From 1e168448aaf1390f63f827a59a0fe5d17e253607 Mon Sep 17 00:00:00 2001
From: gkomatsu <gkomatsu@microsoft.com>
Date: Mon, 2 May 2022 11:04:30 -0700
Subject: [PATCH 1/9] Clarify the restrictions of MDM Wins Over GP

Updated the note section that informs limitations of MDM Wins Over GP. Several customer feedback revealed there some policies under Policy CSP that does not respect this function.
---
 .../mdm/policy-csp-controlpolicyconflict.md           | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index e66ffbee8b..020a873465 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -32,6 +32,14 @@ manager: dansimp
 <!--Policy-->
 <a href="" id="controlpolicyconflict-mdmwinsovergp"></a>**ControlPolicyConflict/MDMWinsOverGP**  
 
+> [!NOTE]
+> MDM policy win over Group Policy are applicable to limited set of Group Policies. It dows not apply to the following GP settings.
+> - Group Policies that does not have a mapping with a MDM Policy controlled through Policy CSP.
+> - Group Policies that are not defined by ADMX (Administrative Templates). -- Example: Password policy - minimum password age.
+> - Group Policies under Windows Update category.
+>
+
+
 <!--SupportedSKUs-->
 
 |Edition|Windows 10|Windows 11|
@@ -58,9 +66,6 @@ manager: dansimp
 <!--Description-->
 This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy (GP) are set on the device.
 
-> [!NOTE]
-> MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs.
-
 This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
 
 > [!NOTE]

From 4f06f1724b701352cf49cab3c077c9ccaeb3bac3 Mon Sep 17 00:00:00 2001
From: Aaron Czechowski <aczechowski@users.noreply.github.com>
Date: Mon, 2 May 2022 16:59:11 -0700
Subject: [PATCH 2/9] editorial revision

---
 .../mdm/policy-csp-controlpolicyconflict.md               | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index 020a873465..b0f891a273 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -33,11 +33,11 @@ manager: dansimp
 <a href="" id="controlpolicyconflict-mdmwinsovergp"></a>**ControlPolicyConflict/MDMWinsOverGP**  
 
 > [!NOTE]
-> MDM policy win over Group Policy are applicable to limited set of Group Policies. It dows not apply to the following GP settings.
-> - Group Policies that does not have a mapping with a MDM Policy controlled through Policy CSP.
-> - Group Policies that are not defined by ADMX (Administrative Templates). -- Example: Password policy - minimum password age.
-> - Group Policies under Windows Update category.
+> This setting is applicable to a limited set of group policies. It doesn't apply to the following group policy settings:
 >
+> - Group policies that don't have a mapping with an MDM policy that's controlled through the policy CSP.
+> - Group policies that aren't defined by an administrative template (ADMX). For example: Password policy - minimum password age.
+> - Group policies under the Windows Update category.
 
 
 <!--SupportedSKUs-->

From 486a3146ab68f5d32594c474bc1448401d8dd2fb Mon Sep 17 00:00:00 2001
From: Justin Hall <justinha@microsoft.com>
Date: Tue, 24 May 2022 18:02:39 -0700
Subject: [PATCH 3/9] Update mandatory-settings-for-wip.md

---
 .../mandatory-settings-for-wip.md                             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
index cf0c2bbce8..462c07b618 100644
--- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
@@ -13,7 +13,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 03/05/2019
+ms.date: 05/24/2022
 ms.reviewer: 
 ---
 
@@ -26,7 +26,7 @@ This list provides all of the tasks and settings that are required for the opera
 
 |Task|Description|
 |----|-----------|
-|Add at least one app to the **Protected apps** list in your WIP policy.|You must have at least one app added to your **Protected apps** list. For more info about where this area is and how to add apps, see the **Add apps to your Protected apps list** section of the policy creation topics.|
+|Add at least one Store app and one Desktop to the **Protected apps** list in your WIP policy.|You must have at least one app added to your **Protected apps** list. For more info about where this area is and how to add apps, see the **Add apps to your Protected apps list** section of the policy creation topics. |
 |Choose your WIP protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Block**. For more info about where this area is and how to decide on your protection level, see the [Manage the WIP protection mode for your enterprise data](./create-wip-policy-using-configmgr.md#manage-the-wip-protection-level-for-your-enterprise-data) section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).|
 |Specify your corporate identity.|This field is automatically filled out for you by Microsoft Intune. However, you must manually correct it if it’s incorrect or if you need to add additional domains. For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics.
 |Specify your network domain names.|Starting with Windows 10, version 1703, this field is optional.<br><br>Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics.|

From c483e4abad03f4f4cc484628fb5edda436a9c748 Mon Sep 17 00:00:00 2001
From: Aaron Czechowski <aczechowski@users.noreply.github.com>
Date: Tue, 24 May 2022 18:12:00 -0700
Subject: [PATCH 4/9] revise from email discussion

---
 .../mdm/policy-csp-controlpolicyconflict.md            | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index b0f891a273..044fb7026f 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -33,12 +33,12 @@ manager: dansimp
 <a href="" id="controlpolicyconflict-mdmwinsovergp"></a>**ControlPolicyConflict/MDMWinsOverGP**  
 
 > [!NOTE]
-> This setting is applicable to a limited set of group policies. It doesn't apply to the following group policy settings:
+> This setting doesn't apply to the following types of group policies:
 >
-> - Group policies that don't have a mapping with an MDM policy that's controlled through the policy CSP.
-> - Group policies that aren't defined by an administrative template (ADMX). For example: Password policy - minimum password age.
-> - Group policies under the Windows Update category.
-
+> - If they don't map to an MDM policy. For example, firewall policies and account lockout policies
+> - If they aren't defined by an ADMX. For example, Password policy - minimum password age.
+> - If they're in the Windows Update category.
+> - If they have list entries. For example, the Microsoft Edge CookiesAllowedForUrls policy.
 
 <!--SupportedSKUs-->
 

From 382f7053069c17bccd53118a1c37d9f9fa49b7ae Mon Sep 17 00:00:00 2001
From: Justin Hall <justinha@microsoft.com>
Date: Tue, 24 May 2022 18:13:17 -0700
Subject: [PATCH 5/9] Update mandatory-settings-for-wip.md

---
 .../mandatory-settings-for-wip.md                               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
index 462c07b618..c046695c0c 100644
--- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
@@ -26,7 +26,7 @@ This list provides all of the tasks and settings that are required for the opera
 
 |Task|Description|
 |----|-----------|
-|Add at least one Store app and one Desktop to the **Protected apps** list in your WIP policy.|You must have at least one app added to your **Protected apps** list. For more info about where this area is and how to add apps, see the **Add apps to your Protected apps list** section of the policy creation topics. |
+|Add at least one type of each app (Store and Desktop) to the **Protected apps** list in your WIP policy.|You must have at least one Store app and one Desktop added to your **Protected apps** list. For more info about where this area is and how to add apps, see the **Add apps to your Protected apps list** section of the policy creation topics. at least one each (Store and Desktop) app" into their protected apps policy as a requirement|
 |Choose your WIP protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Block**. For more info about where this area is and how to decide on your protection level, see the [Manage the WIP protection mode for your enterprise data](./create-wip-policy-using-configmgr.md#manage-the-wip-protection-level-for-your-enterprise-data) section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).|
 |Specify your corporate identity.|This field is automatically filled out for you by Microsoft Intune. However, you must manually correct it if it’s incorrect or if you need to add additional domains. For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics.
 |Specify your network domain names.|Starting with Windows 10, version 1703, this field is optional.<br><br>Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics.|

From 9faf9c8320db4dad5c9b6e279e1c0ef680173ad7 Mon Sep 17 00:00:00 2001
From: Jeremy Danyow <jeremy.danyow@microsoft.com>
Date: Wed, 25 May 2022 09:54:35 -0700
Subject: [PATCH 6/9] Enable experimentation

https://dev.azure.com/ceapex/Engineering/_workitems/edit/617890
---
 .../microsoft-defender-smartscreen-overview.md                   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
index 8b9946ec0d..576cbdac19 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
@@ -12,6 +12,7 @@ ms.localizationpriority: high
 ms.reviewer: 
 manager: dansimp
 ms.technology: windows-sec
+adobe-target: true
 ---
 
 # Microsoft Defender SmartScreen

From c1b95cfc360ed5131b36ae0a8fd940a706864a5e Mon Sep 17 00:00:00 2001
From: Justin Hall <justinha@microsoft.com>
Date: Wed, 25 May 2022 10:59:36 -0700
Subject: [PATCH 7/9] Update mandatory-settings-for-wip.md

---
 .../mandatory-settings-for-wip.md                             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
index c046695c0c..328fee03eb 100644
--- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
@@ -13,7 +13,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 05/24/2022
+ms.date: 05/25/2022
 ms.reviewer: 
 ---
 
@@ -26,7 +26,7 @@ This list provides all of the tasks and settings that are required for the opera
 
 |Task|Description|
 |----|-----------|
-|Add at least one type of each app (Store and Desktop) to the **Protected apps** list in your WIP policy.|You must have at least one Store app and one Desktop added to your **Protected apps** list. For more info about where this area is and how to add apps, see the **Add apps to your Protected apps list** section of the policy creation topics. at least one each (Store and Desktop) app" into their protected apps policy as a requirement|
+|Add at least one app of each type (Store and Desktop) to the **Protected apps** list in your WIP policy.|You must have at least one Store app and one Desktop app added to your **Protected apps** list. For more info about where this area is and how to add apps, see the **Add apps to your Protected apps list** section of the policy creation topics. at least one each (Store and Desktop) app" into their protected apps policy as a requirement|
 |Choose your WIP protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Block**. For more info about where this area is and how to decide on your protection level, see the [Manage the WIP protection mode for your enterprise data](./create-wip-policy-using-configmgr.md#manage-the-wip-protection-level-for-your-enterprise-data) section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).|
 |Specify your corporate identity.|This field is automatically filled out for you by Microsoft Intune. However, you must manually correct it if it’s incorrect or if you need to add additional domains. For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics.
 |Specify your network domain names.|Starting with Windows 10, version 1703, this field is optional.<br><br>Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics.|

From a25da1b5f34be860f6151177a313f627dd25b348 Mon Sep 17 00:00:00 2001
From: Diana Hanson <v-dihans@microsoft.com>
Date: Wed, 25 May 2022 12:14:41 -0600
Subject: [PATCH 8/9] Update
 windows/client-management/mdm/policy-csp-controlpolicyconflict.md

---
 .../client-management/mdm/policy-csp-controlpolicyconflict.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index 044fb7026f..522b144fb4 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -35,7 +35,7 @@ manager: dansimp
 > [!NOTE]
 > This setting doesn't apply to the following types of group policies:
 >
-> - If they don't map to an MDM policy. For example, firewall policies and account lockout policies
+> - If they don't map to an MDM policy. For example, firewall policies and account lockout policies.
 > - If they aren't defined by an ADMX. For example, Password policy - minimum password age.
 > - If they're in the Windows Update category.
 > - If they have list entries. For example, the Microsoft Edge CookiesAllowedForUrls policy.

From 94015c068d654f4a8abff25b554f99b8bbda8b5d Mon Sep 17 00:00:00 2001
From: Justin Hall <justinha@microsoft.com>
Date: Wed, 25 May 2022 12:31:54 -0700
Subject: [PATCH 9/9] Update mandatory-settings-for-wip.md

---
 .../mandatory-settings-for-wip.md                               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
index 328fee03eb..daf5a9fac0 100644
--- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
@@ -26,7 +26,7 @@ This list provides all of the tasks and settings that are required for the opera
 
 |Task|Description|
 |----|-----------|
-|Add at least one app of each type (Store and Desktop) to the **Protected apps** list in your WIP policy.|You must have at least one Store app and one Desktop app added to your **Protected apps** list. For more info about where this area is and how to add apps, see the **Add apps to your Protected apps list** section of the policy creation topics. at least one each (Store and Desktop) app" into their protected apps policy as a requirement|
+|Add at least one app of each type (Store and Desktop) to the **Protected apps** list in your WIP policy.|You must have at least one Store app and one Desktop app added to your **Protected apps** list. For more info about where this area is and how to add apps, see the **Add apps to your Protected apps list** section of the policy creation topics. |
 |Choose your WIP protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Block**. For more info about where this area is and how to decide on your protection level, see the [Manage the WIP protection mode for your enterprise data](./create-wip-policy-using-configmgr.md#manage-the-wip-protection-level-for-your-enterprise-data) section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).|
 |Specify your corporate identity.|This field is automatically filled out for you by Microsoft Intune. However, you must manually correct it if it’s incorrect or if you need to add additional domains. For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics.
 |Specify your network domain names.|Starting with Windows 10, version 1703, this field is optional.<br><br>Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics.|