node will require downloading an installer script that will be run on your cache server.
+This article outlines how to create, provision, and deploy your Microsoft Connected Cache nodes. The creation and provisioning of your cache node takes place in Azure portal. The deployment of your cache node requires downloading an installer script that will be run on your cache server.
 
 > [!IMPORTANT]
 > Before you can create your Microsoft Connected Cache, you will need to complete the [sign up process](mcc-isp-signup.md). You cannot proceed without signing up for our service.
@@ -37,7 +37,7 @@ During the configuration of your cache node, there are many fields for you to co
 
 ### Client routing
 
-Before serving traffic to your customers, client routing configuration is needed. During the configuration of your cache node in Azure portal, you'll be able to route your clients to your cache node.
+Before serving traffic to your customers, client routing configuration is needed. During the configuration of your cache node in Azure portal, you're able to route your clients to your cache node.
 
 Microsoft Connected Cache offers two ways for you to route your clients to your cache node. The first method of manual entry involves uploading a comma-separated list of CIDR blocks that represents the clients. The second method of setting BGP (Border Gateway Protocol) is more automatic and dynamic, which is set up by establishing neighborships with other ASNs. All routing methods are set up within Azure portal.
 
@@ -53,7 +53,11 @@ You can manually upload a list of your CIDR blocks in Azure portal to enable man
 
 BGP (Border Gateway Protocol) routing is another method offered for client routing. BGP dynamically retrieves CIDR ranges by exchanging information with routers to understand reachable networks. For an automatic method of routing traffic, you can choose to configure BGP routing in Azure portal.
 
-Microsoft Connected Cache includes Bird BGP which enables the cache node to 1) establish iBGP peering sessions with routers, route servers, or route collectors within operator networks and 2)  act as a route collector. The operator will start the iBGP peering session from the Microsoft Connected Cache side using the Azure management portal and then start the session with the Microsoft Connected Cache node from the router.
+Microsoft Connected Cache includes Bird BGP, which enables the cache node to:
+ - Establish iBGP peering sessions with routers, route servers, or route collectors within operator networks 
+ - Act as a route collector 
+
+The operator starts the iBGP peering session from the Microsoft Connected Cache side using the Azure management portal and then starts the session with the Microsoft Connected Cache node from the router.
 
 In the example configuration below:
 - The operator ASN is 65100
@@ -64,7 +68,7 @@ In the example configuration below:
 
     :::image type="content" source="images/mcc-isp-bgp-diagram.png" alt-text="A diagram that shows the relationship between the cache node and other ASNs/routers when using BGP. BGP routing allows the cache node to route to other network providers with different ASNs." lightbox="./images/mcc-isp-provision-cache-node-numbered.png":::  
 
-To set up and enable BGP routing for your cache node, follow these steps below:
+To set up and enable BGP routing for your cache node, follow the steps below:
 
 1. Navigate to **Settings** > **Cache nodes**. Select the cache node you wish to provision.
 
diff --git a/windows/deployment/do/mcc-isp-overview.md b/windows/deployment/do/mcc-isp-overview.md
index a5bb6ef9df..9ef0352aab 100644
--- a/windows/deployment/do/mcc-isp-overview.md
+++ b/windows/deployment/do/mcc-isp-overview.md
@@ -6,7 +6,7 @@ ms.prod: windows-client
 author: amymzhou
 ms.author: amyzhou
 ms.topic: article
-ms.date: 12/31/2017
+ms.date: 05/09/2023
 ms.technology: itpro-updates
 ms.collection: tier3
 ---
diff --git a/windows/deployment/do/waas-microsoft-connected-cache.md b/windows/deployment/do/waas-microsoft-connected-cache.md
index b65a32025e..7b4290c2a6 100644
--- a/windows/deployment/do/waas-microsoft-connected-cache.md
+++ b/windows/deployment/do/waas-microsoft-connected-cache.md
@@ -8,7 +8,7 @@ ms.localizationpriority: medium
 ms.author: carmenf
 ms.topic: article
 ms.technology: itpro-updates
-ms.date: 12/31/2017
+ms.date: 05/09/2023
 ms.collection: tier3
 ---
 
diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md
index 135a23932a..bd19b56970 100644
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@@ -8,7 +8,7 @@ ms.author: mstewart
 manager: aaroncz
 ms.topic: article
 ms.technology: itpro-updates
-ms.date: 12/31/2017
+ms.date: 05/09/2023
 ms.reviewer: stevedia
 ---
 

From a6b0cede629a64d738f11518fffbc0268835b24d Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Wed, 10 May 2023 07:16:51 -0400
Subject: [PATCH 101/107] updates

---
 includes/licensing/federated-sign-in.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md
index 28e69d8a5e..f1462fff61 100644
--- a/includes/licensing/federated-sign-in.md
+++ b/includes/licensing/federated-sign-in.md
@@ -15,8 +15,8 @@ The following table lists the Windows editions that support Federated sign-in:
 
 Federated sign-in license entitlements are granted by the following licenses:
 
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|No|No|No|Yes|Yes|
+|Yes|No|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

From 379fabc5c753c6d870f5d4f20195aa8c0f2a70d3 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Wed, 10 May 2023 07:20:31 -0400
Subject: [PATCH 102/107] updates

---
 includes/licensing/federated-sign-in.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md
index f1462fff61..5a1a787e06 100644
--- a/includes/licensing/federated-sign-in.md
+++ b/includes/licensing/federated-sign-in.md
@@ -17,6 +17,6 @@ Federated sign-in license entitlements are granted by the following licenses:
 
 |Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
-|Yes|No|Yes|Yes|
+|Yes|No|No|Yes|Yes|
 
 For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

From 285f0ae0c2411e12dec42a504787e2b09321495f Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Wed, 10 May 2023 10:21:20 -0400
Subject: [PATCH 103/107] Change link

---
 .../mdm/policy-csp-admx-microsoftdefenderantivirus.md    | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index 0a138841a5..5ab458d27a 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -491,7 +491,7 @@ This policy setting allows you specify a list of file types that should be exclu
 <!-- Exclusions_Extensions-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met.
 <!-- Exclusions_Extensions-Editable-End -->
 
 <!-- Exclusions_Extensions-DFProperties-Begin -->
@@ -549,7 +549,7 @@ This policy setting allows you to disable scheduled and real-time scanning for f
 <!-- Exclusions_Paths-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met.
 <!-- Exclusions_Paths-Editable-End -->
 
 <!-- Exclusions_Paths-DFProperties-Begin -->
@@ -607,7 +607,7 @@ This policy setting allows you to disable real-time scanning for any file opened
 <!-- Exclusions_Processes-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met.
 <!-- Exclusions_Processes-Editable-End -->
 
 <!-- Exclusions_Processes-DFProperties-Begin -->
@@ -5732,6 +5732,9 @@ If you enable this setting AM UI won't be available to users.
 
 <!-- ADMX_MicrosoftDefenderAntivirus-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!--links-->
+[TAMPER-1]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
+[TAMPER-2]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#what-about-exclusions
 <!-- ADMX_MicrosoftDefenderAntivirus-CspMoreInfo-End -->
 
 <!-- ADMX_MicrosoftDefenderAntivirus-End -->

From 59ff3435b68c4b2749763caf3cd2e919441f33d0 Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Wed, 10 May 2023 10:28:51 -0400
Subject: [PATCH 104/107] Update all links

---
 windows/client-management/mdm/defender-csp.md |  4 ++-
 ...icy-csp-admx-microsoftdefenderantivirus.md | 26 +++++++++---------
 .../mdm/policy-csp-defender.md                | 27 ++++++++++---------
 3 files changed, 31 insertions(+), 26 deletions(-)

diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 6a1e494ea6..a94f1eed2e 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -2263,7 +2263,7 @@ Tamper protection helps protect important security features from unwanted change
 <!-- Device-Configuration-TamperProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- Device-Configuration-TamperProtection-Editable-End -->
 
 <!-- Device-Configuration-TamperProtection-DFProperties-Begin -->
@@ -3880,6 +3880,8 @@ Node that can be used to perform signature updates for Windows Defender.
 
 <!-- Defender-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- Links -->
+[TAMPER-1]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
 <!-- Defender-CspMoreInfo-End -->
 
 <!-- Defender-End -->
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index 5ab458d27a..8e1f7925f0 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -116,7 +116,7 @@ Enabling or disabling this policy may lead to unexpected or unsupported behavior
 <!-- DisableAntiSpywareDefender-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- DisableAntiSpywareDefender-Editable-End -->
 
 <!-- DisableAntiSpywareDefender-DFProperties-Begin -->
@@ -247,7 +247,7 @@ Real-time Protection -> Do not enable the "Turn off real-time protection" policy
 <!-- DisableBlockAtFirstSeen-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- DisableBlockAtFirstSeen-Editable-End -->
 
 <!-- DisableBlockAtFirstSeen-DFProperties-Begin -->
@@ -371,7 +371,7 @@ Real-time protection consists of always-on scanning with file and process behavi
 <!-- DisableRealtimeMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- DisableRealtimeMonitoring-Editable-End -->
 
 <!-- DisableRealtimeMonitoring-DFProperties-Begin -->
@@ -433,7 +433,7 @@ This policy setting allows you to configure whether Microsoft Defender Antivirus
 <!-- DisableRoutinelyTakingAction-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- DisableRoutinelyTakingAction-Editable-End -->
 
 <!-- DisableRoutinelyTakingAction-DFProperties-Begin -->
@@ -1592,7 +1592,7 @@ This policy setting allows you to configure behavior monitoring.
 <!-- RealtimeProtection_DisableBehaviorMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- RealtimeProtection_DisableBehaviorMonitoring-Editable-End -->
 
 <!-- RealtimeProtection_DisableBehaviorMonitoring-DFProperties-Begin -->
@@ -1654,7 +1654,7 @@ This policy setting allows you to configure scanning for all downloaded files an
 <!-- RealtimeProtection_DisableIOAVProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- RealtimeProtection_DisableIOAVProtection-Editable-End -->
 
 <!-- RealtimeProtection_DisableIOAVProtection-DFProperties-Begin -->
@@ -1716,7 +1716,7 @@ This policy setting allows you to configure monitoring for file and program acti
 <!-- RealtimeProtection_DisableOnAccessProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- RealtimeProtection_DisableOnAccessProtection-Editable-End -->
 
 <!-- RealtimeProtection_DisableOnAccessProtection-DFProperties-Begin -->
@@ -1838,7 +1838,7 @@ This policy setting allows you to configure process scanning when real-time prot
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-Editable-End -->
 
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-DFProperties-Begin -->
@@ -2563,7 +2563,7 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus enha
 <!-- Reporting_DisableEnhancedNotifications-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- Reporting_DisableEnhancedNotifications-Editable-End -->
 
 <!-- Reporting_DisableEnhancedNotifications-DFProperties-Begin -->
@@ -3094,7 +3094,7 @@ This policy setting allows you to configure scans for malicious software and unw
 <!-- Scan_DisableArchiveScanning-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- Scan_DisableArchiveScanning-Editable-End -->
 
 <!-- Scan_DisableArchiveScanning-DFProperties-Begin -->
@@ -5578,7 +5578,7 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus noti
 <!-- UX_Configuration_Notification_Suppress-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- UX_Configuration_Notification_Suppress-Editable-End -->
 
 <!-- UX_Configuration_Notification_Suppress-DFProperties-Begin -->
@@ -5638,7 +5638,7 @@ If you enable this setting AM UI won't show reboot notifications.
 <!-- UX_Configuration_SuppressRebootNotification-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- UX_Configuration_SuppressRebootNotification-Editable-End -->
 
 <!-- UX_Configuration_SuppressRebootNotification-DFProperties-Begin -->
@@ -5732,7 +5732,7 @@ If you enable this setting AM UI won't be available to users.
 
 <!-- ADMX_MicrosoftDefenderAntivirus-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
-<!--links-->
+<!-- Links -->
 [TAMPER-1]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
 [TAMPER-2]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#what-about-exclusions
 <!-- ADMX_MicrosoftDefenderAntivirus-CspMoreInfo-End -->
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 87429df941..3e6b64b062 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -47,7 +47,7 @@ This policy setting allows you to configure scans for malicious software and unw
 <!-- AllowArchiveScanning-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- AllowArchiveScanning-Editable-End -->
 
 <!-- AllowArchiveScanning-DFProperties-Begin -->
@@ -116,7 +116,7 @@ This policy setting allows you to configure behavior monitoring.
 <!-- AllowBehaviorMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- AllowBehaviorMonitoring-Editable-End -->
 
 <!-- AllowBehaviorMonitoring-DFProperties-Begin -->
@@ -198,7 +198,7 @@ In Windows 10, Basic membership is no longer available, so setting the value to
 <!-- AllowCloudProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- AllowCloudProtection-Editable-End -->
 
 <!-- AllowCloudProtection-DFProperties-Begin -->
@@ -464,7 +464,7 @@ Allows or disallows Windows Defender Intrusion Prevention functionality.
 <!-- AllowIntrusionPreventionSystem-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- AllowIntrusionPreventionSystem-Editable-End -->
 
 <!-- AllowIntrusionPreventionSystem-DFProperties-Begin -->
@@ -519,7 +519,7 @@ This policy setting allows you to configure scanning for all downloaded files an
 <!-- AllowIOAVProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- AllowIOAVProtection-Editable-End -->
 
 <!-- AllowIOAVProtection-DFProperties-Begin -->
@@ -588,7 +588,7 @@ This policy setting allows you to configure monitoring for file and program acti
 <!-- AllowOnAccessProtection-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- AllowOnAccessProtection-Editable-End -->
 
 <!-- AllowOnAccessProtection-DFProperties-Begin -->
@@ -653,7 +653,7 @@ Allows or disallows Windows Defender Realtime Monitoring functionality.
 <!-- AllowRealtimeMonitoring-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- AllowRealtimeMonitoring-Editable-End -->
 
 <!-- AllowRealtimeMonitoring-DFProperties-Begin -->
@@ -784,7 +784,7 @@ Allows or disallows Windows Defender Script Scanning functionality.
 <!-- AllowScriptScanning-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- AllowScriptScanning-Editable-End -->
 
 <!-- AllowScriptScanning-DFProperties-Begin -->
@@ -1908,7 +1908,7 @@ Allows an administrator to specify a list of file type extensions to ignore duri
 <!-- ExcludedExtensions-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met.
 <!-- ExcludedExtensions-Editable-End -->
 
 <!-- ExcludedExtensions-DFProperties-Begin -->
@@ -1964,7 +1964,7 @@ Allows an administrator to specify a list of directory paths to ignore during a
 <!-- ExcludedPaths-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met.
 <!-- ExcludedPaths-Editable-End -->
 
 <!-- ExcludedPaths-DFProperties-Begin -->
@@ -2023,7 +2023,7 @@ Allows an administrator to specify a list of files opened by processes to ignore
 <!-- ExcludedProcesses-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions](https://go.microsoft.com/fwlink/?linkid=2235765) are met.
+> To prevent unauthorized changes to exclusions, apply tamper protection. Tamper protection for exclusions only works when [certain conditions][TAMPER-2] are met.
 <!-- ExcludedProcesses-Editable-End -->
 
 <!-- ExcludedProcesses-DFProperties-Begin -->
@@ -2816,7 +2816,7 @@ Valid remediation action values are:
 <!-- ThreatSeverityDefaultAction-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> Changes to this setting are not applied when [tamper protection](https://go.microsoft.com/fwlink/?LinkId=2236030) is enabled.
+> Changes to this setting are not applied when [tamper protection][TAMPER-1] is enabled.
 <!-- ThreatSeverityDefaultAction-Editable-End -->
 
 <!-- ThreatSeverityDefaultAction-DFProperties-Begin -->
@@ -2850,6 +2850,9 @@ Valid remediation action values are:
 
 <!-- Defender-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- Links -->
+[TAMPER-1]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
+[TAMPER-2]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#what-about-exclusions
 <!-- Defender-CspMoreInfo-End -->
 
 <!-- Defender-End -->

From 9b6e53d8a7cf2e6b63f910d1b79cc1d110e5f117 Mon Sep 17 00:00:00 2001
From: Andre Della Monica <andredm@microsoft.com>
Date: Thu, 11 May 2023 11:04:30 -0500
Subject: [PATCH 105/107] More changes

---
 ...dows-autopatch-groups-manage-autopatch-groups.md | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
index 71ba52fc37..9c11543fb9 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
@@ -1,7 +1,7 @@
 ---
 title: Manage Windows Autopatch groups
 description: This article explains how to manage Autopatch groups
-ms.date: 05/05/2023
+ms.date: 05/11/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -219,3 +219,14 @@ The Windows Autopatch team is currently developing the Autopatch group Azure AD
 > - Modern Workplace Devices-Windows Autopatch-Broad
 > 
 > Use the [Policy health feature](../operate/windows-autopatch-policy-health-and-remediation.md) to restore these groups, if needed. For more information, see [restore deployment groups](../operate/windows-autopatch-policy-health-and-remediation.md#restore-deployment-groups).
+
+### Autopatch group rename
+
+- **Status: Active**
+
+The Windows Autopatch team is aware that the Windows Autopatch service doesn't allow the rename of Autopatch groups yet. The Autopatch group name is appended to all deployment ring names in the Autopatch group.
+
+> [!IMPORTANT]
+> During the public preview, if you try to rename either the [Update rings](/mem/intune/protect/windows-10-update-rings) or [feature updates](/mem/intune/protect/windows-10-feature-updates) for Windows 10 and later policies directly in the Microsoft Intune end-user experience, the policy names are reverted back to the name defined by the Autopatch group end-user experience interface.
+
+The Windows Autopatch team is currently developing the rename feature and plan to make it available during public preview.
\ No newline at end of file

From 0b863e787c031d006b0e35f406630843d32f1ac0 Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Thu, 11 May 2023 09:28:50 -0700
Subject: [PATCH 106/107] Update
 windows-autopatch-groups-manage-autopatch-groups.md

---
 .../windows-autopatch-groups-manage-autopatch-groups.md     | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
index 9c11543fb9..9831d4850d 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
@@ -220,13 +220,11 @@ The Windows Autopatch team is currently developing the Autopatch group Azure AD
 > 
 > Use the [Policy health feature](../operate/windows-autopatch-policy-health-and-remediation.md) to restore these groups, if needed. For more information, see [restore deployment groups](../operate/windows-autopatch-policy-health-and-remediation.md#restore-deployment-groups).
 
-### Autopatch group rename
+### Rename an Autopatch group 
 
 - **Status: Active**
 
-The Windows Autopatch team is aware that the Windows Autopatch service doesn't allow the rename of Autopatch groups yet. The Autopatch group name is appended to all deployment ring names in the Autopatch group.
+You can't rename an Autopatch group yet. The Autopatch group name is appended to all deployment ring names in the Autopatch group. Windows Autopatch is currently developing the rename feature.
 
 > [!IMPORTANT]
 > During the public preview, if you try to rename either the [Update rings](/mem/intune/protect/windows-10-update-rings) or [feature updates](/mem/intune/protect/windows-10-feature-updates) for Windows 10 and later policies directly in the Microsoft Intune end-user experience, the policy names are reverted back to the name defined by the Autopatch group end-user experience interface.
-
-The Windows Autopatch team is currently developing the rename feature and plan to make it available during public preview.
\ No newline at end of file

From 4e7db7531178f316600a584902cafa4af18fd2ab Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Fri, 12 May 2023 09:28:50 -0700
Subject: [PATCH 107/107] deadline-7890445

---
 windows/deployment/update/wufb-compliancedeadlines.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md
index 2c627d3a6e..3549b7bdb6 100644
--- a/windows/deployment/update/wufb-compliancedeadlines.md
+++ b/windows/deployment/update/wufb-compliancedeadlines.md
@@ -8,13 +8,13 @@ ms.author: mstewart
 manager: aaroncz
 ms.topic: article
 ms.technology: itpro-updates
-ms.date: 12/31/2017
+ms.date: 05/12/2023
 ---
 # Enforcing compliance deadlines for updates
 
 **Applies to**
 
-- Windows 10
+- Windows 10
 - Windows 11
 
 Deploying feature or quality updates for many organizations is only part of the equation for managing their device ecosystem. The ability to enforce update compliance is the next important part. Windows Update for Business provides controls to manage deadlines for when devices should migrate to newer versions.
@@ -43,3 +43,6 @@ When **Specify deadlines for automatic updates and restarts** is set (Windows 10
 For feature updates, the deadline and grace period start their countdown from the time of a pending restart after the installation is complete. As soon as installation is complete and the device reaches pending restart, the device will try to update outside of active hours. Once the *effective deadline* is reached, the device will try to restart during active hours. (The effective deadline is whichever is the later of the restart pending date plus the specified deadline or the restart pending date plus the grace period.) 
 
 For quality updates, the deadline countdown starts from the time the update is *offered* (not downloaded or installed). The grace period countdown starts from the time of the pending restart. The device will try to download and install the update at a time based on your other download and installation policies (the default is to automatically download and install in in the background). When the pending restart time is reached, the device will notify the user and try to update outside of active hours. Once the effective deadline is reached, the device will try to restart during active hours.
+
+> [!NOTE]
+> When **Specify deadlines for automatic updates and restarts** is used, download, installation, and reboot settings stemming from the [Configure Automatic Updates](waas-restart.md#schedule-update-installation) are ignored.