Merge branch 'main' into tls-dep-8084466

2025-06-17 19:33:37 +00:00 · 2023-08-01 12:05:42 -07:00
parent 1da849b60b 78369ddc2c
commit 78b8cb1102
171 changed files with 657 additions and 1549 deletions
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@ -19,8 +19,6 @@
          href: update/waas-servicing-strategy-windows-10-updates.md
        - name: Deployment proof of concept
          items: 
-            - name: Demonstrate Autopilot deployment on a VM
-              href: windows-autopilot/demonstrate-deployment-on-vm.md
            - name: Deploy Windows 10 with MDT and Configuration Manager
              items:
                - name: 'Step by step guide: Configure a test lab to deploy Windows 10'
--- a/windows/deployment/do/delivery-optimization-endpoints.md
+++ b/windows/deployment/do/delivery-optimization-endpoints.md
@ -28,7 +28,7 @@ Use the table below to reference any particular content types or services endpoi

 |Domain Name  |Protocol/Port(s)  | Content Type | Additional Information | Microsoft Connected Cache Version |
 |---------|---------|---------------|-------------------|-----------------|
-| *.b1.download.windowsupdate.com, *.dl.delivery.mp.microsoft.com, *.download.windowsupdate.com, *.au.download.windowsupdate.com, *.au.b1.download.windowsupdate.com, *.tlu.dl.delivery.mp.microsoft.com, *.emdl.ws.microsoft.com, *.ctldl.windowsupdate.com   |  HTTP / 80  | Windows Update </br> Windows Defender </br> Windows Drivers | [Complete list](/windows/privacy/manage-windows-2004-endpoints) of endpoints for Windows Update services and payload. | Both |
+| *.b1.download.windowsupdate.com, *.dl.delivery.mp.microsoft.com, *.download.windowsupdate.com, *.au.download.windowsupdate.com, *.au.b1.download.windowsupdate.com, *.tlu.dl.delivery.mp.microsoft.com, *.emdl.ws.microsoft.com, *.ctldl.windowsupdate.com   |  HTTP / 80  | Windows Update </br> Windows Defender </br> Windows Drivers </br> Windows Store | [Complete list](/windows/privacy/manage-windows-2004-endpoints) of endpoints for Windows Update services and payload. | Both |
 | *.delivery.mp.microsoft.com  |  HTTP / 80  | Edge Browser | [Complete list](/deployedge/microsoft-edge-security-endpoints) of endpoints for Edge Browser. | Both |
 | *.officecdn.microsoft.com.edgesuite.net, *.officecdn.microsoft.com, *.cdn.office.net |  HTTP / 80  | Office CDN updates | [Complete list](/office365/enterprise/office-365-endpoints) of endpoints for Office CDN updates. | Both |
 | *.manage.microsoft.com, *.swda01.manage.microsoft.com, *.swda02.manage.microsoft.com, *.swdb01.manage.microsoft.com, *.swdb02.manage.microsoft.com, *.swdc01.manage.microsoft.com, *.swdc02.manage.microsoft.com, *.swdd01.manage.microsoft.com, *.swdd02.manage.microsoft.com, *.swda01-mscdn.manage.microsoft.com, *.swda02-mscdn.manage.microsoft.com, *.swdb01-mscdn.manage.microsoft.com, *.swdb02-mscdn.manage.microsoft.com, *.swdc01-mscdn.manage.microsoft.com, *.swdc02-mscdn.manage.microsoft.com, *.swdd01-mscdn.manage.microsoft.com, *.swdd02-mscdn.manage.microsoft.com |  HTTP / 80 </br> HTTPs / 443  | Intune Win32 Apps | [Complete list](/mem/intune/fundamentals/intune-endpoints) of endpoints for Intune Win32 Apps updates. | Both |
--- a/windows/deployment/do/includes/waas-delivery-optimization-monitor.md
+++ b/windows/deployment/do/includes/waas-delivery-optimization-monitor.md
@ -5,7 +5,7 @@ manager: aaroncz
 ms.prod: windows-client
 ms.technology: itpro-deploy
 ms.topic: include
-ms.date: 04/06/2022
+ms.date: 07/31/2023
 ms.localizationpriority: medium
 ---
 <!--This file is shared by do/waas-delivery-optimization-setup.md and the update/update-compliance-get-started.md articles -->
@ -27,13 +27,13 @@ ms.localizationpriority: medium
 | FileSizeInCache | Size of the file in the cache |
 | TotalBytesDownloaded | The number of bytes from any source downloaded so far |
 | PercentPeerCaching |The percentage of bytes downloaded from peers versus over HTTP |
-| BytesFromPeers | Total bytes downloaded from peer devices (sum of bytes downloaded from LAN, Group, and Internet Peers) |
+| BytesFromPeers | Total bytes downloaded from peer devices (sum of bytes downloaded from LAN, Group, and Internet Peers) |
 | BytesfromHTTP | Total number of bytes received over HTTP. This metric represents all HTTP sources, which includes BytesFromCacheServer |
 | Status | Current state of the operation. Possible values are: **Downloading** (download in progress); **Complete** (download completed, but isn't uploading yet); **Caching** (download completed successfully and is ready to upload or uploading); **Paused** (download/upload paused by caller) |
 | Priority | Priority of the download; values are **foreground** or **background** |
 | BytesFromCacheServer | Total number of bytes received from cache server (MCC) |
 | BytesFromLanPeers | Total number of bytes received from peers found on the LAN |
-| BytesFromGroupPeers | Total number of bytes received from peers found in the group. (Note: Group mode is LAN + Group. If peers are found on the LAN, those bytes will be registered in 'BytesFromLANPeers'.)  |
+| BytesFromGroupPeers | Total number of bytes received from peers found in the group. (Note: Group mode is LAN + Group. If peers are found on the LAN, those bytes are registered in 'BytesFromLANPeers'.)  |
 | BytesFromInternetPeers | Total number of bytes received from internet peers |
 | BytesToLanPeers | Total number of bytes delivered from peers found on the LAN |
 | BytesToGroupPeers | Total number of bytes delivered from peers found in the group |
@ -168,3 +168,33 @@ Using the `-ListConnections` option returns these details about peers:
 If `Path` isn't specified, this cmdlet reads all logs from the DoSvc log directory, which requires administrator permissions. If `Flush` is specified, the cmdlet stops DoSvc before reading logs.

 Log entries are written to the PowerShell pipeline as objects. To dump logs to a text file, run `Get-DeliveryOptimizationLog | Set-Content <output file>` or something similar.
+
+
+**Starting in Windows 10, version 1803:**
+
+`Get-DOConfig -Verbose`
+
+This cmdlet lists local configuration and policies that are applied to Delivery Optimization. This includes policies that are set via Group Policies or MDM Policies. Each policy is listed with the current set value and the provider of that policy. For example:
+
+DownloadMode:Simple
+DownloadModeProvider:Mdm Provider
+
+The provider is listed as "Default Provider" if it's using the Delivery Optimization platform configured default. 
+
+The cmdlet returns the following data:
+
+- BatteryPctToSeed: Corresponds to the [DOMinBatteryPercentageAllowedToUpload](../waas-delivery-optimization-reference.md#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) policy.
+- WorkingDirectory: The local folder containing the Delivery Optimization cache.
+- MinTotalDiskSize: Corresponds to the [DOMinDiskSizeAllowedToPeer](../waas-delivery-optimization-reference.md#minimum-disk-size-allowed-to-use-peer-caching) policy.
+- MinTotalRAM: Corresponds to the [DOMinRAMAllowedToPeer](../waas-delivery-optimization-reference.md#minimum-ram-inclusive-allowed-to-use-peer-caching) policy.
+- VpnPeerCachingAllowed: Corresponds to the [DOAllowVPNPeerCaching](../waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy.
+- VpnKeywords: List of keywords used to identify a VPN adapter.
+- SetHoursToLimitDownloadBackground: Corresponds to the [DOSetHoursToLimitBackgroundDownloadBandwidth](../waas-delivery-optimization-reference.md#set-business-hours-to-limit-background-download-bandwidth) policy.
+- SetHoursToLimitDownloadForeground: Corresponds to the [DOSetHoursToLimitForegroundDownloadBandwidth](../waas-delivery-optimization-reference.md#set-business-hours-to-limit-foreground-download-bandwidth) policy.
+- DownloadMode: Corresponds to the [DODownloadMode](../waas-delivery-optimization-reference.md#download-mode) policy.
+- DownBackLimitBps: Corresponds to the [DOMaxBackgroundDownloadBandwidth](../waas-delivery-optimization-reference.md#maximum-background-download-bandwidth-in-kbs) policy.
+- DownloadForegroundLimitBps: Corresponds to the [DOMaxForegroundDownloadBandwidth](../waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) policy.
+- DownBackLimitPct: Corresponds to the [DOPercentageMaxBackgroundBandwidth](../waas-delivery-optimization-reference.md#maximum-background-download-bandwidth) policy.
+- DownloadForegroundLimitPct: Corresponds to the [DOPercentageMaxForegroundBandwidth](../waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth) policy.
+- MaxUploadRatePct: Corresponds to the [DOMaxUploadBandwidth](../waas-delivery-optimization-reference.md#max-upload-bandwidth) policy (deprecated in Windows 10, version 2004).
+- UploadLimitMonthlyGB: Corresponds to the [DOMonthlyUploadDataCap](../waas-delivery-optimization-reference.md#monthly-upload-data-cap) policy.
--- a/windows/deployment/do/mcc-isp-overview.md
+++ b/windows/deployment/do/mcc-isp-overview.md
@ -6,7 +6,7 @@ ms.prod: windows-client
 author: amymzhou
 ms.author: amyzhou
 ms.topic: article
-ms.date: 05/09/2023
+ms.date: 07/27/2023
 ms.technology: itpro-updates
 ms.collection: tier3
 ---
@ -18,7 +18,7 @@ ms.collection: tier3
 - Windows 10
 - Windows 11

-Microsoft Connected Cache (MCC) for Internet Service Providers (preview) is a software-only caching solution that delivers Microsoft content. MCC can be deployed to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, MCC can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing.
+Microsoft Connected Cache (MCC) for Internet Service Providers (preview) is a free software-only caching solution that delivers Microsoft content. MCC can be deployed free of charge to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, MCC can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing.

 ## Supported scenarios

@ -37,4 +37,37 @@ Microsoft Connected Cache uses Delivery Optimization as the backbone for Microso
 - Endpoint protection: Windows Defender definition updates
 - Xbox: Xbox Game Pass (PC only)

+Do you peer with [Microsoft (ASN 8075)](/azure/internet-peering/)? Microsoft Connected Cache complements peering by offloading static content that is served off of multiple CDNs such as Akamai, Lumen, and Edgecast. Microsoft Peering mainly caches dynamic content - by onboarding to Microsoft Connected Cache, you'll cache static content that otherwise would be served from the CDN. 
+
 For the full list of content endpoints that Microsoft Connected Cache for ISPs supports, see [Microsoft Connected Cache content and services endpoints](delivery-optimization-endpoints.md).
+
+## How MCC works
+
+:::image type="content" source="./images/mcc-isp-diagram.png" alt-text="Data flow diagram of how Microsoft Connected Cache works." lightbox="./images/mcc-isp-diagram.png":::
+
+The following steps describe how MCC is provisioned and used:
+
+1. The Azure portal is used to create and manage MCC nodes.
+
+1. A shell script is used to provision the server and deploy the MCC application.
+
+1. A combination of the Azure portal and shell script is used to configure Microsoft Delivery Optimization Services to route traffic to the MCC server.
+
+    - The publicly accessible IPv4 address of the server is configured on the portal.
+
+    - **Manual Routing:** Providing the CIDR blocks that represent the client IP address space, which should be routed to the MCC node.
+
+    - **BGP Routing:** A shell script is used to initiate a peering session with a router in the operator network, and the operator initiates a session with the MCC node.
+
+        > [!NOTE]
+        > Only IPv4 addresses are supported at this time. Entering IPv6 addresses will result in an error.
+
+1. Microsoft end-user devices (clients) periodically connect with Microsoft Delivery Optimization Services, and the services match the IP address of the client with the IP address of the corresponding MCC node.
+
+1. Microsoft clients make the range requests for content from the MCC node.
+
+1. An MCC node gets content from the CDN, seeds its local cache stored on disk, and delivers the content to the client.
+
+1. Subsequent requests from end-user devices for content will be served from cache.
+
+1. If the MCC node is unavailable, the client gets content from the CDN to ensure uninterrupted service for your subscribers.
--- a/windows/deployment/do/waas-delivery-optimization-faq.yml
+++ b/windows/deployment/do/waas-delivery-optimization-faq.yml
@ -12,7 +12,7 @@ metadata:
    - highpri
    - tier3
  ms.topic: faq
-  ms.date: 07/11/2023
+  ms.date: 07/31/2023
 title: Delivery Optimization Frequently Asked Questions
 summary: |
  **Applies to**
@ -62,6 +62,10 @@ sections:
          Microsoft content, such as Windows updates, are hosted and delivered globally via Content Delivery Networks (CDNs) and [Microsoft Connected Cache](waas-microsoft-connected-cache.md) (MCC) servers, which are hosted within Internet Service Provider (ISP) networks. 
          The network of CDNs and MCCs allows Microsoft to reach the scale required to meet the demand of the Windows user base. Given this delivery infrastructure changes dynamically, providing an exhaustive list of IPs and keeping it up to date isn't feasible. 
        
+      - question: Delivery Optimization is downloading Windows content on my devices directly from an IP Address, is it expected? 
+        answer: | 
+          When Delivery Optimization downloads from a [Microsoft Connected Cache](waas-microsoft-connected-cache.md) server that is hosted by your Internet Service Provider, the download will be pulled directly from the IP Address of that server. If the Microsoft Connected cache isn't available, the download will fall back seamlessly to the CDN instead. Delivery Optimization Peers are used in parallel if available. 
+
      - question: Does Delivery Optimization use multicast?
        answer: No. It relies on the cloud service for peer discovery, resulting in a list of peers and their IP addresses. Client devices then connect to their peers to obtain download files over TCP/IP.
          
@ -131,7 +135,7 @@ sections:
      
      - question: Delivery Optimization is using device resources and I can't tell why?
        answer: |
-          Delivery Optimization is used by most content providers from Microsoft. A complete list can be found [here](waas-delivery-optimization.md#types-of-download-content-supported-by-delivery-optimization). Oftentimes customers may not realize the vast application of Delivery Optimization and how it's used across different apps. Content providers have the option to run downloads in the foreground or background. It's good to check any apps running in the background to see what is running. Also note that depending on the app, closing the app may not necessarily stop the download.
+          Delivery Optimization is used by most content providers from Microsoft. A complete list can be found [here](waas-delivery-optimization.md#types-of-download-content-supported-by-delivery-optimization). Often customers may not realize the vast application of Delivery Optimization and how it's used across different apps. Content providers have the option to run downloads in the foreground or background. It's good to check any apps running in the background to see what is running. Also note that depending on the app, closing the app may not necessarily stop the download.

      - question: What Delivery Optimization settings are available?
        answer: |
--- a/windows/deployment/do/waas-delivery-optimization-reference.md
+++ b/windows/deployment/do/waas-delivery-optimization-reference.md
@ -6,9 +6,9 @@ ms.prod: windows-client
 author: cmknox
 ms.localizationpriority: medium
 ms.author: carmenf
-ms.topic: article
+ms.topic: reference
 ms.technology: itpro-updates
-ms.date: 06/28/2023
+ms.date: 07/31/2023
 ms.collection: tier3
 ---

@ -16,18 +16,18 @@ ms.collection: tier3

 **Applies to**

- Windows 10
+- Windows 10
 - Windows 11

 > **Looking for Group Policy objects?** See [Delivery Optimization reference](waas-delivery-optimization-reference.md) or the master spreadsheet available at the Download Center [for Windows 11](https://www.microsoft.com/en-us/download/details.aspx?id=104594) or [for Windows 10](https://www.microsoft.com/en-us/download/details.aspx?id=104678).

-There are many configuration options you can set in Delivery Optimization to customize the content delivery experience specific to your environment needs. This topic summarizes those configurations for your reference. If you just need an overview of Delivery Optimization, see [What is Delivery Optimization](waas-delivery-optimization.md). If you need information about setting up Delivery Optimization, including tips for the best settings in different scenarios, see [Set up Delivery Optimization for Windows](waas-delivery-optimization-setup.md).
+There are many configuration options you can set in Delivery Optimization to customize the content delivery experience specific to your environment needs. This article summarizes those configurations for your reference. If you just need an overview of Delivery Optimization, see [What is Delivery Optimization](waas-delivery-optimization.md). If you need information about setting up Delivery Optimization, including tips for the best settings in different scenarios, see [Set up Delivery Optimization for Windows](waas-delivery-optimization-setup.md).

 ## Delivery Optimization options

 You can use Group Policy or an MDM solution like Intune to configure Delivery Optimization.

-You'll find the Delivery Optimization settings in Group Policy under **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization**.
+The Delivery Optimization settings in Group Policy are under **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization**.
 In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimization/**.

 ### Summary of Delivery Optimization settings
@ -35,9 +35,9 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz
 | Group Policy setting | MDM setting | Supported from version | Notes |
 | --- | --- | --- | ------- |
 | [Download mode](#download-mode) | DODownloadMode | 1511 | Default is set to LAN(1). The Group [Download mode](#download-mode) (2) combined with [Group ID](#group-id), enables administrators to create custom device groups that will share content between devices in the group.|
-| [Group ID](#group-id)  | DOGroupID | 1511 | Used with Group [Download mode](#download-mode). If not set, check [GroupIDSource](#select-the-source-of-group-ids). When GroupID or GroupIDSource policies aren't set, the GroupID will be defined as the AD Site (1), Authenticated domain SID (2) or AAD Tenant ID (5), in that order.  |
-| [Select the source of Group IDs](#select-the-source-of-group-ids) | DOGroupIDSource | 1803 | If not set, check [Group ID](#group-id). When the GroupID or GroupIDSource policies aren't set, the Group will be defined as the AD Site (1), Authenticated domain SID (2) or AAD Tenant ID (5), in that order. |
-| [Select a method to restrict peer selection](#select-a-method-to-restrict-peer-selection) | DORestrictPeerSelectionBy | 1803 | Starting in Windows 11, consumer devices default to using 'Local discovery (DNS-SD)' and commercial devices  default to using 'Subnet'.  |
+| [Group ID](#group-id)  | DOGroupID | 1511 | Used with Group [Download mode](#download-mode). If not set, check [GroupIDSource](#select-the-source-of-group-ids). When GroupID or GroupIDSource policies aren't set, the GroupID is defined as the AD Site (1), Authenticated domain SID (2) or Azure AD Tenant ID (5), in that order.  |
+| [Select the source of Group IDs](#select-the-source-of-group-ids) | DOGroupIDSource | 1803 | If not set, check [Group ID](#group-id). When the GroupID or GroupIDSource policies aren't set, the Group is defined as the AD Site (1), Authenticated domain SID (2) or Azure AD Tenant ID (5), in that order. |
+| [Select a method to restrict peer selection](#select-a-method-to-restrict-peer-selection) | DORestrictPeerSelectionBy | 1803 | Starting in Windows 11, a new option to use 'Local discovery (DNS-SD)' is available to set via this policy. |
 | [Minimum RAM (inclusive) allowed to use peer caching](#minimum-ram-inclusive-allowed-to-use-peer-caching) | DOMinRAMAllowedToPeer | 1703 | Default value is 4 GB. |
 | [Minimum disk size allowed to use peer caching](#minimum-disk-size-allowed-to-use-peer-caching) | DOMinDiskSizeAllowedToPeer | 1703 | Default value is 32 GB. |
 | [Max cache age](#max-cache-age) | DOMaxCacheAge | 1511 | Default value is 259,200 seconds (three days). |
@ -51,16 +51,16 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz
 | [Allow uploads while the device is on battery while under set battery level](#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) | DOMinBatteryPercentageAllowedToUpload | 1709 | Default is to not allow peering while on battery.  |
 | [Maximum foreground download bandwidth (percentage)](#maximum-foreground-download-bandwidth) | DOPercentageMaxForegroundBandwidth | 1803 | Default is '0' which will dynamically adjust. |
 | [Maximum background download bandwidth (percentage)](#maximum-background-download-bandwidth) | DOPercentageMaxBackgroundBandwidth | 1803 | Default is '0' which will dynamically adjust. |
-| [Maximum foreground download bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs) | DOMaxForegroundDownloadBandwidth | 2004 | Default is '0' which will dynamically adjust. |
+| [Maximum foreground download bandwidth (in KB/s)](#maximum-foreground-download-bandwidth-in-kbs) | DOMaxForegroundDownloadBandwidth | 2004 | Default is '0' which will dynamically adjust. |
 | [Maximum background download bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs) | DOMaxBackgroundDownloadBandwidth | 2004 | Default is '0' which will dynamically adjust. |
 | [Set hours to limit background download bandwidth](#set-business-hours-to-limit-background-download-bandwidth) | DOSetHoursToLimitBackgroundDownloadBandwidth | 1803 | Default isn't set. |
 | [Set hours to limit foreground download bandwidth](#set-business-hours-to-limit-foreground-download-bandwidth) |DOSetHoursToLimitForegroundDownloadBandwidth | 1803 | Default isn't set. |
 | [Delay background download from HTTP (in secs)](#delay-background-download-from-http-in-secs) | DODelayBackgroundDownloadFromHttp | 1803 | Default isn't set. For peering, use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options. |
 | [Delay foreground download from HTTP (in secs)](#delay-foreground-download-from-http-in-secs) | DODelayForegroundDownloadFromHttp | 1803 | Default isn't set. For peering, use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options.|
-| [Delay foreground download Cache Server fallback (in secs)](#delay-foreground-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackForeground | 1903 | Default isn't set. For Microsoft Connected Cache content use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options. |
-| [Delay background download Cache Server fallback (in secs)](#delay-background-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackBackground | 1903 | Default isn't set. For Microsoft Connected Cache content use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options.|
-| [Cache Server Hostname](#cache-server-hostname) | DOCacheHost | 1809  | Default is it has no value. |
-| [Cache Server Hostname Source](#cache-server-hostname-source) | DOCacheHostSource | 2004 | Default is it has no value. |
+| [Delay foreground download Cache Server fallback (in secs)](#delay-foreground-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackForeground | 1903 | Default isn't set. For Microsoft Connected Cache content, use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options. |
+| [Delay background download Cache Server fallback (in secs)](#delay-background-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackBackground | 1903 | Default isn't set. For Microsoft Connected Cache content, use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options.|
+| [Cache Server Hostname](#cache-server-hostname) | DOCacheHost | 1809  | No value is set as default. |
+| [Cache Server Hostname Source](#cache-server-hostname-source) | DOCacheHostSource | 2004 | No value is set as default. |
 | [Maximum download bandwidth](#maximum-download-bandwidth) | DOMaxDownloadBandwidth | 1607 (deprecated in Windows 10, version 2004); use [Maximum background download bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs) or [Maximum foreground download bandwidth (in KB/s)](#maximum-foreground-download-bandwidth-in-kbs) instead)| Default is '0' which will dynamically adjust. |
 | [Percentage of maximum download bandwidth](#percentage-of-maximum-download-bandwidth) | DOPercentageMaxDownloadBandwidth | 1607 (deprecated in Windows 10, version 2004); use [Maximum background download bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs)  or [Maximum foreground download bandwidth (in KB/s)](#maximum-foreground-download-bandwidth-in-kbs) instead)| Default is '0' which will dynamically adjust. |
 | [Maximum upload bandwidth](#max-upload-bandwidth) | DOMaxUploadBandwidth | 1607 (deprecated in Windows 10, version 2004) | Default is '0' (unlimited). |
@ -82,7 +82,7 @@ All cached files have to be above a set minimum size. This size is automatically

 #### Impact to network

-More options available that control the impact Delivery Optimization has on your network include the following:
+More options available that control the impact Delivery Optimization has on your network include the following settings:

 - [Minimum Background QoS](#minimum-background-qos) lets administrators guarantee a minimum download speed for Windows updates. This setting adjusts the amount of data downloaded directly from HTTP sources, rather than other peers in the network.
 - [Maximum Foreground Download Bandwidth](#maximum-foreground-download-bandwidth) specifies the maximum foreground download bandwidth*hat Delivery Optimization uses, across all concurrent download activities, as a percentage of available download bandwidth.
@ -94,7 +94,7 @@ More options available that control the impact Delivery Optimization has on your

 #### Policies to prioritize the use of Peer-to-Peer and Cache Server sources

-When Delivery Optimization client is configured to use peers and Microsoft Connected Cache (MCC), to achieve the best possible content delivery experience, the client will connect to both MCC and peers in parallel. If the desired content can’t be obtained from MCC or peers, Delivery Optimization will automatically fallback to the HTTP source to get the requested content. There are four settings that allow you to prioritize peer-to-peer or MCC sources by delaying the immediate fallback to HTTP source which is the default behavior.
+When Delivery Optimization client is configured to use peers and Microsoft Connected Cache (MCC), to achieve the best possible content delivery experience, the client connects to both MCC and peers in parallel. If the desired content can't be obtained from MCC or peers, Delivery Optimization will automatically fallback to the HTTP source to get the requested content. There are four settings that allow you to prioritize peer-to-peer or MCC sources by delaying the immediate fallback to HTTP source, which is the default behavior.

 ##### Peer-to-peer delay fallback settings

@ -106,11 +106,11 @@ When Delivery Optimization client is configured to use peers and Microsoft Conne
 - [Delay foreground download Cache Server fallback (in secs)](#delay-foreground-download-cache-server-fallback-in-secs) allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use a cache server.
 - [Delay background download from HTTP (in secs)](#delay-background-download-from-http-in-secs) allows you to delay the use of an HTTP source in a background  download that is allowed to use a cache server.

-**If both peer-to-peer and MCC are configured, the peer-to-peer delay settings will take precedence over the cache server delay settings.** This allows Delivery Optimization to discover peers first then recognize the fallback setting for the MCC cache server.
+**If both peer-to-peer and MCC are configured, the peer-to-peer delay settings will take precedence over the cache server delay settings.** This setting allows Delivery Optimization to discover peers first then recognize the fallback setting for the MCC cache server.

 #### System resource usage

-Administrators can further customize scenarios where Delivery Optimization will be used with the following settings:
+Administrators can further customize scenarios where Delivery Optimization is used with the following settings:

 - [Minimum RAM (inclusive) allowed to use Peer Caching](#minimum-ram-inclusive-allowed-to-use-peer-caching) sets the minimum RAM required for peer caching to be enabled.
 - [Minimum disk size allowed to use Peer Caching](#minimum-disk-size-allowed-to-use-peer-caching) sets the minimum disk size required for peer caching to be enabled.
@ -119,12 +119,14 @@ Administrators can further customize scenarios where Delivery Optimization will

 ### Download mode

+MDM Setting: **DODownloadMode**
+
 Download mode dictates which download sources clients are allowed to use when downloading Windows updates in addition to Windows Update servers. The following table shows the available download mode options and what they do. Other technical details for these policies are available in [Policy CSP - Delivery Optimization](/windows/client-management/mdm/policy-csp-deliveryoptimization).

 | Download mode option | Functionality when set |
 | --- | --- |
 | HTTP Only (0) | This setting disables peer-to-peer caching but still allows Delivery Optimization to download content over HTTP from the download's original source or a Microsoft Connected Cache server. This mode uses additional metadata provided by the Delivery Optimization cloud services for a peerless reliable and efficient download experience. |
-| LAN (**1 – Default**) | This default operating mode for Delivery Optimization enables peer sharing on the same network. The Delivery Optimization cloud service finds other clients that connect to the Internet using the same public IP as the target client. These clients then try to connect to other peers on the same network by using their private subnet IP.|
+| LAN (**1 - Default**) | This default operating mode for Delivery Optimization enables peer sharing on the same network. The Delivery Optimization cloud service finds other clients that connect to the Internet using the same public IP as the target client. These clients then try to connect to other peers on the same network by using their private subnet IP.|
 | Group (2) | When group mode is set, the group is automatically selected based on the device's Active Directory Domain Services (AD DS) site (Windows 10, version 1607) or the domain the device is authenticated to (Windows 10, version 1511). In group mode, peering occurs across internal subnets, between devices that belong to the same group, including devices in remote offices. You can use GroupID option to create your own custom group independently of domains and AD DS sites. Starting with Windows 10, version 1803, you can use the GroupIDSource parameter to take advantage of other method to create groups dynamically. Group download mode is the recommended option for most organizations looking to achieve the best bandwidth optimization with Delivery Optimization. |
 | Internet (3) | Enable Internet peer sources for Delivery Optimization. |
 | Simple (99) | Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable, or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience over HTTP from the download's original source or a Microsoft Connected Cache server, with no peer-to-peer caching. |
@ -135,6 +137,8 @@ Download mode dictates which download sources clients are allowed to use when do

 ### Group ID

+MDM Setting: **DOGroupID**
+
 By default, peer sharing on clients using the Group download mode (option 2) is limited to the same domain in Windows 10, version 1511, and the same domain and Active Directory Domain Services site in Windows 10, version 1607. By using the Group ID setting, you can optionally create a custom group that contains devices that should participate in Delivery Optimization but don't fall within those domain or Active Directory Domain Services site boundaries, including devices in another domain. Using Group ID, you can further restrict the default group (for example, you could create a subgroup representing an office building), or extend the group beyond the domain, allowing devices in multiple domains in your organization to be peers. This setting requires the custom group to be specified as a GUID on each device that participates in the custom group.

 >[!NOTE]
@ -144,23 +148,29 @@ By default, peer sharing on clients using the Group download mode (option 2) is

 ### Select the source of Group IDs

+MDM Setting: **DOGroupIDSource**
+
 Starting in Windows 10, version 1803, set this policy to restrict peer selection to a specific source, when using a GroupID policy. The options are:

 - 0 = Not set
 - 1 = AD Site
 - 2 = Authenticated domain SID
- 3 = DHCP Option ID (with this option, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID)
+- 3 = DHCP Option ID (with this option, the client queries DHCP Option ID 234 and use the returned GUID value as the Group ID)
 - 4 = DNS Suffix
- 5 = Starting with Windows 10, version 1903, you can use the Azure Active Directory (AAD) Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5.
+- 5 = Starting with Windows 10, version 1903, you can use the Azure AD Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5.

-When set, the Group ID is assigned automatically from the selected source. If you set this policy, the GroupID policy will be ignored. The default behavior, when the GroupID or GroupIDSource policies aren't set, is to determine the Group ID using AD Site (1), Authenticated domain SID (2) or AAD Tenant ID (5), in that order. If GroupIDSource is set to either DHCP Option ID (3) or DNS Suffix (4) and those methods fail, the default behavior is used instead. The option set in this policy only applies to Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. If you set the value to anything other than 0-5, the policy is ignored.  
+When set, the Group ID is assigned automatically from the selected source. If you set this policy, the GroupID policy is ignored. The default behavior, when the GroupID or GroupIDSource policies aren't set, is to determine the Group ID using AD Site (1), Authenticated domain SID (2) or Azure AD Tenant ID (5), in that order. If GroupIDSource is set to either DHCP Option ID (3) or DNS Suffix (4) and those methods fail, the default behavior is used instead. The option set in this policy only applies to Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. If you set the value to anything other than 0-5, the policy is ignored.  

 ### Minimum RAM (inclusive) allowed to use Peer Caching  

+MDM Setting: **DOMinRAMAllowedToPeer**
+
 This setting specifies the minimum RAM size in GB required to use Peer Caching. For example if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. The recommended values are 1 to 4, and **the default value is 4 GB**.

 ### Minimum disk size allowed to use Peer Caching

+MDM Setting: **DOMinDiskSizeAllowedToPeer**
+
 This setting specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. The recommended values are 64 to 256, and **the default value is 32 GB**.

 >[!NOTE]
@ -168,57 +178,82 @@ This setting specifies the required minimum disk size (capacity in GB) for the d

 ### Max Cache Age

-In environments configured for Delivery Optimization, you might want to set an expiration on cached updates and Windows application installation files. If so, this setting defines the maximum number of seconds each file can be held in the Delivery Optimization cache on each Windows 10 client device. Alternatively, organizations might choose to set this value to "0" which means "unlimited" to avoid peers re-downloading content. When "Unlimited" value is set, Delivery Optimization will hold the files in the cache longer and will clean up the cache as needed (for example when the cache size exceeded the maximum space allowed). **The default value is 259,200 seconds (three days)**.
+MDM Setting: **DOMaxCacheAge**
+
+In environments configured for Delivery Optimization, you might want to set an expiration on cached updates and Windows application installation files. If so, this setting defines the maximum number of seconds each file can be held in the Delivery Optimization cache on each Windows 10 client device. Alternatively, organizations might choose to set this value to "0" which means "unlimited" to avoid peers redownloading content. When "Unlimited" value is set, Delivery Optimization holds the files in the cache longer and will clean up the cache as needed (for example when the cache size exceeded the maximum space allowed). **The default value is 259,200 seconds (three days)**.

 ### Max Cache Size

-This setting limits the maximum amount of space the Delivery Optimization cache can use as a percentage of the available drive space, from 1 to 100. For example, if you set this value to 10 on a Windows client device that has 100 GB of available drive space, then Delivery Optimization will use up to 10 GB of that space. Delivery Optimization will constantly assess the available drive space and automatically clear the cache to keep the maximum cache size under the set percentage. **The default value is 20%**.
+MDM Setting: **DOMaxCacheSize**
+
+This setting limits the maximum amount of space the Delivery Optimization cache can use as a percentage of the available drive space, from 1 to 100. For example, if you set this value to 10 on a Windows client device that has 100 GB of available drive space, then Delivery Optimization uses up to 10 GB of that space. Delivery Optimization will constantly assess the available drive space and automatically clear the cache to keep the maximum cache size under the set percentage. **The default value is 20%**.

 ### Absolute Max Cache Size

-This setting specifies the maximum number of gigabytes the Delivery Optimization cache can use. This is different from the [**Max Cache Size**](#max-cache-size) setting, which is a percentage of available disk space. Also, if you configure this policy, it will override the [**Max Cache Size**](#max-cache-size) setting. **The default value is 10 GB**.
+MDM Setting: **DOAbsoluteMaxCacheSize**
+
+This setting specifies the maximum number of gigabytes the Delivery Optimization cache can use. This is different from the [**Max Cache Size**](#max-cache-size) setting, which is a percentage of available disk space. Also, if you configure this policy, it overrides the [**Max Cache Size**](#max-cache-size) setting. **The default value is 10 GB**.

 ### Minimum Peer Caching Content File Size

+MDM Setting: **DOMinFileSizeToCache**
+
 This setting specifies the minimum content file size in MB enabled to use Peer Caching. The recommended values are from 1 to 100000. **The default file size is 50 MB** to participate in peering.

 ### Maximum Download Bandwidth

+MDM Setting: **DOMaxUploadBandwidth**
+
+Deprecated in Windows 10, version 2004.
 This setting specifies the maximum download bandwidth that can be used across all concurrent Delivery Optimization downloads in kilobytes per second (KB/s). **A default value of "0"** means that Delivery Optimization will dynamically adjust and optimize the maximum bandwidth used.

-> [!NOTE]
-> This is the best option for low bandwidth environments.

 ### Maximum Foreground Download Bandwidth

+MDM Setting: **DOPercentageMaxForegroundBandwidth**
+
 Starting in Windows 10, version 1803, specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. **The default value of "0"** means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads. However, downloads from LAN peers aren't throttled even when this policy is set.

 ### Maximum Background Download Bandwidth

+MDM Setting: **DOPercentageMaxBackgroundBandwidth**
+
 Starting in Windows 10, version 1803, specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. **The default value of "0"** means that Delivery Optimization dynamically adjusts to use the available bandwidth for background downloads. However, downloads from LAN peers aren't throttled even when this policy is set.

+> [!NOTE]
+> It is recommended to use the absolute value download options 'DOMaxBackgroundDownloadBandwidth' and 'DOMaxForegroundDownloadBandwidth', rather than percentage-based options, for low bandwidth environments.
+
 ### Percentage of Maximum Download Bandwidth

-This setting specifies the maximum download bandwidth that Delivery Optimization can use across all concurrent download activities as a percentage of available download bandwidth. **The default value of "0"** means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.
+MDM Setting: **DOPercentageMaxDownloadBandwidth**

-> [!NOTE]
-> It is recommended to use the absolute value download option 'Maximum Download Bandwidth', rather than percentage-based options, for low bandwidth environments.
+Deprecated in Windows 10, version 2004.
+This setting specifies the maximum download bandwidth that Delivery Optimization can use across all concurrent download activities as a percentage of available download bandwidth. **The default value of "0"** means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.

 ### Max Upload Bandwidth

+MDM Setting: **DOMaxUploadBandwidth**
+
+Deprecated in Windows 10, version 2004.
 This setting allows you to limit the number of upload bandwidth individual clients can use for Delivery Optimization. Consider this setting when clients are providing content to requesting peers on the network. This option is set in kilobytes per second (KB/s). **The default value is "0" or "unlimited"** which means Delivery Optimization dynamically optimizes for minimal usage of upload bandwidth; however it doesn't cap the upload bandwidth rate at a set rate.

 ### Set Business Hours to Limit Background Download Bandwidth

+MDM Setting: **DOSetHoursToLimitBackgroundDownloadBandwidth**
+
 Starting in Windows 10, version 1803, specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. **By default, this policy isn't set.**

 ### Set Business Hours to Limit Foreground Download Bandwidth

+MDM Setting: **DOSetHoursToLimitForegroundDownloadBandwidth**
+
 Starting in Windows 10, version 1803, specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. **By default, this policy isn't set.**

 ### Select a method to restrict peer selection

-Starting in Windows 10, version 1803, set this policy to restrict peer selection via selected option. In Windows 11 the 'Local Peer Discovery' option was introduced to restrict peer discovery to the local network. Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. These options apply to both Download Modes LAN (1) and Group (2) and therefore means there's no peering between subnets. **The default value in Windows 11 is set to "Local Peer Discovery"**.
+MDM Setting: **DORestrictPeerSelectionBy**
+
+Starting in Windows 10, version 1803, set this policy to restrict peer selection via selected option. In Windows 11, the 'Local Peer Discovery' option was introduced to restrict peer discovery to the local network. Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. These options apply to both Download Modes LAN (1) and Group (2) and therefore means there's no peering between subnets.

 If Group mode is set, Delivery Optimization will connect to locally discovered peers that are also part of the same Group (have the same Group ID).

@ -226,40 +261,58 @@ The Local Peer Discovery (DNS-SD) option can only be set via MDM delivered polic

 ### Delay background download from HTTP (in secs)

+MDM Setting: **DODelayBackgroundDownloadFromHttp**
+
 Starting in Windows 10, version 1803, this allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. The maximum value is 4294967295 seconds. **By default, this policy isn't set.**

 ### Delay foreground download from HTTP (in secs)

+MDM Setting: **DODelayForegroundDownloadFromHttp**
+
 Starting in Windows 10, version 1803, allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. The maximum value is 4294967295 seconds. **By default, this policy isn't set.**

 ### Delay Foreground Download Cache Server Fallback (in secs)

+MDM Setting: **DelayCacheServerFallbackForeground**
+
 Starting in Windows 10, version 1903, allows you to delay the fallback from cache server to the HTTP source for foreground content download by X seconds. If the 'Delay foreground download from HTTP' policy is set, it will apply first (to allow downloads from peers) and then this policy will be applied. **By default, this policy isn't set.**

 By default this policy isn't set. So,

 ### Delay Background Download Cache Server Fallback (in secs)

+MDM Setting: **DelayCacheServerFallbackBackground**
+
 Starting in Windows 10, version 1903, set this policy to delay the fallback from cache server to the HTTP source for a background content download by X seconds. If the 'Delay background download from HTTP' policy is set, it will apply first (to allow downloads from peers) and then this policy will be applied. **By default, this policy isn't set.**

 ### Minimum Background QoS

-This value specifies the minimum download speed guarantee that a client attempts to achieve and will fulfill by downloading more kilobytes from HTTP sources. The lower this value is, the more content will be sourced using peers on the network rather than HTTP sources. The higher this value, the more content is received from HTTP sources, versus peers on the local network. **The default value is 2500 KB/s.**
+MDM Setting: **DOMinBackgroundQoS**
+
+This value specifies the minimum download speed guarantee that a client attempts to achieve and will fulfill by downloading more kilobytes from HTTP sources. The lower this value is, the more content is sourced using peers on the network rather than HTTP sources. The higher this value, the more content is received from HTTP sources, versus peers on the local network. **The default value is 2500 KB/s.**

 ### Modify Cache Drive

+MDM Setting: **DOModifyCacheDrive**
+
 This setting allows for an alternate Delivery Optimization cache location on the clients. **By default, the cache is stored on the operating system drive through the %SYSTEMDRIVE% environment variable.** You can set the value to an environment variable (for example, %SYSTEMDRIVE%), a drive letter (for example, D:), or a folder path (for example, D:\DOCache).

 ### Monthly Upload Data Cap

+MDM Setting: **DOMonthlyUploadDataCap**
+
 This setting specifies the total amount of data in gigabytes that a Delivery Optimization client can upload to Internet peers per month. A value of "0" means that an unlimited amount of data can be uploaded. **The default value for this setting is 20 GB.**

 ### Enable Peer Caching while the device connects via VPN

-This setting determines whether a device will be allowed to participate in Peer Caching while connected to VPN. **By default, if a VPN connection is detected, peering isn't allowed.** Specify "true" to allow the device to participate in Peer Caching while connected via VPN to the domain network. The device can download from or upload to other domain network devices, either on VPN or on the corporate domain network.
+MDM Setting: **DOAllowVPNPeerCaching**
+
+This setting determines whether a device will be allowed to participate in Peer Caching while connected to VPN. **By default, if a VPN connection is detected, peering isn't allowed, except when the 'Local Discovery' (DNS-SD) option is chosen.** Specify "true" to allow the device to participate in Peer Caching while connected via VPN to the domain network. The device can download from or upload to other domain network devices, either on VPN or on the corporate domain network.

 ### Allow uploads while the device is on battery while under set Battery level

+MDM Setting: **DOMinBatteryPercentageAllowedToUpload**
+
 This setting specifies battery levels at which a device will be allowed to upload data. Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and Group peers while on DC power (Battery). Uploads will automatically pause when the battery level drops below the set minimum battery level. The recommended value to set if you allow uploads on battery is 40 (for 40%).
 The device can download from peers while on battery regardless of this policy.

@ -268,6 +321,8 @@ The device can download from peers while on battery regardless of this policy.

 ### Cache Server Hostname

+MDM Setting: **DOCacheHost**
+
 Set this policy to designate one or more Microsoft Connected Cache servers to be used by Delivery Optimization. You can set one or more FQDNs or IP Addresses that are comma-separated, for example: myhost.somerandomhost.com,myhost2.somerandomhost.com,10.10.1.7. **By default, this policy has no value.**

 >[!IMPORTANT]
@ -275,12 +330,14 @@ Set this policy to designate one or more Microsoft Connected Cache servers to be

 ### Cache Server Hostname Source

+MDM Setting: **DOCacheHostSource**
+
 This policy allows you to specify how your client(s) can discover Delivery Optimization in Network Cache servers dynamically. There are two options:

 - 1 = DHCP Option 235.
 - 2 = DHCP Option 235 Force.

-With either option, the client will query DHCP Option ID 235 and use the returned value as the Cache Server Hostname. Option 2 overrides the Cache Server Hostname policy, if set. **By default, this policy has no value.**
+With either option, the client queries DHCP Option ID 235 and use the returned value as the Cache Server Hostname. Option 2 overrides the Cache Server Hostname policy, if set. **By default, this policy has no value.**

 Set this policy to designate Delivery Optimization in Network Cache servers through a custom DHCP Option. Specify the custom DHCP option on your DHCP server as *text* type. You can add one or more values as either fully qualified domain names (FQDN) or IP addresses. To add multiple values, separate each FQDN or IP address with commas.

@ -289,12 +346,16 @@ Set this policy to designate Delivery Optimization in Network Cache servers thro

 ### Maximum Foreground Download Bandwidth (in KB/s)

+MDM Setting: **DOMaxForegroundDownloadBandwidth**
+
 Specifies the maximum foreground download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization.

 **The default value of "0" means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.**

 ### Maximum Background Download Bandwidth (in KB/s)

+MDM Setting: **DOMaxBackgroundDownloadBandwidth**
+
 Specifies the maximum background download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization.

 **The default value "0" means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.**
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
@ -170,7 +170,7 @@ Device conflict across different deployment rings in different Autopatch groups
 | -----  | ----- |
 | You, the IT admin at Contoso Ltd., are using several Custom Autopatch groups. While navigating through devices in the Windows Autopatch Devices blade (**Not ready** tab), you notice that the same device is part of different deployment rings across several different Custom Autopatch groups. | You must resolve this conflict.<p>Autopatch groups informs you about the device conflict in the **Devices** > **Not ready** tab. You’re required to manually indicate which of the existing Custom Autopatch groups the device should exclusively belong to.</p> |

-#### Device conflict prior device registration
+#### Device conflict prior to device registration

 When you create or edit the Custom or Default Autopatch group, Windows Autopatch checks if the devices that are part of the Azure AD groups, used in Autopatch groups’ deployment rings, are registered with the service.

--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md
@ -110,11 +110,11 @@ Autopatch groups set up the [feature updates for Windows 10 and later policies](

 | Policy name | Azure AD group assignment |Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
 | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| Windows Autopatch - DSS Policy [Test] | Windows Autopatch - Test | Windows 10 20H2 | Make update available as soon as possible | N/A | N/A | N/A | May 8, 2023; 7:00PM |
-| Windows Autopatch - DSS Policy [Ring1] | Windows Autopatch - Ring1 | Windows 10 20H2 | Make update available as soon as possible | N/A | N/A | N/A | May 8, 2023; 7:00PM |
-| Windows Autopatch - DSS Policy [Ring2] | Windows Autopatch - Ring2 | Windows 10 20H2 | Make update available as soon as possible | December 14, 2022 | December 21, 2022 | 1 | May 8, 2023; 7:00PM |
-| Windows Autopatch - DSS Policy [Ring3] | Windows Autopatch - Ring3 | Windows 10 20H2 | Make update available as soon as possible | December 15, 2022 | December 29, 2022 | 1 | May 8, 2023; 7:00PM |
-| Windows Autopatch - DSS Policy [Last] | Windows Autopatch - Last | Windows 10 20H2 | Make update available as soon as possible | December 15, 2022 | December 29, 2022 | 1 | May 8, 2023; 7:00PM |
+| Windows Autopatch - DSS Policy [Test] | Windows Autopatch - Test | Windows 10 21H2 | Make update available as soon as possible | N/A | N/A | N/A | June 11, 2024; 1:00AM |
+| Windows Autopatch - DSS Policy [Ring1] | Windows Autopatch - Ring1 | Windows 10 21H2 | Make update available as soon as possible | N/A | N/A | N/A | June 11, 2024; 1:00AM |
+| Windows Autopatch - DSS Policy [Ring2] | Windows Autopatch - Ring2 | Windows 10 21H2 | Make update available as soon as possible | December 14, 2022 | December 21, 2022 | 1 | June 11, 2024; 1:00AM |
+| Windows Autopatch - DSS Policy [Ring3] | Windows Autopatch - Ring3 | Windows 10 21H2 | Make update available as soon as possible | December 15, 2022 | December 29, 2022 | 1 | June 11, 2024; 1:00AM |
+| Windows Autopatch - DSS Policy [Last] | Windows Autopatch - Last | Windows 10 21H2 | Make update available as soon as possible | December 15, 2022 | December 29, 2022 | 1 | June 11, 2024; 1:00AM |

 ### About Custom Autopatch groups

--- a/windows/deployment/windows-autopatch/index.yml
+++ b/windows/deployment/windows-autopatch/index.yml
@ -10,6 +10,7 @@ metadata:
  ms.topic: landing-page # Required
  author: tiaraquan #Required; your GitHub user alias, with correct capitalization.
  ms.author: tiaraquan #Required; microsoft alias of author; optional team alias.
+  manager: dougeby
  ms.date: 05/30/2022 #Required; mm/dd/yyyy format.
  ms.prod: windows-client
  ms.technology: itpro-updates
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md
@ -1,7 +1,7 @@
 ---
 title: Device alerts
 description: Provide notifications and information about the necessary steps to keep your devices up to date. 
-ms.date: 07/25/2023
+ms.date: 08/01/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@ -79,6 +79,7 @@ Alert resolutions are provided through the Windows Update service and provide th
 | `InstallIssueRedirection` | A known folder that doesn't support redirection to another drive might have been redirected to another drive. | The Windows Update service has reported that the Windows Update file location may be redirected to an invalid location. Check your Windows Installation, and retry the update.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
 | `InstallMissingInfo` | Windows Update doesn't have the information it needs about the update to finish the installation. | The Windows Update service has reported that another update may have replaced the one you're trying to install. Check the update, and then try reinstalling it. |
 | `InstallOutOfMemory` | The installation couldn't be completed because Windows ran out of memory. | The Windows Update service has reported the system doesn't have sufficient system memory to perform the update.<p>Restart Windows, then try the installation again.</p><p>If it still fails, allocate more memory to the device, or increase the size of the virtual memory pagefile(s). For more information, see [How to determine the appropriate page file size for 64-bit versions of Windows](/troubleshoot/windows-client/performance/how-to-determine-the-appropriate-page-file-size-for-64-bit-versions-of-windows).</p> |
+| `InstallSetupBlock` | There is an application or driver blocking the upgrade. | The Windows Update service has detected that an application or driver is hindering the upgrade process. Utilize the SetupDiag utility to identify and diagnose any compatibility problems.<p>For more information, see [SetupDiag - Windows Deployment](/windows/deployment/upgrade/setupdiag).</p> |
 | `InstallSetupError` | Windows Setup encountered an error while installing. | The Windows Update service has reported an error during installation.Review the last reported HEX error code in [Quality update status report](../operate/windows-autopatch-groups-windows-quality-update-status-report.md) to further investigate.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
 | `PolicyConflict` | There are client policies (MDM, GP) that conflict with Windows Update settings. | The Windows Update service has reported a policy conflict. Review  the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
 | `PolicyConflictDeferral` | The Deferral Policy configured on the device is preventing the update from installing. | The Windows Update service has reported a policy conflict. Review  the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md
@ -120,11 +120,11 @@ The following table is an example of the Windows feature update policies that we

 | Policy name | Feature update version | Rollout options | First deployment date| Final deployment date availability | Day between groups | Support end date |
 | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| Windows Autopatch - DSS Policy - My feature update release – Phase 1  | Windows 10 21H2 | Make update available as soon as possible | April 24, 2023 | April 24, 2023 | N/A | June 10, 2024 |
-| Windows Autopatch - DSS Policy - My feature update release – Phase 2  | Windows 10 21H2 | Make update available as soon as possible | June 26, 2023 | July 17, 2023 | 7 | June 10, 2024 |
-| Windows Autopatch - DSS Policy - My feature update release – Phase 3 | Windows 10 21H2 | Make update available as soon as possible | July 24, 2023 | August 14, 2023 | 7 | June 10, 2024 |
-| Windows Autopatch - DSS Policy - My feature update release – Phase 4  | Windows 10 21H2 | Make update available as soon as possible | August 28, 2023 | September 10, 2023 | 7 | June 10, 2024 |
-| Windows Autopatch - DSS Policy - My feature update release – Phase 5  | Windows 10 21H2 | Make update available as soon as possible | September 25, 2023 | October 16, 2023 | 7 | June 10, 2024 |
+| Windows Autopatch - DSS Policy - My feature update release – Phase 1  | Windows 10 21H2 | Make update available as soon as possible | April 24, 2023 | April 24, 2023 | N/A | June 11, 2024 |
+| Windows Autopatch - DSS Policy - My feature update release – Phase 2  | Windows 10 21H2 | Make update available as soon as possible | June 26, 2023 | July 17, 2023 | 7 | June 11, 2024 |
+| Windows Autopatch - DSS Policy - My feature update release – Phase 3 | Windows 10 21H2 | Make update available as soon as possible | July 24, 2023 | August 14, 2023 | 7 | June 11, 2024 |
+| Windows Autopatch - DSS Policy - My feature update release – Phase 4  | Windows 10 21H2 | Make update available as soon as possible | August 28, 2023 | September 10, 2023 | 7 | June 11, 2024 |
+| Windows Autopatch - DSS Policy - My feature update release – Phase 5  | Windows 10 21H2 | Make update available as soon as possible | September 25, 2023 | October 16, 2023 | 7 | June 11, 2024 |

 ## Create a custom release

--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-overview.md
@ -82,10 +82,10 @@ If your tenant is enrolled with Windows Autopatch, you can see the following def

 | Policy name | Phase mapping | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
 | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| Windows Autopatch – DSS Policy [Test] | Phase 1 | Windows 10 21H2 | Make update available as soon as possible | May 9, 2023  | N/A | N/A | June 10, 2024 |
-| Windows Autopatch – DSS Policy [First] | Phase 2 | Windows 10 21H2 | Make update available as soon as possible | May 16, 2023  | N/A | N/A | June 10, 2024 |
-| Windows Autopatch – DSS Policy [Fast] | Phase 3 | Windows 10 21H2 | Make update available as soon as possible | May 23, 2023  | N/A | N/A | June 10, 2024 |
-| Windows Autopatch – DSS Policy [Broad] | Phase 4 | Windows 10 21H2 | Make update available as soon as possible | May 30, 2023  | N/A | N/A | June 10, 2024 |
+| Windows Autopatch – DSS Policy [Test] | Phase 1 | Windows 10 21H2 | Make update available as soon as possible | May 9, 2023  | N/A | N/A | June 11, 2024 |
+| Windows Autopatch – DSS Policy [First] | Phase 2 | Windows 10 21H2 | Make update available as soon as possible | May 16, 2023  | N/A | N/A | June 11, 2024 |
+| Windows Autopatch – DSS Policy [Fast] | Phase 3 | Windows 10 21H2 | Make update available as soon as possible | May 23, 2023  | N/A | N/A | June 11, 2024 |
+| Windows Autopatch – DSS Policy [Broad] | Phase 4 | Windows 10 21H2 | Make update available as soon as possible | May 30, 2023  | N/A | N/A | June 11, 2024 |

 > [!NOTE]
 > Gradual rollout settings aren't configured in the default Windows Update feature policy. If the date of the final group availability is changed to a past date, all remaining devices are offered the update as soon as possible. For more information, see [rollout options for Windows Updates in Microsoft Intune](/mem/intune/protect/windows-update-rollout-options#make-updates-available-gradually).
@ -110,7 +110,7 @@ See the following table on how Windows Autopatch configures the values for its g

 | Policy name | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
 | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| Windows Autopatch – Global DSS Policy [Test] | Windows 10 21H2 | Make update available as soon as possible | N/A  | N/A | N/A | June 10, 2024 |
+| Windows Autopatch – Global DSS Policy [Test] | Windows 10 21H2 | Make update available as soon as possible | N/A  | N/A | N/A | June 11, 2024 |

 > [!NOTE]
 > Gradual rollout settings aren't configured in the default Windows Update feature policy. If the date of the final group availability is changed to be a past date, all remaining devices are offered the update as soon as possible. For more information, see [rollout options for Windows Updates in Microsoft Intune](/mem/intune/protect/windows-update-rollout-options#make-updates-available-gradually).
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md
@ -17,7 +17,7 @@ ms.collection:

 # Windows quality and feature update reports overview

-## Windows quality reports
+## Windows quality update reports

 The Windows quality reports provide you with information about:

--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
@ -1,7 +1,7 @@
 ---
 title: Roles and responsibilities
 description: This article describes the roles and responsibilities provided by Windows Autopatch and what the customer must do
-ms.date: 07/25/2023
+ms.date: 07/31/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@ -28,13 +28,14 @@ This article outlines your responsibilities and Windows Autopatch's responsibili
 | Task | Your responsibility | Windows Autopatch |
 | ----- | :-----: | :-----: |
 | Review the [prerequisites](../prepare/windows-autopatch-prerequisites.md) | :heavy_check_mark: | :x: |
+| Review the [FAQ](../overview/windows-autopatch-faq.yml) | :heavy_check_mark: | :x: |
 | [Review the service data platform and privacy compliance details](../overview/windows-autopatch-privacy.md) | :heavy_check_mark: | :x: |
 | Ensure device [prerequisites](../prepare/windows-autopatch-prerequisites.md) are met and in place prior to enrollment | :heavy_check_mark: | :x: |
 | Ensure [infrastructure and environment prerequisites](../prepare/windows-autopatch-configure-network.md) are met and in place prior to enrollment | :heavy_check_mark: | :x: |
 | Prepare to remove your devices from existing unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies | :heavy_check_mark: | :x: |
 | [Configure required network endpoints](../prepare/windows-autopatch-configure-network.md#required-microsoft-product-endpoints) | :heavy_check_mark: | :x: |
-| [Fix issues identified by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md) | :heavy_check_mark: | :x: |
-| [Enroll tenant into the Windows Autopatch service](../prepare/windows-autopatch-enroll-tenant.md) | :heavy_check_mark: | :x: |
+| [Enroll tenant into the Windows Autopatch service](../prepare/windows-autopatch-enroll-tenant.md)<ul><li>[Fix issues identified by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md)</li><li>If required, [submit a tenant enrollment support request](../prepare/windows-autopatch-enrollment-support-request.md)</li></ul> | :heavy_check_mark: | :x: |
+| [Manage and respond to tenant enrollment support requests](../prepare/windows-autopatch-enrollment-support-request.md) | :x: | :heavy_check_mark: |
 | Identify stakeholders for deployment communications | :heavy_check_mark: | :x: |

 ## Deploy
@ -43,20 +44,18 @@ This article outlines your responsibilities and Windows Autopatch's responsibili
 | ----- | :-----: | :-----: |
 | [Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md) in Microsoft Intune |  :heavy_check_mark: | :x: |
 | [Deploy and configure Windows Autopatch service configuration](../references/windows-autopatch-changes-to-tenant.md) | :x: | :heavy_check_mark: |
-| Educate users on the Windows Autopatch end user update experience<ul><li>[Windows quality update end user experience](../operate/windows-autopatch-windows-quality-update-end-user-exp.md)</li><li>[Windows feature update end user experience](../operate/windows-autopatch-windows-feature-update-end-user-exp.md)</li><li>[Microsoft 365 Apps for enterprise end user experience](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#end-user-experience)</li><li>[Microsoft Teams end user experience](../operate/windows-autopatch-teams.md#end-user-experience)</li></ul> | :heavy_check_mark: | :x: |
-| Remove your devices from existing unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies | :heavy_check_mark: | :x: |
-| [Turn on or off expedited Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md#expedited-releases) | :heavy_check_mark: | :x: |
-| [Allow or block Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates) | :heavy_check_mark: | :x: |
-| [Manage driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md) | :heavy_check_mark: | :x: |
-| [Customize Windows Update settings](../operate/windows-autopatch-windows-update.md) |  :heavy_check_mark: | :x: |
-| [Register devices/add devices to the Windows Autopatch Device Registration group](../deploy/windows-autopatch-register-devices.md) | :heavy_check_mark: | :x: |
+| Educate users on the Windows Autopatch end user update experience<ul><li>[Windows quality update end user experience](../operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md)</li><li>[Windows feature update end user experience](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md)</li><li>[Microsoft 365 Apps for enterprise end user experience](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#end-user-experience)</li><li>[Microsoft Edge end user experience](../operate/windows-autopatch-edge.md)</li><li>[Microsoft Teams end user experience](../operate/windows-autopatch-teams.md#end-user-experience)</li></ul> | :heavy_check_mark: | :x: |
+| Review network optimization<ul><li>[Prepare your network](../prepare/windows-autopatch-configure-network.md)</li><li>[Delivery Optimization](../prepare/windows-autopatch-configure-network.md#delivery-optimization) | :heavy_check_mark: | :x: |
+| Review existing configurations<ul><li>Remove your devices from existing unsupported [Windows Update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies</li></ul>|  :heavy_check_mark: | :x: |
+| Confirm your update service needs and configure your workloads<ul><li>[Turn on or off expedited Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md#expedited-releases)</li><li>[Allow or block Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates)</li><li>[Manage driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md)</li><li>[Customize Windows Update settings](../operate/windows-autopatch-windows-update.md)</li><li>Decide your [Windows feature update versions(s)](../operate/windows-autopatch-groups-windows-feature-update-overview.md)</li></ul>| :heavy_check_mark: | :x: |
+| [Consider your Autopatch groups distribution](../deploy/windows-autopatch-groups-overview.md)<ul><li>[Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
+| [Register devices](../deploy/windows-autopatch-register-devices.md)<ul><li>[Review your device registration options](../deploy/windows-autopatch-device-registration-overview.md)</li><li>[Register your first devices](../deploy/windows-autopatch-register-devices.md) | :heavy_check_mark: | :x: |
 | [Run the pre-registration device readiness checks](../deploy/windows-autopatch-register-devices.md#about-the-registered-not-ready-and-not-registered-tabs) | :x: | :heavy_check_mark: |
-| [Automatically assign devices to First, Fast & Broad deployment rings at device registration](../operate/windows-autopatch-update-management.md#deployment-ring-calculation-logic) | :x: | :heavy_check_mark: |
-| [Manually override device assignments to First, Fast & Broad deployment rings](../operate/windows-autopatch-update-management.md#moving-devices-in-between-deployment-rings) | :heavy_check_mark: | :x: |
-| [Remediate devices displayed in the **Not ready** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade) | :heavy_check_mark: | :x: |
-| [Remediate devices displayed in the **Not registered** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade) | :heavy_check_mark: | :x: |
-| [Populate the Test deployment ring membership](../operate/windows-autopatch-update-management.md#deployment-ring-calculation-logic) | :heavy_check_mark: | :x: |
-| [Ensure devices are only present in one deployment ring](../operate/windows-autopatch-update-management.md#automated-deployment-ring-remediation-functions) | :x: | :heavy_check_mark: |
+| Automatically assign devices to deployment rings at device registration<ul><li>[Default Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul>| :x: | :heavy_check_mark: |
+| Remediate registration issues<ul><li>[For devices displayed in the **Not ready** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade)</li><li>[For devices displayed in the **Not registered** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade)</li></ul> | :heavy_check_mark: | :x: |
+| Populate the Test and Last deployment ring membership<ul><li>[Default Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
+| [Manually override device assignments to deployment rings](../operate/windows-autopatch-update-management.md#moving-devices-in-between-deployment-rings) | :heavy_check_mark: | :x: |
+| Review device conflict scenarios<ul><li>[Device conflict in deployment rings within an Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)</li><li>[Device conflict across different Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-across-different-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
 | Communicate to end-users, help desk and stakeholders | :heavy_check_mark: | :x: |

 ## Operate
@ -65,36 +64,36 @@ This article outlines your responsibilities and Windows Autopatch's responsibili
 | ----- | :-----: | :-----: |
 | [Maintain contacts in the Microsoft Intune admin center](../deploy/windows-autopatch-admin-contacts.md) | :heavy_check_mark: | :x: |
 | [Maintain and manage the Windows Autopatch service configuration](../operate/windows-autopatch-maintain-environment.md) | :x: | :heavy_check_mark: |
-| [Maintain customer configuration to align with the Windows Autopatch service configuration](../operate/windows-autopatch-maintain-environment.md) |  :heavy_check_mark: | :x: |
-| [Run on-going checks to ensure devices are only present in one deployment ring](../operate/windows-autopatch-update-management.md#automated-deployment-ring-remediation-functions) | :x: | :heavy_check_mark: |
-| [Maintain the Test deployment ring membership](../operate/windows-autopatch-update-management.md#deployment-ring-calculation-logic) | :heavy_check_mark: | :x: |
-| Monitor [Windows update signals](../operate/windows-autopatch-windows-quality-update-signals.md) for safe update release | :x: | :heavy_check_mark: |
-| Test specific [business update scenarios](../operate/windows-autopatch-windows-quality-update-signals.md) | :heavy_check_mark: | :x: |
-| [Manage driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md) | :heavy_check_mark: | :x: |
-| [Customize Windows Update settings](../operate/windows-autopatch-windows-update.md) |  :heavy_check_mark: | :x: |
-| [Define and implement service default release schedule](../operate/windows-autopatch-windows-quality-update-overview.md) | :x: | :heavy_check_mark: |
-| Communicate the update [release schedule](../operate/windows-autopatch-windows-quality-update-communications.md) | :x: | :heavy_check_mark: |
-| Release updates (as scheduled)<ul><li>[Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md#windows-quality-update-releases)</li><li>[Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#update-release-schedule)</li><li>[Microsoft Edge](../operate/windows-autopatch-edge.md#update-release-schedule)</li><li>[Microsoft Teams](../operate/windows-autopatch-teams.md#update-release-schedule)</li><ul>| :x: | :heavy_check_mark: |
-| [Release updates (expedited)](../operate/windows-autopatch-windows-quality-update-overview.md#expedited-releases) | :x: | :heavy_check_mark: |
-| [Deploy updates to devices](../operate/windows-autopatch-update-management.md) | :x: | :heavy_check_mark: |
-| Monitor [Windows quality](../operate/windows-autopatch-windows-quality-update-overview.md) or [feature updates](../operate/windows-autopatch-windows-feature-update-overview.md) through the release cycle | :x: | :heavy_check_mark: |
-| Review [update reports](../operate/windows-autopatch-windows-quality-update-reports-overview.md) | :heavy_check_mark: | :x: |
-| [Pause updates (Windows Autopatch initiated)](../operate/windows-autopatch-windows-quality-update-signals.md) | :x: | :heavy_check_mark: |
-| [Pause updates (initiated by you)](../operate/windows-autopatch-windows-quality-update-overview.md#pausing-and-resuming-a-release) | :heavy_check_mark: | :x: |
+| [Maintain customer configuration to align with the Windows Autopatch service configuration](../operate/windows-autopatch-maintain-environment.md) | :heavy_check_mark: | :x: |
+| Resolve service remediated device conflict scenarios<ul><li>[Device conflict in deployment rings within an Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)</li><li>[Default to Custom Autopatch group device conflict](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#default-to-custom-autopatch-group-device-conflict)</li></ul> | :x: | :heavy_check_mark: |
+| Resolve remediated device conflict scenarios<ul><li>[Custom to Custom Autopatch group device conflict](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#custom-to-custom-autopatch-group-device-conflict)</li><li>[Device conflict prior to device registration](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-prior-to-device-registration)</li></ul> |  :heavy_check_mark: | :x: |
+| Maintain the Test and Last deployment ring membership<ul><li>[Default Windows Autopatch deployment rings](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
+| Monitor [Windows update signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md) for safe update release<ul><li>[Pre-release signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md#pre-release-signals)</li><li>[Early signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md#early-signals)</li><li>[Device reliability signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md#device-reliability-signals)</li></ul> | :x: | :heavy_check_mark: |
+| Test specific [business update scenarios](../operate/windows-autopatch-groups-windows-quality-update-signals.md) | :heavy_check_mark: | :x: |
+| [Define and implement service default release schedule](../operate/windows-autopatch-groups-windows-quality-update-overview.md) | :x: | :heavy_check_mark: |
+| Maintain your workload configuration and custom release schedule<ul><li>[Manage driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md)</li><li>[Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md)</li><li>[Decide your Windows feature update version(s)](../operate/windows-autopatch-groups-windows-feature-update-overview.md)</li></ul> | :heavy_check_mark: | :x: |
+| Communicate the update [release schedule](../operate/windows-autopatch-windows-quality-update-communications.md) to IT admins | :x: | :heavy_check_mark: |
+| Release updates (as scheduled)<ul><li>[Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md#release-management)</li><li>[Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md)</li><li>[Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#update-release-schedule)</li><li>[Microsoft Edge](../operate/windows-autopatch-edge.md#update-release-schedule)</li><li>[Microsoft Teams](../operate/windows-autopatch-teams.md#update-release-schedule)</li><ul>| :x: | :heavy_check_mark: |
+| [Release updates (expedited)](../operate/windows-autopatch-groups-windows-quality-update-overview.md#expedited-releases) | :x: | :heavy_check_mark: |
+| [Release updates (OOB)](../operate/windows-autopatch-groups-windows-quality-update-overview.md#out-of-band-releases) | :x: | :heavy_check_mark: |
+| [Deploy updates to devices](../operate/windows-autopatch-groups-update-management.md) | :x: | :heavy_check_mark: |
+| Monitor [Windows quality](../operate/windows-autopatch-groups-windows-quality-update-overview.md#release-management) or [feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md) through the release cycle | :x: | :heavy_check_mark: |
+| Review [release announcements](../operate/windows-autopatch-groups-windows-quality-update-overview.md#) | :heavy_check_mark: | :x: |
+| Review deployment progress using Windows Autopatch reports<ul><li>[Windows quality update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-quality-update-reports)</li><li>[Windows feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-feature-update-reports)</li></ul> | :heavy_check_mark: | :x: |
+| [Pause updates (Windows Autopatch initiated)](../operate/windows-autopatch-groups-windows-quality-update-signals.md) | :x: | :heavy_check_mark: |
+| [Pause updates (initiated by you)](../operate/windows-autopatch-groups-windows-quality-update-overview.md#pause-and-resume-a-release) | :heavy_check_mark: | :x: |
 | Run [on-going post-registration device readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md) | :x: | :heavy_check_mark: |
-| [Remediate devices displayed in the **Not ready** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade) | :heavy_check_mark: | :x: |
-| Resolve any conflicting and unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies | :heavy_check_mark: | :x: |
-| [Investigate devices that aren't up to date within the service level objective (Microsoft action)](../operate/windows-autopatch-windows-quality-update-reports-overview.md#not-up-to-date-microsoft-action) | :x: | :heavy_check_mark: |
-| [Investigate and remediate devices that are marked as ineligible (Customer action)](../operate/windows-autopatch-windows-quality-update-reports-overview.md#ineligible-devices-customer-action) | :heavy_check_mark: | :x: |
+| Maintain existing configurations<ul><li>Remove your devices from existing and unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies</li></ul> | :heavy_check_mark: | :x: |
+| Understand the health of [Up to date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) devices and investigate devices that are<ul><li>[Not up to date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices)</li><li>[Not ready](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-ready-devices)</li><li>have [Device alerts](../operate/windows-autopatch-device-alerts.md)</li></ul>
 | [Raise, manage and resolve a service incident if an update management area isn't meeting the service level objective](windows-autopatch-overview.md#update-management) | :x: | :heavy_check_mark: |
 | [Deregister devices](../operate/windows-autopatch-deregister-devices.md) | :heavy_check_mark: | :x: |
 | [Register a device that was previously deregistered (upon customers request)](../operate/windows-autopatch-deregister-devices.md#excluded-devices) | :x: | :heavy_check_mark: |
 | [Request unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md) | :heavy_check_mark: | :x: |
 | [Remove Windows Autopatch data from the service and deregister devices](../operate/windows-autopatch-unenroll-tenant.md#microsofts-responsibilities-during-unenrollment) | :x: | :heavy_check_mark: |
 | [Maintain update configuration & update devices post unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md#your-responsibilities-after-unenrolling-your-tenant) | :heavy_check_mark: | :x: |
-| Review and respond to Message Center and Service Health Dashboard notifications<ul><li>[Windows quality update communications](../operate/windows-autopatch-windows-quality-update-communications.md)</li><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li></ul> | :heavy_check_mark: | :x: |
-| [Highlight Windows Autopatch Tenant management alerts that require customer action](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions) | :x: | :heavy_check_mark: |
-| [Review and respond to Windows Autopatch Tenant management alerts](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions) | :heavy_check_mark: | :x: |
+| Review and respond to Message Center and Service Health Dashboard notifications<ul><li>[Windows quality update communications](../operate/windows-autopatch-groups-windows-quality-update-communications.md)</li><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li></ul> | :heavy_check_mark: | :x: |
+| Highlight Windows Autopatch management alerts that require customer action<ul><li>[Tenant management alerts](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions)</li><li>[Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md)</li></ul> | :x: | :heavy_check_mark: |
+| Review and respond to Windows Autopatch management alerts<ul><li>[Tenant management alerts](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions)</li><li>[Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md)</li></ul> | :heavy_check_mark: | :x: |
 | [Raise and respond to support requests](../operate/windows-autopatch-support-request.md) | :heavy_check_mark: | :x: |
 | [Manage and respond to support requests](../operate/windows-autopatch-support-request.md#manage-an-active-support-request) | :x: | :heavy_check_mark: |
 | Review the [What’s new](../whats-new/windows-autopatch-whats-new-2022.md) section to stay up to date with updated feature and service releases | :heavy_check_mark: | :x: |
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-driver-and-firmware-updates-public-preview-addendum.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-driver-and-firmware-updates-public-preview-addendum.md
@ -2,8 +2,8 @@
 title: Driver and firmware updates for Windows Autopatch Public Preview Addendum
 description:  This article explains how driver and firmware updates are managed in Autopatch
 ms.date: 06/26/2023 
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
 ms.topic: conceptual
 ms.localizationpriority: medium
 author: tiaraquan
@ -14,11 +14,11 @@ msreviewer: hathind

 # Driver and Firmware Updates for Windows Autopatch Public Preview Addendum

-**This Driver and Firmware Updates for Windows Autopatch Public Preview Addendum ("Addendum") to the Microsoft Product Terms’ Universal License Terms for Online Services** (as provided at: [Microsoft Product Terms](https://www.microsoft.com/licensing/terms/product/ForOnlineServices/all)  (the "**Product Terms**")) is entered into between Microsoft Corporation, a Washington corporation having its principal place of business at One Microsoft Way, Redmond, Washington, USA 98052-6399 (or based on where Customer lives, one of Microsoft's affiliates) ("**Microsoft**"), and you ("**Customer**").
+**This Driver and Firmware Updates for Windows Autopatch Public Preview Addendum ("Addendum") to the Microsoft Product Terms' Universal License Terms for Online Services** (as provided at: [Microsoft Product Terms](https://www.microsoft.com/licensing/terms/product/ForOnlineServices/all)  (the "**Product Terms**")) is entered into between Microsoft Corporation, a Washington corporation having its principal place of business at One Microsoft Way, Redmond, Washington, USA 98052-6399 (or based on where Customer lives, one of Microsoft's affiliates) ("**Microsoft**"), and you ("**Customer**").

 For good and valuable consideration, the receipt and sufficiency of which is acknowledged, the parties agree as follows:

-Microsoft desires to preview the Driver and Firmware Updates for Windows Autopatch service it's developing ("**Driver and Firmware Updates Preview**”) in order to evaluate it. Customer would like to particulate this Driver and Firmware Updates Preview under the Product Terms and this Addendum. Driver and Firmware Updates Preview consists of features and services that are in preview, beta, or other prerelease form. Driver and Firmware Updates Preview is subject to the "preview" terms set forth in the Product Terms’ Universal License Terms for Online Services.
+Microsoft desires to preview the Driver and Firmware Updates for Windows Autopatch service it's developing ("**Driver and Firmware Updates Preview**") in order to evaluate it. Customer would like to particulate this Driver and Firmware Updates Preview under the Product Terms and this Addendum. Driver and Firmware Updates Preview consists of features and services that are in preview, beta, or other prerelease form. Driver and Firmware Updates Preview is subject to the "preview" terms set forth in the Product Terms' Universal License Terms for Online Services.

 ## Definitions

--- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
+++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
@ -1,7 +1,7 @@
 ---
 title: What's new 2023
 description: This article lists the 2023 feature releases and any corresponding Message center post numbers.
-ms.date: 07/25/2023 
+ms.date: 08/01/2023 
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: whats-new
@ -21,12 +21,21 @@ This article lists new and updated feature releases, and service releases, with

 Minor corrections such as typos, style, or formatting issues aren't listed.

+## August 2023
+
+### August feature releases or updates
+
+| Article | Description |
+| ----- | ----- |
+| [Device alerts](../operate/windows-autopatch-device-alerts.md) | Added `'InstallSetupBlock'` to the [Alert resolutions section](../operate/windows-autopatch-device-alerts.md#alert-resolutions) |
+
 ## July 2023

 ### July feature releases or updates

 | Article | Description |
 | ----- | ----- |
+| [Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md) | Updated article to include Windows Autopatch groups |
 | [Windows Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
 | [Manage Windows Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
 | [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
--- a/windows/deployment/windows-autopilot/TOC.yml
+++ b/windows/deployment/windows-autopilot/TOC.yml
@ -1,5 +0,0 @@
- name: Windows Autopilot deployment
-  href: index.yml
-  items: 
-    - name: Get started
-      href: demonstrate-deployment-on-vm.md
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@ -1,901 +0,0 @@
---
-title: Demonstrate Autopilot deployment
-description: Step-by-step instructions on how to set up a virtual machine with a Windows Autopilot deployment.
-ms.prod: windows-client
-ms.technology: itpro-deploy
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
-ms.collection:
-  - highpri
-  - tier2
-ms.topic: tutorial
-ms.date: 10/28/2022
---
-
-# Demonstrate Autopilot deployment
-
-**Applies to**
-
- Windows 10
-
-To get started with Windows Autopilot, you should try it out with a virtual machine (VM). You can also use a physical device that will be wiped and then have a fresh install of Windows 10.
-
-In this article, you'll learn how to set up a Windows Autopilot deployment for a VM using Hyper-V.
-
-> [!NOTE]
-> Although there are [multiple platforms](/mem/autopilot/add-devices#registering-devices) available to enable Autopilot, this lab primarily uses Microsoft Intune.
->
-> Hyper-V and a VM aren't required for this lab. You can use a physical device instead. However, the instructions assume that you're using a VM. To use a physical device, skip the instructions to install Hyper-V and create a VM. All references to _device_ in the guide refer to the client device, either physical or virtual.
-
-The following video provides an overview of the process:
-
-> [!VIDEO https://www.youtube.com/embed/KYVptkpsOqs]
-
-> [!TIP]
-> For a list of terms used in this guide, see the [Glossary](#glossary) section.
-
-## Prerequisites
-
-You'll need the following components to complete this lab:
-
-| Component | Description |
-|:---|:---|
-|**Windows 10 installation media**|Windows 10 Enterprise ISO file for a supported version of Windows 10, general availability channel. If you don't already have an ISO to use, download an [evaluation version of Windows 10 Enterprise](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise).|
-|**Internet access**|If you're behind a firewall, see the detailed [networking requirements](/mem/autopilot/software-requirements#networking-requirements). Otherwise, just make sure that you have a connection to the internet.|
-|**Hyper-V or a physical device running Windows 10**|The guide assumes that you'll use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.|
-|**An account with Azure Active Directory (Azure AD) Premium license**|This guide will describe how to get a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.|
-
-> [!NOTE]
-> When using a VM for Autopilot testing, assign at least two processors and 4 GB of memory.
-
-## Procedures
-
-A summary of the sections and procedures in the lab is provided below. Follow each section in the order it's presented, skipping the sections that don't apply to you. Optional procedures are provided in the appendices.
-
-If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [Capture the hardware ID](#capture-the-hardware-id) step. The VM must be running Windows 10, version 1903 or later.
-
- [Demonstrate Autopilot deployment](#demonstrate-autopilot-deployment)
-  - [Prerequisites](#prerequisites)
-  - [Procedures](#procedures)
-  - [Verify support for Hyper-V](#verify-support-for-hyper-v)
-  - [Enable Hyper-V](#enable-hyper-v)
-  - [Create a demo VM](#create-a-demo-vm)
-    - [Set ISO file location](#set-iso-file-location)
-    - [Determine network adapter name](#determine-network-adapter-name)
-    - [Use Windows PowerShell to create the demo VM](#use-windows-powershell-to-create-the-demo-vm)
-    - [Install Windows 10](#install-windows-10)
-  - [Capture the hardware ID](#capture-the-hardware-id)
-  - [Reset the VM back to Out-Of-Box-Experience (OOBE)](#reset-the-vm-back-to-out-of-box-experience-oobe)
-  - [Verify subscription level](#verify-subscription-level)
-  - [Configure company branding](#configure-company-branding)
-  - [Configure Microsoft Intune auto-enrollment](#configure-microsoft-intune-auto-enrollment)
-  - [Register your VM](#register-your-vm)
-    - [Autopilot registration using Intune](#autopilot-registration-using-intune)
-    - [Autopilot registration using MSfB](#autopilot-registration-using-msfb)
-  - [Create and assign a Windows Autopilot deployment profile](#create-and-assign-a-windows-autopilot-deployment-profile)
-    - [Create a Windows Autopilot deployment profile using Intune](#create-a-windows-autopilot-deployment-profile-using-intune)
-      - [Create a device group](#create-a-device-group)
-      - [Create the deployment profile](#create-the-deployment-profile)
-    - [Create a Windows Autopilot deployment profile using MSfB](#create-a-windows-autopilot-deployment-profile-using-msfb)
-  - [See Windows Autopilot in action](#see-windows-autopilot-in-action)
-  - [Remove devices from Autopilot](#remove-devices-from-autopilot)
-    - [Delete (deregister) Autopilot device](#delete-deregister-autopilot-device)
-  - [Appendix A: Verify support for Hyper-V](#appendix-a-verify-support-for-hyper-v)
-  - [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile)
-    - [Add a Win32 app](#add-a-win32-app)
-      - [Prepare the app for Intune](#prepare-the-app-for-intune)
-      - [Create app in Intune](#create-app-in-intune)
-      - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile)
-    - [Add Microsoft 365 Apps](#add-microsoft-365-apps)
-      - [Create app in Microsoft Intune](#create-app-in-microsoft-intune)
-      - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile-1)
-  - [Glossary](#glossary)
-
-## Verify support for Hyper-V
-
- If you don't already have Hyper-V enabled, enable it on a computer running Windows 10 or Windows Server (2012 R2 or later).
- If you already have Hyper-V enabled, skip to the [Create a demo VM](#create-a-demo-vm) step. If you're using a physical device instead of a VM, skip to [Install Windows 10](#install-windows-10).
- If you're not sure that your device supports Hyper-V, or you have problems installing Hyper-V, see [Appendix A](#appendix-a-verify-support-for-hyper-v) in this article for details on verifying that Hyper-V can be successfully installed.
-
-## Enable Hyper-V
-
-To enable Hyper-V, open an elevated Windows PowerShell prompt and run the following command:
-
-```powershell
-Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
-```
-
-This command works on all operating systems that support Hyper-V. However, on Windows Server operating systems you must type another command to add the Hyper-V Windows PowerShell module and the Hyper-V Manager console. The following command will also install Hyper-V if it isn't already installed. So, if you're using Windows Server, you can just type the following command instead of using the **Enable-WindowsOptionalFeature** command:
-
-```powershell
-Install-WindowsFeature -Name Hyper-V -IncludeManagementTools
-```
-
-When you're prompted to restart the computer, choose **Yes**. The computer might restart more than once.
-
-Alternatively, you can install Hyper-V using the Control Panel in Windows under **Turn Windows features on or off** for a client operating system, or using Server Manager's **Add Roles and Features Wizard** on a server operating system, as shown below:
-
-   ![Hyper-V feature.](images/hyper-v-feature.png)
-
-   ![Hyper-V.](images/svr_mgr2.png)
-
-If you choose to install Hyper-V using Server Manager, accept all default selections. Make sure to install both items under **Role Administration Tools\Hyper-V Management Tools**.
-
-After installation is complete, open Hyper-V Manager by typing **virtmgmt.msc** at an elevated command prompt, or by typing **Hyper-V** in the Start menu search box.
-
-To read more about Hyper-V, see [Introduction to Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/about/) and [Hyper-V on Windows Server](/windows-server/virtualization/hyper-v/hyper-v-on-windows-server).
-
-## Create a demo VM
-
-Now that Hyper-V is enabled, we need to create a VM running Windows 10. We can [create a VM](/virtualization/hyper-v-on-windows/quick-start/create-virtual-machine) and [virtual network](/virtualization/hyper-v-on-windows/quick-start/connect-to-network) using Hyper-V Manager, but it's simpler to use Windows PowerShell.
-
-To use Windows PowerShell, you need to know two things:
-
-1. The location of the Windows 10 ISO file.
-
-   In the example, the location is **c:\iso\win10-eval.iso**.
-
-2. The name of the network interface that connects to the internet.
-
-   In the example, you'll use a Windows PowerShell command to determine this information automatically.
-
-After you determine the ISO file location and the name of the appropriate network interface, you can install Windows 10.
-
-### Set ISO file location
-
-Download an ISO file for an evaluation version of the latest release of Windows 10 Enterprise from the [Evaluation Center](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise). Choose a 64-bit version.
-
-After you download an ISO file, the name will be long. For example, `19042.508.200927-1902.20h2_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso`
-
-1. So that it's easier to type and remember, rename the file to **win10-eval.iso**.
-
-2. Create a directory on your computer named **c:\iso** and move the **win10-eval.iso** file there, so the path to the file is **c:\iso\win10-eval.iso**.
-
-3. If you wish to use a different name and location for the file, you must modify the Windows PowerShell commands below to use your custom name and directory.
-
-### Determine network adapter name
-
-The **Get-NetAdaper** cmdlet is used to automatically find the network adapter that's most likely to be the one you use to connect to the internet. You should test this command first by running the following at an elevated Windows PowerShell prompt:
-
-```powershell
-(Get-NetAdapter | Where-Object {$_.Status -eq "Up" -and !$_.Virtual}).Name
-```
-
-The output of this command should be the name of the network interface you use to connect to the internet. Verify that this interface name is correct. If it isn't the correct interface name, you'll need to edit the first command below to use your network interface name.
-
-For example, if the command above displays **Ethernet** but you wish to use **Ethernet2**, then the first command below would be `New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName **Ethernet2`
-
-### Use Windows PowerShell to create the demo VM
-
-All VM data will be created under the current path in your PowerShell prompt. Consider navigating into a new folder before running the following commands.
-
-> [!IMPORTANT]
-> **VM switch**: a VM switch is how Hyper-V connects VMs to a network.
->
->- If you previously enabled Hyper-V and your internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to `AutopilotExternal`.
->- If you have never created an external VM switch before, then just run the commands below.
->- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a current list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that's used to connect to the internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch).
-
-```powershell
-New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter | Where-Object {$_.Status -eq "Up" -and !$_.Virtual}).Name
-New-VM -Name WindowsAutopilot -MemoryStartupBytes 4GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutopilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutopilotExternal
-Set-VMProcessor WindowsAutopilot -Count 2
-Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot
-Start-VM -VMName WindowsAutopilot
-```
-
-After you enter these commands, connect to this VM. Double-click the VM in Hyper-V Manager to connect to it. Then wait for a prompt to press a key and boot from the DVD.
-
-See the sample output below. In this sample, the VM is created under the **c:\autopilot** directory and the **vmconnect.exe** command is used, which is only available on Windows Server. If you installed Hyper-V on Windows 10, use Hyper-V Manager to connect to your VM.
-
-<pre>
-PS C:\autopilot&gt; dir c:\iso
-
-
-    Directory: C:\iso
-
-
-Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        3/12/2019   2:46 PM     4627343360 win10-eval.iso
-
-PS C:\autopilot&gt; (Get-NetAdapter |?{$<em>.Status -eq &quot;Up&quot; -and !$</em>.Virtual}).Name
-Ethernet
-PS C:\autopilot&gt; New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter |?{$<em>.Status -eq &quot;Up&quot; -and !$</em>.Virtual}).Name
-
-Name              SwitchType NetAdapterInterfaceDescription
----              ---------- ------------------------------
-AutopilotExternal External   Intel(R) Ethernet Connection (2) I218-LM
-
-PS C:\autopilot&gt; New-VM -Name WindowsAutopilot -MemoryStartupBytes 2GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutopilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutopilotExternal
-
-Name             State CPUUsage(%) MemoryAssigned(M) Uptime   Status             Version
----             ----- ----------- ----------------- ------   ------             -------
-WindowsAutopilot Off   0           0                 00:00:00 Operating normally 8.0
-
-PS C:\autopilot&gt; Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot
-PS C:\autopilot&gt; Start-VM -VMName WindowsAutopilot
-PS C:\autopilot&gt; vmconnect.exe localhost WindowsAutopilot
-PS C:\autopilot&gt; dir
-
-    Directory: C:\autopilot
-
-Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-d-----        3/12/2019   3:15 PM                VMData
-d-----        3/12/2019   3:42 PM                VMs
-
-PS C:\autopilot&gt;
-</pre>
-
-### Install Windows 10
-
-> [!NOTE]
-> The VM will be booted to gather a hardware ID. Then it will be reset. The goal in the next few steps is to get to the desktop quickly, so don't worry about how it's configured at this stage. The VM only needs to be connected to the internet.
-
-Make sure that the VM booted from the installation ISO, select **Next**, select **Install now**, and then complete the Windows installation process. See the following examples:
-
-   ![Windows setup example 1](images/winsetup1.png)
-
-   ![Windows setup example 2](images/winsetup2.png)
-
-   ![Windows setup example 3](images/winsetup3.png)
-
-   ![Windows setup example 4](images/winsetup4.png)
-
-   ![Windows setup example 5](images/winsetup5.png)
-
-   ![Windows setup example 6](images/winsetup6.png)
-
-After the VM restarts, during OOBE, it's fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen.  This option offers the fastest way to the desktop. For example:
-
-   ![Windows setup example 7.](images/winsetup7.png)
-
-Once the installation is complete, sign in, and verify that you're at the Windows 10 desktop. Then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state.
-
-   > [!div class="mx-imgBorder"]
-   > ![Windows setup example 8.](images/winsetup8.png)
-
-To create a checkpoint, open an elevated Windows PowerShell prompt on the computer running Hyper-V (not on the VM), and then run the following command:
-
-```powershell
-Checkpoint-VM -Name WindowsAutopilot -SnapshotName "Finished Windows install"
-```
-
-Select the **WindowsAutopilot** VM in Hyper-V Manager and verify that you see **Finished Windows Install** listed in the Checkpoints pane.
-
-## Capture the hardware ID
-
-> [!NOTE]
-> Normally, the Device ID is captured by the OEM as they run the OA3 Tool on each device in the factory. The OEM then submits the 4K HH created by the OA3 Tool to Microsoft by submitting it with a Computer Build Report (CBR). For the purposes of this lab, you're acting as the OEM (capturing the 4K HH), but you're not going to use the OA3 Tool to capture the full 4K HH for various reasons (you'd have to install the OA3 tool, your device couldn't have a volume license version of Windows, it's a more complicated process than using a PowerShell script, etc.).  Instead, you'll simulate running the OA3 tool by running a PowerShell script, which captures the device 4K HH just like the OA3 tool.
-
-Follow these steps to run the PowerShell script:
-
-1. **On the client VM**: Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same whether you're using a VM or a physical device:
-
-    ```powershell
-    New-Item -Type Directory -Path "C:\HWID"
-    Set-Location C:\HWID
-    Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned
-    Install-Script -Name Get-WindowsAutopilotInfo -Force
-    $env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"
-    Get-WindowsAutopilotInfo -OutputFile AutopilotHWID.csv
-    ```
-
-1. When you're prompted to install the NuGet package, choose **Yes**.
-
-   See the sample output below.  A **dir** command is issued at the end to show the file that was created.
-
-    ```console
-    PS C:\> md c:\HWID
-    
-         Directory: C:\
-    
-    
-    Mode                 LastWriteTime         Length Name
-    ----                 -------------         ------ ----
-    d-----        11/13/2020   3:00 PM                HWID
-    
-    
-    PS C:\Windows\system32> Set-Location c:\HWID
-    PS C:\HWID> Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
-    PS C:\HWID> Install-Script -Name Get-WindowsAutopilotInfo -Force
-    
-    NuGet provider is required to continue
-    PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet
-     provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or
-    'C:\Users\user1\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by running
-     'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install and
-    import the NuGet provider now?
-    [Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): Y
-    PS C:\HWID> $env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"
-    PS C:\HWID> Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv
-    Gathered details for device with serial number: 1804-7078-6805-7405-0796-0675-17
-    PS C:\HWID> dir
-    
-    
-        Directory: C:\HWID
-    
-    
-    Mode                 LastWriteTime         Length Name
-    ----                 -------------         ------ ----
-    -a----        11/13/2020   3:01 PM           8184 AutopilotHWID.csv
-    
-    
-    PS C:\HWID>
-    ```
-
-1. Verify that there's an **AutopilotHWID.csv** file in the **c:\HWID** directory that's about 8 KB in size. This file contains the complete 4K HH.
-
-   > [!NOTE]
-   > Although the .csv extension might be associated with Microsoft Excel, you cannot view the file properly by double-clicking it. To correctly parse the comma delimiters and view the file in Excel, you must use the **Data** > **From Text/CSV** function in Excel to import the appropriate data columns. You don't need to view the file in Excel unless you're curious. The file format is validated when it's imported into Autopilot. Here's an example of the data in this file:
-
-   ![Serial number and hardware hash.](images/hwid.png)
-
-   You'll need to upload this data into Intune to register your device for Autopilot. So, the next step is to transfer this file to the computer you'll use to access the Azure portal. If you're using a physical device instead of a VM, you can copy the file to a USB drive. If you're using a VM, you can right-click the **AutopilotHWID.csv** file and copy it. Then right-click and paste the file to your desktop (outside the VM).
-
-   If you have trouble copying and pasting the file, just view the contents in Notepad on the VM, and then copy the text into Notepad outside the VM. Don't use another text editor.
-
-   > [!NOTE]
-   > When copying and pasting to or from VMs, avoid selecting other things with your mouse cursor in between the copy and paste process. Doing so can empty or overwrite the clipboard and require that you start over. Go directly from copy to paste.
-
-## Reset the VM back to Out-Of-Box-Experience (OOBE)
-
-With the hardware ID captured in a file, prepare your VM for Windows Autopilot deployment by resetting it back to OOBE.
-
-1. On the Virtual Machine, go to **Settings > Update & Security > Recovery** and select **Get started** under **Reset this PC**.
-1. Select **Remove everything**. On **How would you like to reinstall Windows**, select **Local reinstall**.
-1. Finally, select **Reset**.
-
-![Reset this PC final prompt.](images/autopilot-reset-prompt.jpg)
-
-Resetting the VM or device can take a while. Proceed to the next step (verify subscription level) during the reset process.
-
-![Reset this PC screen capture.](images/autopilot-reset-progress.jpg)
-
-## Verify subscription level
-
-For this lab, you need an Azure AD Premium subscription. To tell if you have a Premium subscription, go to [MDM enrollment configuration](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) in the Azure portal. See the following example:
-
-**Azure Active Directory** > **Mobility (MDM and MAM)** > **Microsoft Intune**
-
-![MDM and Intune.](images/mdm-intune2.png)
-
-If this configuration doesn't appear, it's likely that you don't have a **Premium** subscription.  Auto-enrollment is a feature only available in Azure AD Premium.
-
-To convert your Intune trial account to a free Premium trial account, go to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5.
-
-![License conversion option.](images/aad-lic1.png)
-
-## Configure company branding
-
-If you already have company branding configured in Azure AD, you can skip this step.
-
-> [!IMPORTANT]
-> Make sure to sign-in with a Global Administrator account.
-
-Go to [Company branding in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding), select **Configure**, and then configure any type of company branding you'd like to see during the OOBE.
-
-![Configure company branding.](images/branding.png)
-
-When you're finished, select **Save**.
-
-> [!NOTE]
-> Changes to company branding can take up to 30 minutes to apply.
-
-## Configure Microsoft Intune auto-enrollment
-
-If you already have MDM auto-enrollment configured in Azure AD, you can skip this step.
-
-Open [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**. If you don't see Microsoft Intune, select **Add application** and choose **Intune**.
-
-For the purposes of this demo, select **All** under the **MDM user scope** and select **Save**.
-
-![MDM user scope in the Mobility blade.](images/ap-aad-mdm.png)
-
-## Register your VM
-
-Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB).  Both processes are shown here, but *only pick one* for the purposes of this lab. It's highly recommended that you use Intune rather than Microsoft Store for Business.
-
-### Autopilot registration using Intune
-
-1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Devices** > **Device enrollment | Enroll devices** > **Windows enrollment** > **Windows Autopilot Deployment Program | Devices** and then on the **Windows Autopilot devices** page, choose **Import**.
-
-    ![Intune device import.](images/enroll1.png)
-
-    > [!NOTE]
-    > If menu items like **Windows enrollment** aren't active for you, look to the far-right blade in the UI. You might need to provide Intune configuration privileges in a challenge window that appears.
-
-2. Under **Add Windows Autopilot devices** in the far-right pane, go to the **AutopilotHWID.csv** file you previously copied to your local computer. The file should contain the serial number and 4K HH of your VM (or device). It's okay if other fields (Windows Product ID) are left blank.
-
-    ![HWID CSV.](images/enroll2.png)
-
-    You should receive confirmation that the file is formatted correctly before you upload it, as shown above.
-
-3. Select **Import** and wait until the import process completes. This action can take up to 15 minutes.
-
-4. Select **Refresh** to verify your VM or device is added. See the following example.
-
-   ![Import HWID.](images/enroll3.png)
-
-### Autopilot registration using MSfB
-
-> [!IMPORTANT]
-> If you've already registered your VM (or device) using Intune, then skip this step.
-
-First, you need a Microsoft Store for Business account. You can use the same one you created above for Intune, or follow [these instructions](/microsoft-store/windows-store-for-business-overview) to create a new one.
-
-Next, to sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/store) with your test account,  select **Sign in** on the upper-right-corner of the main page.
-
-Select **Manage** from the top menu, then select the **Windows Autopilot Deployment Program** link under the **Devices** card. See the following example:
-
-![Microsoft Store for Business.](images/msfb.png)
-
-Select the **Add devices** link to upload your CSV file. A message appears that indicates your request is being processed. Wait a few moments before refreshing to see that your new device is added.
-
-![Microsoft Store for Business Devices.](images/msfb-device.png)
-
-## Create and assign a Windows Autopilot deployment profile
-
-> [!IMPORTANT]
-> Autopilot profiles can be created and assigned to your registered VM or device either through Intune or Microsoft Store for Business. Both processes are shown here, but only *pick one for the purposes of this lab*:
-
-Pick one:
- [Create profiles using Intune](#create-a-windows-autopilot-deployment-profile-using-intune)
- [Create profiles using Microsoft Store for Business](#create-a-windows-autopilot-deployment-profile-using-msfb)
-
-### Create a Windows Autopilot deployment profile using Intune
-
-> [!NOTE]
-> Even if you registered your device in Microsoft Store for Business, it still appears in Intune. Although, you might have to **sync** and then **refresh** your device list.
-
-![Devices.](images/enroll4.png)
-
-#### Create a device group
-
-The Autopilot deployment profile wizard asks for a device group, so you must create one first. To create a device group:
-
-1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Groups** > **New group**.
-
-2. In the **Group** pane:
-    1. For **Group type**, choose **Security**.
-    2. Type a **Group name** and **Group description** (ex: Autopilot Lab).
-    3. Azure AD roles can be assigned to the group: **No**
-    4. For **Membership type**, choose **Assigned**.
-
-3. Select **Members** and add the Autopilot VM to the group. See the following example:
-
-   > [!div class="mx-imgBorder"]
-   > ![add members.](images/group1.png)
-
-4. Select **Create**.
-
-#### Create the deployment profile
-
-To create a Windows Autopilot profile, scroll back to the left-side pane and select **Devices**. Then, under **Enroll devices | Windows enrollment** select **Deployment Profiles**.
-
-> [!div class="mx-imgBorder"]
-> ![Deployment profiles.](images/dp.png)
-
-Select **Create profile** and then select **Windows PC**.
-
-> [!div class="mx-imgBorder"]
-> ![Create deployment profile.](images/create-profile.png)
-
-On the **Create profile** pane, use the following values:
-
-| Setting | Value |
-|---|---|
-| Name | Autopilot Lab profile |
-| Description | Lab |
-| Convert all targeted devices to Autopilot | No |
-
-Select **Next** to continue with the **Out-of-box experience (OOBE)** settings:
-
-| Setting | Value |
-|---|---|
-| Deployment mode | User-driven |
-| Join to Azure AD as | Azure AD joined |
-| Microsoft Software License Terms | Hide |
-| Privacy Settings | Hide |
-| Hide change account options | Hide |
-| User account type | Standard |
-| Allow pre-provisioned deployment | No |
-| Language (Region) | Operating system default |
-| Automatically configure keyboard | Yes |
-| Apply device name template | No |
-
-Select **Next** to continue with the **Assignments** settings:
-
-| Setting | Value |
-|---|---|
-| Assign to | Selected groups |
-
-1. Select **Select groups to include**.
-2. Select the **Autopilot Lab** group, and then choose **Select**.
-3. Select **Next** to continue, and then select **Create**. See the following example:
-
-![Deployment profile.](images/profile.png)
-
-Select **OK**, and then select **Create**.
-
-> [!NOTE]
-> If you want to add an app to your profile via Intune, use the *optional* steps in [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile).
-
-### Create a Windows Autopilot deployment profile using MSfB
-
-If you already created and assigned a profile via Intune with the steps immediately above, then skip this section.
-
-First, sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/manage/dashboard) using the Intune account you initially created for this lab.
-
-Select **Manage** from the top menu, then select **Devices** from the left navigation tree.
-
-![Microsoft Store for Business manage.](images/msfb-manage.png)
-
-Select the **Windows Autopilot Deployment Program** link in the **Devices** tile.
-
-To CREATE the profile:
-
-Select your device from the **Devices** list:
-
-> [!div class="mx-imgBorder"]
-> ![Microsoft Store for Business create step 1.](images/msfb-create1.png)
-
-On the Autopilot deployment dropdown menu, select **Create new profile**:
-
-> [!div class="mx-imgBorder"]
-> ![Microsoft Store for Business create step 2.](images/msfb-create2.png)
-
-Name the profile, choose your desired settings, and then select **Create**:
-
-> [!div class="mx-imgBorder"]
-> ![Microsoft Store for Business create step 3.](images/msfb-create3.png)
-
-The new profile is added to the Autopilot deployment list.
-
-To ASSIGN the profile:
-
-To assign (or reassign) the profile to a device, select the checkboxes next to the device you registered for this lab. Then, select the profile you want to assign from the **Autopilot deployment** dropdown menu, as shown:
-
-> [!div class="mx-imgBorder"]
-> ![Microsoft Store for Business assign step 1.](images/msfb-assign1.png)
-
-To confirm the profile was successfully assigned to the intended device, check the contents of the **Profile** column:
-
-> [!div class="mx-imgBorder"]
-> ![Microsoft Store for Business assign step 2.](images/msfb-assign2.png)
-
-> [!IMPORTANT]
-> The new profile is only applied if the device hasn't started and gone through OOBE. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device.
-
-## See Windows Autopilot in action
-
-If you shut down your VM after the last reset, start it again. Then it can progress through the Autopilot OOBE experience. However, don't attempt to start your device again until the **PROFILE STATUS** for your device in Intune is changed from **Not assigned** to **Assigning**, and finally to **Assigned**:
-
-> [!div class="mx-imgBorder"]
-> ![Device status.](images/device-status.png)
-
-Also, make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding). Otherwise, these changes might not show up.
-
-> [!TIP]
-> If you reset your device previously, after collecting the 4K HH info, let it restart back to the first OOBE screen. Then you might need to restart the device again to make sure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you're expecting. If you don't see the Autopilot OOBE experience, then reset the device again (**Settings** > **Update & Security** > **Recovery** and select **Get started**.  Under **Reset this PC**, select **Remove everything and Just remove my files**. Select **Reset**).
-
-1. Make sure your device has an internet connection.
-1. Turn on the device.
-1. Verify that the appropriate OOBE screens (with appropriate Company Branding) appear. You should see the region selection screen, the keyboard selection screen, and the second keyboard selection screen (which you can skip).
-
-![OOBE sign-in page.](images/autopilot-oobe.png)
-
-After the device loads the desktop, the device should show up in Intune as an **enabled** Autopilot device. Go to the Intune portal, and select **Devices > All devices**. Then **Refresh** the data to verify that your device has changed to an enabled state, and the name of the device is updated.
-
-> [!div class="mx-imgBorder"]
-> ![Device enabled.](images/devices1.png)
-
-Once you select a language and a keyboard layout, your company branded sign-in screen should appear. Provide your Azure AD credentials. Then you're all done.
-
-> [!TIP]
-> If you receive a message that "Something went wrong" and it "Looks like we can't connect to the URL for your organization's MDM terms of use", verify that you correctly [assigned licenses](/mem/intune/fundamentals/licenses-assign) to the current user.
-
-Windows Autopilot takes over to automatically join your device into Azure AD and enroll it into Microsoft Intune. Use the checkpoint you've created to go through this process again with different settings.
-
-## Remove devices from Autopilot
-
-To use the device (or VM) for other purposes after completion of this lab, you need to remove (deregister) it from Autopilot via either Intune or Microsoft Store for Business, and then reset it.  Instructions for deregistering devices can be found at [Enroll Windows devices in Intune by using Windows Autopilot](/intune/enrollment-autopilot#create-an-autopilot-device-group), [Remove devices by using wipe, retire, or manually unenrolling the device](/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal), and below.
-
-### Delete (deregister) Autopilot device
-
-You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure AD), sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), then go to **Devices > All Devices**. Select the device you want to delete, then select the **Delete** button along the top menu.
-
-> [!div class="mx-imgBorder"]
-> ![Delete device step 1.](images/delete-device1.png)
-
-This action removes the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this action doesn't yet deregister the device from Autopilot. So, the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**.
-
-The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices** list mean different things and are two separate datastores. The former (All devices) is the list of devices currently enrolled into Intune.
-
-> [!NOTE]
-> A device only appears in the **All devices** list once it has booted. The latter (**Windows Autopilot Deployment Program** > **Devices**) is the list of devices currently registered from that Intune account into the Autopilot program - which may or may not be enrolled to Intune.
-
-To remove the device from the Autopilot program, select the device, and then select **Delete**. A pop-up dialog box appears to confirm deletion.
-
-> [!div class="mx-imgBorder"]
-> ![Delete device.](images/delete-device2.png)
-
-At this point, your device is unenrolled from Intune and also deregistered from Autopilot. After several minutes, select the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program.
-
-Once the device no longer appears, you're free to reuse it for other purposes.
-
-If you also (optionally) want to remove your device from Azure AD, go to **Azure Active Directory > Devices > All Devices**, select your device, and then select the **Delete** button:
-
-## Appendix A: Verify support for Hyper-V
-
-Starting with Windows 8, the host computer's microprocessor must support second level address translation (SLAT) to install Hyper-V. See [Hyper-V: List of SLAT-Capable CPUs for Hosts](https://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx) for more information.
-
-To verify your computer supports SLAT, open an administrator command prompt,  type **systeminfo**, press **ENTER**, scroll down, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example:
-
-```console
-C:>systeminfo
-
-...
-Hyper-V Requirements:      VM Monitor Mode Extensions: Yes
-                           Virtualization Enabled In Firmware: Yes
-                           Second Level Address Translation: Yes
-                           Data Execution Prevention Available: Yes
-```
-
-In this example, the computer supports SLAT and Hyper-V.
-
-> [!NOTE]
-> If one or more requirements are evaluated as **No** then the computer doesn't support installing Hyper-V. However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting depends on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings.
-
-You can also identify Hyper-V support using [tools](/archive/blogs/taylorb/hyper-v-will-my-computer-run-hyper-v-detecting-intel-vt-and-amd-v) provided by the processor manufacturer, the [msinfo32](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731397(v=ws.11)) tool, or you can download the [Coreinfo](/sysinternals/downloads/coreinfo) utility and run it, as shown in the following example:
-
-```console
-C:>coreinfo -v
-
-Coreinfo v3.31 - Dump information on system CPU and memory topology
-Copyright (C) 2008-2014 Mark Russinovich
-Sysinternals - www.sysinternals.com
-
-Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
-Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
-Microcode signature: 0000001B
-HYPERVISOR      -       Hypervisor is present
-VMX             *       Supports Intel hardware-assisted virtualization
-EPT             *       Supports Intel extended page tables (SLAT)
-```
-
-> [!NOTE]
-> A 64-bit operating system is required to run Hyper-V.
-
-## Appendix B: Adding apps to your profile
-
-### Add a Win32 app
-
-#### Prepare the app for Intune
-
-Before you can pull an application into Intune to make it part of your AP profile, you need to "package" the application for delivery using the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool). After downloading the tool, gather the following information to use the tool:
-
-1. The source folder for your application
-2. The name of the setup executable file
-3. The output folder for the new file
-
-For the purposes of this lab, we'll use the Notepad++ tool as the Win32 app.
-
-Download the [Notepad++ msi package](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available), and then copy the file to a known location, such as C:\Notepad++msi.
-
-Run the IntuneWinAppUtil tool, supplying answers to the three questions, for example:
-
-> [!div class="mx-imgBorder"]
-> ![Add app example.](images/app01.png)
-
-After the tool finishes running, you should have an `.intunewin` file in the Output folder. You can upload the file into Intune by using the following steps.
-
-#### Create app in Intune
-
-Sign in to the Azure portal, and then select **Intune**.
-
-Go to **Intune > Clients apps > Apps**, and then select the **Add** button to create a new app package.
-
-![Add app step 1.](images/app02.png)
-
-Under **App Type**, select **Windows app (Win32)**:
-
-![Add app step 2.](images/app03.png)
-
-On the **App package file** pane, browse to the `npp.7.6.3.installer.x64.intunewin` file in your output folder, open it, then select **OK**:
-
-> [!div class="mx-imgBorder"]
-> ![Add app step 3.](images/app04.png)
-
-On the **App Information Configure** pane, provide a friendly name, description, and publisher, such as:
-
-![Add app step 4.](images/app05.png)
-
-On the **Program Configuration** pane, supply the install and uninstall commands:
-
-```console
-Install:  msiexec /i "npp.7.6.3.installer.x64.msi" /q
-Uninstall:  msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q
-```
-
-> [!NOTE]
-> Likely, you don't have to write the install and uninstall commands yourself because the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool) automatically generated them when it converted the .msi file into a .intunewin file.
-
-![Add app step 5.](images/app06.png)
-
-Simply using an install command like `notepad++.exe /S` doesn't actually install Notepad++. It only launches the app. To install the program, you need to use the `.msi` file instead. Notepad++ doesn't have an MSI version of their program, but there's an MSI version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available).
-
-Select **OK** to save your input and activate the **Requirements** pane.
-
-On the **Requirements Configuration** pane, specify the **OS architecture** and the **Minimum OS version**:
-
-> [!div class="mx-imgBorder"]
-> ![Add app step 6.](images/app07.png)
-
-Next, configure the **Detection rules**. For the purposes of this lab, select manual format:
-
-> [!div class="mx-imgBorder"]
-> ![Add app step 7.](images/app08.png)
-
-Select **Add** to define the rule properties. For **Rule type**, select **MSI**, which automatically imports the correct MSI product code into the rule:
-
-![Add app step 8.](images/app09.png)
-
-Select **OK** twice to save, as you back out to the main **Add app** pane again for the final configuration.
-
-**Return codes**: For the purposes of this lab, leave the return codes at their default values:
-
-> [!div class="mx-imgBorder"]
-> ![Add app step 9.](images/app10.png)
-
-Select **OK** to exit.
-
-You can skip configuring the final **Scope (Tags)** pane.
-
-Select the **Add** button to finalize and save your app package.
-
-Wait for indicator message that says the addition has completed.
-
-> [!div class="mx-imgBorder"]
-> ![Add app step 10.](images/app11.png)
-
-Find your app in your app list:
-
-> [!div class="mx-imgBorder"]
-> ![Add app step 11.](images/app12.png)
-
-#### Assign the app to your Intune profile
-
-> [!NOTE]
-> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group). If you haven't done that, return to the main part of the lab and complete those steps before returning here.
-
-In the **Intune > Client Apps > Apps** pane, select the app package you already created to reveal its properties pane. Then select **Assignments** from the menu:
-
-> [!div class="mx-imgBorder"]
-> ![Assign app step 1.](images/app13.png)
-
-Select **Add Group** to open the **Add group** pane that's related to the app.
-
-For the purposes of this lab, select **Required** from the **Assignment type** dropdown menu.
-
-> [!NOTE]
-> **Available for enrolled devices** means users install the app from the Company Portal app or Company Portal website.
-
-Select **Included Groups** and assign the groups you previously created that will use this app:
-
-![Assign app step 2.](images/app14.png)
-
-> [!div class="mx-imgBorder"]
-> ![Assign app step 3.](images/app15.png)
-
-In the **Select groups** pane, choose the **Select** button.
-
-In the **Assign group** pane, select **OK**.
-
-In the **Add group** pane, select **OK**.
-
-In the app **Assignments** pane, select **Save**.
-
-> [!div class="mx-imgBorder"]
-> ![Assign app step 4.](images/app16.png)
-
-At this point, you have completed steps to add a Win32 app to Intune.
-
-For more information on adding apps to Intune, see [Intune Standalone - Win32 app management](/intune/apps-win32-app-management).
-
-### Add Microsoft 365 Apps
-
-#### Create app in Microsoft Intune
-
-Sign in to the Azure portal and select **Intune**.
-
-Go to **Intune > Clients apps > Apps**, and then select the **Add** button to create a new app package.
-
-![Create app step 1.](images/app17.png)
-
-Under **App Type**, select **Microsoft 365 Apps > Windows 10 and later**:
-
-![Create app step 2.](images/app18.png)
-
-Under the **Configure App Suite** pane, select the Office apps you want to install. For the purposes of this lab, only select Excel:
-
-> [!div class="mx-imgBorder"]
-> ![Create app step 3.](images/app19.png)
-
-Select **OK**.
-
-In the **App Suite Information** pane, enter a *unique* suite name, and a suitable description.
-
-Enter the name of the app suite as it's displayed in the company portal. Make sure that all suite names that you use are unique. If the same app suite name exists twice, only one of the apps is displayed to users in the company portal.
-
-> [!div class="mx-imgBorder"]
-> ![Create app step 4.](images/app20.png)
-
-Select **OK**.
-
-In the **App Suite Settings** pane, select **Monthly** for the **Update channel** (any selection is okay for the purposes of this lab).  Also select **Yes** for **Automatically accept the app end user license agreement**:
-
-![Create app step 5.](images/app21.png)
-
-Select **OK** and, then select **Add**.
-
-#### Assign the app to your Intune profile
-
-> [!NOTE]
-> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group). If you haven't done that, return to the main part of the lab and complete those steps before returning here.
-
-In the **Intune > Client Apps > Apps** pane, select the Office package you already created to reveal its properties pane. Then select **Assignments** from the menu:
-
-> [!div class="mx-imgBorder"]
-> ![Create app step 6.](images/app22.png)
-
-Select **Add Group** to open the **Add group** pane that's related to the app.
-
-For the purposes of this lab, select **Required** from the **Assignment type** dropdown menu.
-
-**Available for enrolled devices** means users install the app from the Company Portal app or Company Portal website.
-
-Select **Included Groups** and assign the groups you previously created that will use this app:
-
-![Create app step 7.](images/app23.png)
-
-> [!div class="mx-imgBorder"]
-> ![Create app step 8.](images/app24.png)
-
-In the **Select groups** pane, choose the **Select** button.
-
-In the **Assign group** pane, select **OK**.
-
-In the **Add group** pane, select **OK**.
-
-In the app **Assignments** pane, select **Save**.
-
-![Create app step 9.](images/app25.png)
-
-At this point, you have completed steps to add Office to Intune.
-
-For more information on adding Office apps to Intune, see [Assign Office 365 apps to Windows 10 devices with Microsoft Intune](/intune/apps-add-office365).
-
-If you installed both the win32 app (Notepad++) and Office (just Excel) per the instructions in this lab, your VM will show them in the apps list. It might take several minutes to populate.
-
-![Create app step 10.](images/app26.png)
-
-## Glossary
-
-|    | Description |
-|:---|:---|
-|**OEM** | Original Equipment Manufacturer |
-|**CSV** | Comma Separated Values |
-|**MPC** | Microsoft Partner Center |
-|**CSP** | Cloud Solution Provider |
-|**MSfB** | Microsoft Store for Business |
-|**Azure AD** | Azure Active Directory |
-|**4K HH** | 4K Hardware Hash |
-|**CBR** | Computer Build Report |
-|**EC** | Enterprise Commerce (server) |
-|**DDS** | Device Directory Service |
-|**OOBE** | Out of the Box Experience |
-|**VM** |Virtual Machine |
--- a/windows/deployment/windows-autopilot/images/aad-lic1.png
+++ b/windows/deployment/windows-autopilot/images/aad-lic1.png
--- a/windows/deployment/windows-autopilot/images/ap-aad-mdm.png
+++ b/windows/deployment/windows-autopilot/images/ap-aad-mdm.png
--- a/windows/deployment/windows-autopilot/images/app01.png
+++ b/windows/deployment/windows-autopilot/images/app01.png
--- a/windows/deployment/windows-autopilot/images/app02.png
+++ b/windows/deployment/windows-autopilot/images/app02.png
--- a/windows/deployment/windows-autopilot/images/app03.png
+++ b/windows/deployment/windows-autopilot/images/app03.png
--- a/windows/deployment/windows-autopilot/images/app04.png
+++ b/windows/deployment/windows-autopilot/images/app04.png
--- a/windows/deployment/windows-autopilot/images/app05.png
+++ b/windows/deployment/windows-autopilot/images/app05.png
--- a/windows/deployment/windows-autopilot/images/app06.png
+++ b/windows/deployment/windows-autopilot/images/app06.png
--- a/windows/deployment/windows-autopilot/images/app07.png
+++ b/windows/deployment/windows-autopilot/images/app07.png
--- a/windows/deployment/windows-autopilot/images/app08.png
+++ b/windows/deployment/windows-autopilot/images/app08.png
--- a/windows/deployment/windows-autopilot/images/app09.png
+++ b/windows/deployment/windows-autopilot/images/app09.png
--- a/windows/deployment/windows-autopilot/images/app10.png
+++ b/windows/deployment/windows-autopilot/images/app10.png
--- a/windows/deployment/windows-autopilot/images/app11.png
+++ b/windows/deployment/windows-autopilot/images/app11.png
--- a/windows/deployment/windows-autopilot/images/app12.png
+++ b/windows/deployment/windows-autopilot/images/app12.png
--- a/windows/deployment/windows-autopilot/images/app13.png
+++ b/windows/deployment/windows-autopilot/images/app13.png
--- a/windows/deployment/windows-autopilot/images/app14.png
+++ b/windows/deployment/windows-autopilot/images/app14.png
--- a/windows/deployment/windows-autopilot/images/app15.png
+++ b/windows/deployment/windows-autopilot/images/app15.png
--- a/windows/deployment/windows-autopilot/images/app16.png
+++ b/windows/deployment/windows-autopilot/images/app16.png
--- a/windows/deployment/windows-autopilot/images/app17.png
+++ b/windows/deployment/windows-autopilot/images/app17.png
--- a/windows/deployment/windows-autopilot/images/app18.png
+++ b/windows/deployment/windows-autopilot/images/app18.png
--- a/windows/deployment/windows-autopilot/images/app19.png
+++ b/windows/deployment/windows-autopilot/images/app19.png
--- a/windows/deployment/windows-autopilot/images/app20.png
+++ b/windows/deployment/windows-autopilot/images/app20.png
--- a/windows/deployment/windows-autopilot/images/app21.png
+++ b/windows/deployment/windows-autopilot/images/app21.png
--- a/windows/deployment/windows-autopilot/images/app22.png
+++ b/windows/deployment/windows-autopilot/images/app22.png
--- a/windows/deployment/windows-autopilot/images/app23.png
+++ b/windows/deployment/windows-autopilot/images/app23.png
--- a/windows/deployment/windows-autopilot/images/app24.png
+++ b/windows/deployment/windows-autopilot/images/app24.png
--- a/windows/deployment/windows-autopilot/images/app25.png
+++ b/windows/deployment/windows-autopilot/images/app25.png
--- a/windows/deployment/windows-autopilot/images/app26.png
+++ b/windows/deployment/windows-autopilot/images/app26.png
--- a/windows/deployment/windows-autopilot/images/autopilot-oobe.png
+++ b/windows/deployment/windows-autopilot/images/autopilot-oobe.png
--- a/windows/deployment/windows-autopilot/images/autopilot-reset-progress.jpg
+++ b/windows/deployment/windows-autopilot/images/autopilot-reset-progress.jpg
--- a/windows/deployment/windows-autopilot/images/autopilot-reset-prompt.jpg
+++ b/windows/deployment/windows-autopilot/images/autopilot-reset-prompt.jpg
--- a/windows/deployment/windows-autopilot/images/branding.png
+++ b/windows/deployment/windows-autopilot/images/branding.png
--- a/windows/deployment/windows-autopilot/images/create-profile.png
+++ b/windows/deployment/windows-autopilot/images/create-profile.png
--- a/windows/deployment/windows-autopilot/images/delete-device1.png
+++ b/windows/deployment/windows-autopilot/images/delete-device1.png
--- a/windows/deployment/windows-autopilot/images/delete-device2.png
+++ b/windows/deployment/windows-autopilot/images/delete-device2.png
--- a/windows/deployment/windows-autopilot/images/device-status.png
+++ b/windows/deployment/windows-autopilot/images/device-status.png
--- a/windows/deployment/windows-autopilot/images/devices1.png
+++ b/windows/deployment/windows-autopilot/images/devices1.png
--- a/windows/deployment/windows-autopilot/images/dp.png
+++ b/windows/deployment/windows-autopilot/images/dp.png
--- a/windows/deployment/windows-autopilot/images/enroll1.png
+++ b/windows/deployment/windows-autopilot/images/enroll1.png
--- a/windows/deployment/windows-autopilot/images/enroll2.png
+++ b/windows/deployment/windows-autopilot/images/enroll2.png
--- a/windows/deployment/windows-autopilot/images/enroll3.png
+++ b/windows/deployment/windows-autopilot/images/enroll3.png
--- a/windows/deployment/windows-autopilot/images/enroll4.png
+++ b/windows/deployment/windows-autopilot/images/enroll4.png
--- a/windows/deployment/windows-autopilot/images/group1.png
+++ b/windows/deployment/windows-autopilot/images/group1.png
--- a/windows/deployment/windows-autopilot/images/hwid.png
+++ b/windows/deployment/windows-autopilot/images/hwid.png
--- a/windows/deployment/windows-autopilot/images/hyper-v-feature.png
+++ b/windows/deployment/windows-autopilot/images/hyper-v-feature.png
--- a/windows/deployment/windows-autopilot/images/mdm-intune2.png
+++ b/windows/deployment/windows-autopilot/images/mdm-intune2.png
--- a/windows/deployment/windows-autopilot/images/msfb-assign1.png
+++ b/windows/deployment/windows-autopilot/images/msfb-assign1.png
--- a/windows/deployment/windows-autopilot/images/msfb-assign2.png
+++ b/windows/deployment/windows-autopilot/images/msfb-assign2.png
--- a/windows/deployment/windows-autopilot/images/msfb-create1.png
+++ b/windows/deployment/windows-autopilot/images/msfb-create1.png
--- a/windows/deployment/windows-autopilot/images/msfb-create2.png
+++ b/windows/deployment/windows-autopilot/images/msfb-create2.png
--- a/windows/deployment/windows-autopilot/images/msfb-create3.png
+++ b/windows/deployment/windows-autopilot/images/msfb-create3.png
--- a/windows/deployment/windows-autopilot/images/msfb-device.png
+++ b/windows/deployment/windows-autopilot/images/msfb-device.png
--- a/windows/deployment/windows-autopilot/images/msfb-manage.png
+++ b/windows/deployment/windows-autopilot/images/msfb-manage.png
--- a/windows/deployment/windows-autopilot/images/msfb.png
+++ b/windows/deployment/windows-autopilot/images/msfb.png
--- a/windows/deployment/windows-autopilot/images/profile.png
+++ b/windows/deployment/windows-autopilot/images/profile.png
--- a/windows/deployment/windows-autopilot/images/svr_mgr2.png
+++ b/windows/deployment/windows-autopilot/images/svr_mgr2.png
--- a/windows/deployment/windows-autopilot/images/winsetup1.png
+++ b/windows/deployment/windows-autopilot/images/winsetup1.png
--- a/windows/deployment/windows-autopilot/images/winsetup2.png
+++ b/windows/deployment/windows-autopilot/images/winsetup2.png
--- a/windows/deployment/windows-autopilot/images/winsetup3.png
+++ b/windows/deployment/windows-autopilot/images/winsetup3.png
--- a/windows/deployment/windows-autopilot/images/winsetup4.png
+++ b/windows/deployment/windows-autopilot/images/winsetup4.png
--- a/windows/deployment/windows-autopilot/images/winsetup5.png
+++ b/windows/deployment/windows-autopilot/images/winsetup5.png
--- a/windows/deployment/windows-autopilot/images/winsetup6.png
+++ b/windows/deployment/windows-autopilot/images/winsetup6.png
--- a/windows/deployment/windows-autopilot/images/winsetup7.png
+++ b/windows/deployment/windows-autopilot/images/winsetup7.png
--- a/windows/deployment/windows-autopilot/images/winsetup8.png
+++ b/windows/deployment/windows-autopilot/images/winsetup8.png
--- a/windows/deployment/windows-autopilot/index.yml
+++ b/windows/deployment/windows-autopilot/index.yml
@ -1,40 +0,0 @@
-### YamlMime:Landing
-
-title: Windows Autopilot deployment resources and documentation # < 60 chars
-summary: 'Note: Windows Autopilot documentation has moved! A few more resources will also be available here. For more information, see the links on this page.'  # < 160 chars
-
-metadata:
-  title: Windows Autopilot deployment resources and documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
-  description: Learn about deploying Windows 10 and keeping it up to date in your organization. # Required; article description that is displayed in search results. < 160 chars.
-  ms.topic: landing-page
-  ms.prod: windows-client
-  ms.technology: itpro-deploy
-  ms.collection:
-    - highpri
-    - tier1
-  author: frankroj
-  ms.author: frankroj
-  manager: aaroncz
-  ms.date: 10/28/2022
-  localization_priority: medium
-    
-# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
-
-landingContent:
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb 
-  # Card
-  - title: Overview
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: Overview of Windows Autopilot
-            url:  /mem/autopilot/windows-autopilot
-
-              # Card
-  - title: Tutorials
-    linkLists:
-      - linkListType: get-started
-        links:
-          - text: Demonstrate Windows Autopilot deployment
-            url: demonstrate-deployment-on-vm.md
--- a/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+++ b/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
@ -5,9 +5,7 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
-ms.reviewer:
 manager: aaroncz
-ms.custom: asr
 ms.technology: itpro-security
 ms.date: 03/16/2023
 ms.topic: article
--- a/windows/security/application-security/application-control/toc.yml
+++ b/windows/security/application-security/application-control/toc.yml
@ -1,4 +1,10 @@
 items:
+- name: Smart App Control
+  href: windows-defender-application-control/wdac.md
+- name: Windows Defender Application Control
+  href: windows-defender-application-control/wdac.md
+- name: Windows Defender Application Control and virtualization-based protection of code integrity
+  href: introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
 - name: User Account Control (UAC)
  items:
  - name: Overview
@ -7,9 +13,6 @@ items:
    href: user-account-control/how-it-works.md
  - name: UAC settings and configuration
    href: user-account-control/settings-and-configuration.md
- name: Windows Defender Application Control and virtualization-based protection of code integrity
-  href: introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
- name: Windows Defender Application Control
-  href: windows-defender-application-control/wdac.md
- name: Smart App Control
-  href: windows-defender-application-control/wdac.md
+- name: Microsoft Vulnerable Driver Blocklist
+  href: windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
+  
--- a/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md
+++ b/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md
@ -1,7 +1,7 @@
 ---
 title: User Account Control settings and configuration
 description: Learn about the User Account Control settings and how to configure them via Intune, CSP, group policy and registry.
-ms.date: 05/26/2023
+ms.date: 07/31/2023
 ms.topic: how-to
 ---

@ -9,11 +9,11 @@ ms.topic: how-to

 ## User Account Control settings list

-The following table lists the available settings to configure the UAC behavior, and their default values.  
+The following table lists the available settings to configure the UAC behavior, and their default values.

 |Setting name| Description|
 |-|-|
-|Run all administrators in Admin Approval Mode|Controls the behavior of all UAC policy settings.<br><br>**Enabled (default)**: Admin Approval Mode is enabled. This policy must be enabled and related UAC settings configured. The policy allows the built-in Administrator account and members of the Administrators group to run in Admin Approval Mode.<br>**Disabled**: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Windows Security app notifies you that the overall security of the operating system has been reduced.|
+|Run all administrators in Admin Approval Mode|Controls the behavior of all UAC policy settings.<br><br>**Enabled (default)**: Admin Approval Mode is enabled. This policy must be enabled and related UAC settings configured. The policy allows the built-in Administrator account and members of the Administrators group to run in Admin Approval Mode.<br>**Disabled**: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, **Windows Security** notifies you that the overall security of the operating system has been reduced.|
 |Admin Approval Mode for the Built-in Administrator account|Controls the behavior of Admin Approval Mode for the built-in Administrator account.<br><br>**Enabled**: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege prompts the user to approve the operation.<br>**Disabled (default)** : The built-in Administrator account runs all applications with full administrative privilege.|
 |Switch to the secure desktop when prompting for elevation|This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop.<br><br>**Enabled (default)**: All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.<br>**Disabled**: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.|
 |Behavior of the elevation prompt for administrators in Admin Approval Mode|Controls the behavior of the elevation prompt for administrators.<br><br>**Elevate without prompting**: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. **Use this option only in the most constrained environments**.<br>**Prompt for credentials on the secure desktop**: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.<br>**Prompt for consent on the secure desktop**: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.<br>**Prompt for credentials**: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.<br>**Prompt for consent**: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.<br>**Prompt for consent for non-Windows binaries (default)**: When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.|
@ -82,7 +82,7 @@ The policy settings are located under: `Computer Configuration\Windows Settings\

 #### [:::image type="icon" source="../../../images/icons/windows-os.svg" border="false"::: **Registry**](#tab/reg)

-The registry keys are found under the key: `HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`.  
+The registry keys are found under the key: `HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`.

 | Setting name | Registry key name | Value |
 | - | - | - |
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
@ -33,9 +33,9 @@ With Windows 11 2022 update, the vulnerable driver blocklist  is enabled by defa

 > [!NOTE]
 >
-> - The Windows Security app is updated separately from the OS and ships out of box. The version with the vulnerable driver blocklist toggle is in the final validation ring and will ship to all customers very soon. Initially, you will be able to view the configuration state only and the toggle will appear grayed out. The ability to turn the toggle on or off will come with a future Windows update.
+> - **Windows Security** is updated separately from the OS and ships out of box. The version with the vulnerable driver blocklist toggle is in the final validation ring and will ship to all customers very soon. Initially, you will be able to view the configuration state only and the toggle will appear grayed out. The ability to turn the toggle on or off will come with a future Windows update.
 >
-> - For Windows Insiders, the option to turn Microsoft's vulnerable driver blocklist on or off using the Windows Security app is grayed out when HVCI, Smart App Control, or S mode is enabled. You must disable HVCI or Smart App Control, or switch the device out of S mode, and restart the device before you can turn off the Microsoft vulnerable driver blocklist.
+> - For Windows Insiders, the option to turn Microsoft's vulnerable driver blocklist on or off using **Windows Security** settings is grayed out when HVCI, Smart App Control, or S mode is enabled. You must disable HVCI or Smart App Control, or switch the device out of S mode, and restart the device before you can turn off the Microsoft vulnerable driver blocklist.

 The blocklist is updated with each new major release of Windows, typically 1-2 times per year, including most recently with the Windows 11 2022 update released in September 2022. The most current blocklist is now also available for Windows 10 20H2 and Windows 11 21H2 users as an optional update from Windows Update. Microsoft will occasionally publish future updates through regular Windows servicing.

--- a/windows/security/application-security/application-isolation/toc.yml
+++ b/windows/security/application-security/application-isolation/toc.yml
@ -1,6 +1,6 @@
 items:
 - name: Microsoft Defender Application Guard (MDAG)
-  href: ../../threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md
+  href: microsoft-defender-application-guard/md-app-guard-overview.md
 - name: MDAG for Edge standalone mode
  href: microsoft-defender-application-guard/md-app-guard-overview.md
 - name: MDAG for Edge enterprise mode and enterprise management 🔗
@ -9,7 +9,7 @@ items:
  href: https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46
 - name: MDAG configure via MDM 🔗
  href: /windows/client-management/mdm/windowsdefenderapplicationguard-csp
- name: Windows containers 🔗
+- name: App containers 🔗
  href: /virtualization/windowscontainers/about
 - name: Windows Sandbox
  href: windows-sandbox/windows-sandbox-overview.md
--- a/windows/security/application-security/toc.yml
+++ b/windows/security/application-security/toc.yml
@ -1,8 +1,8 @@
 items:
 - name: Overview
  href: index.md
- name: Application Control
+- name: Application and driver control
  href: application-control/toc.yml
- name: Application Isolation
+- name: Application isolation
  href: application-isolation/toc.yml

--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@ -80,6 +80,8 @@
        "application-security/application-control/user-account-control/*.md": "paolomatarazzo",
        "hardware-security/**/*.md": "vinaypamnani-msft",
        "hardware-security/**/*.yml": "vinaypamnani-msft",
+        "information-protection/**/*.md": "vinaypamnani-msft",
+        "information-protection/**/*.yml": "vinaypamnani-msft",
        "identity-protection/**/*.md": "paolomatarazzo",
        "identity-protection/**/*.yml": "paolomatarazzo",
        "operating-system-security/**/*.md": "vinaypamnani-msft",
@ -100,6 +102,8 @@
        "application-security/application-control/user-account-control/*.yml": "paoloma",
        "hardware-security//**/*.md": "vinpa",
        "hardware-security//**/*.yml": "vinpa",
+        "information-protection/**/*.md": "vinpa",
+        "information-protection/**/*.yml": "vinpa",
        "identity-protection/**/*.md": "paoloma",
        "identity-protection/**/*.yml": "paoloma",
        "operating-system-security/**/*.md": "vinpa",
@ -130,10 +134,20 @@
          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
        ],
-        "hardware-security//**/*.md": [
+        "hardware-security/**/*.md": [
          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
        ],
+        "hardware-security/pluton/**/*.md": [
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>"
+        ],
+        "hardware-security/tpm/**/*.md": [
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
+        ],
        "identity-protection/**/*.md": [
          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
--- a/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md
@ -37,17 +37,17 @@ appliesto:

 To enable memory integrity on Windows devices with supporting hardware throughout an enterprise, use any of these options:

- [Windows Security app](#windows-security-app)
+- [Windows Security settings](#windows-security)
 - [Microsoft Intune (or another MDM provider)](#enable-memory-integrity-using-intune)
 - [Group Policy](#enable-memory-integrity-using-group-policy)
 - [Microsoft Configuration Manager](https://cloudblogs.microsoft.com/enterprisemobility/2015/10/30/managing-windows-10-device-guard-with-configuration-manager/)
 - [Registry](#use-registry-keys-to-enable-memory-integrity)

-### Windows Security app
+### Windows Security

-**Memory integrity** can be turned on in the Windows Security app and found at **Windows Security** > **Device security** > **Core isolation details** > **Memory integrity**. For more information, see [Device protection in Windows Security](https://support.microsoft.com/help/4096339/windows-10-device-protection-in-windows-defender-security-center).
+**Memory integrity** can be turned on in **Windows Security** settings and found at **Windows Security** > **Device security** > **Core isolation details** > **Memory integrity**. For more information, see [Device protection in Windows Security](https://support.microsoft.com/help/4096339/windows-10-device-protection-in-windows-defender-security-center).

-Beginning with Windows 11 22H2, the Windows Security app shows a warning if memory integrity is turned off. The warning indicator also appears on the Windows Security icon in the Windows Taskbar and in the Windows Notification Center. The user can dismiss the warning from within the Windows Security app.
+Beginning with Windows 11 22H2, **Windows Security** shows a warning if memory integrity is turned off. The warning indicator also appears on the Windows Security icon in the Windows Taskbar and in the Windows Notification Center. The user can dismiss the warning from within **Windows Security**.

 To proactively dismiss the memory integrity warning, you can set the **Hardware_HVCI_Off** (DWORD) registry value under `HKLM\SOFTWARE\Microsoft\Windows Security Health\State` to 0. After you change the registry value, you must restart the device for the change to take effect.

--- a/windows/security/information-protection/images/pluton/pluton-firmware-load.png
+++ b/windows/security/information-protection/images/pluton/pluton-firmware-load.png
--- a/windows/security/information-protection/images/pluton/pluton-security-architecture.png
+++ b/windows/security/information-protection/images/pluton/pluton-security-architecture.png
--- a/windows/security/hardware-security/index.md
+++ b/windows/security/hardware-security/index.md
@ -0,0 +1,12 @@
+---
+title: Windows hardware security
+description: Learn more about hardware security features support in Windows.
+ms.date: 07/28/2023
+ms.topic: overview
+---
+
+# Windows hardware security
+
+Learn more about hardware security features support in Windows.
+
+[!INCLUDE [hardware](../includes/sections/hardware.md)]
--- a/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md
@ -5,7 +5,7 @@ ms.collection:
  - highpri
  - tier1
 ms.topic: conceptual
-ms.date: 03/30/2023
+ms.date: 07/31/2023
 ---

 # Kernel DMA Protection
@ -49,9 +49,9 @@ Kernel DMA Protection isn't compatible with other BitLocker DMA attacks counterm

 Systems that support Kernel DMA Protection will enable the feature automatically, with no user or IT admin configuration required.

-You can use the Windows Security app to check if Kernel DMA Protection is enabled:
+You can use the Windows Security settings to check if Kernel DMA Protection is enabled:

-1. Open Windows Security app
+1. Open **Windows Security**.
 1. Select **Device security > Core isolation details > Memory access protection**

 :::image type="content" source="images/kernel-dma-protection-security-center.png" alt-text="Screenshot of Kernel DMA protection in Windows Security." lightbox="images/kernel-dma-protection-security-center.png" border="true":::
--- a/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
+++ b/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
@ -1,17 +1,8 @@
 ---
 title: Microsoft Pluton security processor
 description: Learn more about Microsoft Pluton security processor
-ms.reviewer: 
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
-manager: aaroncz
-ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/15/2022
-appliesto: 
-  - ✅ <b>Windows 11, version 22H2</b>
-ms.technology: itpro-security
+ms.date: 07/31/2023
 ---

 # Microsoft Pluton security processor
--- a/windows/security/information-protection/pluton/pluton-as-tpm.md
+++ b/windows/security/information-protection/pluton/pluton-as-tpm.md
@ -1,17 +1,8 @@
 ---
 title: Microsoft Pluton as Trusted Platform Module (TPM 2.0)
 description: Learn more about Microsoft Pluton security processor as Trusted Platform Module (TPM 2.0)
-ms.reviewer: 
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
-manager: aaroncz
-ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/15/2022
-appliesto: 
-  - ✅ <b>Windows 11, version 22H2</b>
-ms.technology: itpro-security
+ms.date: 07/31/2023
 ---

 # Microsoft Pluton as Trusted Platform Module
@ -32,7 +23,7 @@ Pluton is integrated within the SoC subsystem, and provides a flexible, updatabl

 ## Enable Microsoft Pluton as TPM

-Devices with Ryzen 6000 and Qualcomm Snapdragon® 8cx Gen 3 series processors are Pluton Capable, however enabling and providing an option to enable Pluton is at the discretion of the device manufacturer. Pluton is supported on these devices and can be enabled from the Unified Extensible Firmware Interface (UEFI) setup options for the device.
+Devices with Ryzen 6000 and Qualcomm Snapdragon&reg; 8cx Gen 3 series processors are Pluton Capable, however enabling and providing an option to enable Pluton is at the discretion of the device manufacturer. Pluton is supported on these devices and can be enabled from the Unified Extensible Firmware Interface (UEFI) setup options for the device.

 UEFI setup options differ from product to product, visit the product website and check for guidance to enable Pluton as TPM.

--- a/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md
+++ b/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md
@ -2,7 +2,7 @@
 title: System Guard Secure Launch and SMM protection
 description: Explains how to configure System Guard Secure Launch and System Management Mode (SMM protection) to improve the startup security of Windows 10 devices.
 ms.localizationpriority: medium
-ms.date: 11/30/2021
+ms.date: 07/31/2023
 ms.topic: conceptual
 ---

@ -19,7 +19,7 @@ You can enable System Guard Secure Launch by using any of these options:

 - [Mobile Device Management (MDM)](#mobile-device-management)
 - [Group Policy](#group-policy)
- [Windows Security app](#windows-security-app)
+- [Windows Security settings](#windows-security)
 - [Registry](#registry)

 ### Mobile Device Management
@ -34,11 +34,11 @@ System Guard Secure Launch can be configured for Mobile Device Management (MDM)

    ![Secure Launch Configuration.](images/secure-launch-group-policy.png)

-### Windows Security app
+### Windows Security

 Click **Start** > **Settings** > **Update & Security** > **Windows Security** > **Open Windows Security** > **Device security** > **Core isolation** > **Firmware protection**.

-  ![Windows Security app.](images/secure-launch-security-app.png)
+  ![Windows Security settings.](images/secure-launch-security-app.png)

 ### Registry

@ -58,7 +58,7 @@ Click **Start** > **Settings** > **Update & Security** > **Windows Security** >

 To verify that Secure Launch is running, use System Information (MSInfo32). Click **Start**, search for **System Information**, and look under **Virtualization-based Security Services Running** and **Virtualization-based Security Services Configured**.

-![Verifying Secure Launch is running in the Windows Security app.](images/secure-launch-msinfo.png)
+![Verifying Secure Launch is running in the Windows Security settings.](images/secure-launch-msinfo.png)

 > [!NOTE]
 > To enable System Guard Secure launch, the platform must meet all the baseline requirements for [System Guard](how-hardware-based-root-of-trust-helps-protect-windows.md), [Device Guard](../application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md), [Credential Guard](../identity-protection/credential-guard/credential-guard-requirements.md), and [Virtualization Based Security](/windows-hardware/design/device-experiences/oem-vbs).
--- a/windows/security/hardware-security/toc.yml
+++ b/windows/security/hardware-security/toc.yml
@ -1,41 +1,41 @@
 items:
  - name: Overview
-    href: ../hardware.md
+    href: index.md
  - name: Hardware root of trust
    items:
      - name: Windows Defender System Guard
        href: how-hardware-based-root-of-trust-helps-protect-windows.md
      - name: Trusted Platform Module
-        href: ../information-protection/tpm/trusted-platform-module-top-node.md
+        href: tpm/trusted-platform-module-top-node.md
        items:
          - name: Trusted Platform Module overview
-            href: ../information-protection/tpm/trusted-platform-module-overview.md
+            href: tpm/trusted-platform-module-overview.md
          - name: TPM fundamentals
-            href: ../information-protection/tpm/tpm-fundamentals.md
+            href: tpm/tpm-fundamentals.md
          - name: How Windows uses the TPM
-            href: ../information-protection/tpm/how-windows-uses-the-tpm.md
+            href: tpm/how-windows-uses-the-tpm.md
          - name: Manage TPM commands
-            href: ../information-protection/tpm/manage-tpm-commands.md
-          - name: Manager TPM Lockout
-            href: ../information-protection/tpm/manage-tpm-lockout.md
+            href: tpm/manage-tpm-commands.md
+          - name: Manage TPM Lockout
+            href: tpm/manage-tpm-lockout.md
          - name: Change the TPM password
-            href: ../information-protection/tpm/change-the-tpm-owner-password.md
+            href: tpm/change-the-tpm-owner-password.md
          - name: TPM Group Policy settings
-            href: ../information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+            href: tpm/trusted-platform-module-services-group-policy-settings.md
          - name: Back up the TPM recovery information to AD DS
-            href: ../information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
+            href: tpm/backup-tpm-recovery-information-to-ad-ds.md
          - name: View status, clear, or troubleshoot the TPM
-            href: ../information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+            href: tpm/initialize-and-configure-ownership-of-the-tpm.md
          - name: Understanding PCR banks on TPM 2.0 devices
-            href: ../information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+            href: tpm/switch-pcr-banks-on-tpm-2-0-devices.md
          - name: TPM recommendations
-            href: ../information-protection/tpm/tpm-recommendations.md
+            href: tpm/tpm-recommendations.md
      - name: Microsoft Pluton security processor
        items:
          - name: Microsoft Pluton overview
-            href: ../information-protection/pluton/microsoft-pluton-security-processor.md
+            href: pluton/microsoft-pluton-security-processor.md
          - name: Microsoft Pluton as TPM
-            href: ../information-protection/pluton/pluton-as-tpm.md
+            href: pluton/pluton-as-tpm.md
  - name: Silicon assisted security
    items:
      - name: Virtualization-based security (VBS) 🔗
@ -48,9 +48,9 @@ items:
        href: https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815
      - name: Secured-core PC 🔗
        href: /windows-hardware/design/device-experiences/oem-highly-secure-11
-      - name: Secured-core PC configuration lock
-        href: /windows/client-management/config-lock 🔗
+      - name: Secured-core PC configuration lock 🔗
+        href: /windows/client-management/config-lock
      - name: Kernel Direct Memory Access (DMA) protection
        href: kernel-dma-protection-for-thunderbolt.md
      - name: System Guard Secure Launch
-        href: system-guard-secure-launch-and-smm-protection.md
+        href: system-guard-secure-launch-and-smm-protection.md
--- a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
+++ b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
@ -1,16 +1,8 @@
 ---
 title: Back up TPM recovery information to Active Directory
 description: Learn how to back up the Trusted Platform Module (TPM) recovery information to Active Directory.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/02/2023
-ms.technology: itpro-security
-appliesto: 
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---

 # Back up the TPM recovery information to AD DS
--- a/Show More
+++ b/Show More