Date: Mon, 14 Jun 2021 14:43:27 +0100
Subject: [PATCH 010/184] remove public preview terms
---
.openpublishing.redirection.json | 7 +-
...windows-enterprise-public-preview-terms.md | 324 ------------------
2 files changed, 6 insertions(+), 325 deletions(-)
delete mode 100644 windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 25a371ea28..1434fdccf8 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -18924,6 +18924,11 @@
"source_path": "windows/privacy/deploy-data-processor-service-windows.md",
"redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
"redirect_document_id": false
- }
+ },
+ {
+ "source_path": "data-processor-service-for-windows-enterprise-public-preview-terms.md",
+ "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
+ "redirect_document_id": false
+ }
]
}
diff --git a/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md b/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md
deleted file mode 100644
index 170bd2f449..0000000000
--- a/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md
+++ /dev/null
@@ -1,324 +0,0 @@
----
-title: Data processor service for Windows Enterprise public preview terms
-description: Use this article to understand Windows public preview terms of service.
-keywords: privacy, GDPR
-ms.localizationpriority: high
-ROBOTS: NOINDEX, NOFOLLOW
-ms.prod: w10
-ms.topic: article
-f1.keywords:
-- NOCSH
-ms.author: siosulli
-author: dansimp
-manager: dansimp
-audience: itpro
-ms.collection:
-- GDPR
-- M365-security-compliance
----
-
-# Data processor service for Windows Enterprise public preview terms
-
-**These terms (“Terms”) must be read and accepted by a tenant admin with appropriate access rights and authority. By participating in this public preview, you: (a) agree to the following Terms, and (b) represent and warrant that you have such rights and authority.**
-
-These Terms govern your use of the preview described below (“**Preview**”). In order to access the Preview, you must be a current Microsoft Windows customer with an Azure Active Directory (“**AAD**”) subscription. The Preview consists of features and services that are in preview, beta, or other pre-release form for use with Windows and AAD.
-
- 1. **Definitions**. The following terms have the following meanings:
-
- 1. "**Customer Data**" means all data, including all text, sound, video, or image files that are provided to Microsoft by, or on behalf of, you through your use of Windows or AAD.
-
- 2. "**Feedback**" means, collectively, suggestions, comments, feedback, ideas, or know-how, in any form, that you or your users provide to Microsoft about Microsoft’s business, products, or services.
-
- 3. "**Personal Data**" means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
-
- 4. "**Preview Data**" means all data, including all text, sound, video, or image files that are provided to Microsoft by, or on behalf of, you through use of the Services.
-
- 5. "**Subprocessor**" means other processors used by Microsoft to process Personal Data.
-
-2. **Scope of Services**. The Preview is for a service that enables organizations to become controllers of Windows diagnostic data on supported versions of Windows, with Microsoft operating as processor of the data (collectively, the “**_Services_**”). You will collaborate with Microsoft in order to provide Microsoft the ability to enable the Services for you. To access the Services, you will need to configure participating Windows devices; Microsoft will assist you in such configuration via documentation or other communications.
-
-3. **Intellectual Property**.
-
- 1. **License Grant**. During the term of this Preview (“**Term**”), Microsoft grants you and authorized users in your tenant for Windows a non-exclusive, non-transferable, non-sublicensable right and license to access and use the Services in accordance with these Terms.
-
- 2. **Use Terms**. These Terms supersede any Microsoft terms and conditions or other agreement. You acknowledge that (i) the Services may not work correctly or in the manner that a commercial service may function; Microsoft may change the Services for the final, commercial version or choose not to release a commercial version; (ii) Microsoft may not provide support for the Services; (iii) the Online Services Terms (OST), including any obligations Microsoft may have regarding Customer Data, do not apply to the Services or Preview Data; (iv) Microsoft has no obligation to hold, export, or return Preview Data, except as described in these Terms; (v) Microsoft has no liability for the deletion of Preview Data, except as described in these Terms; and (vi) you may lose access to the Services and Preview Data after the Term.
-
- 3. **Acceptable Use**. Neither you, nor those that access the Services through you, may: (a) use the Services: (i) in a way prohibited by law, regulation, governmental order or decree; (ii) to violate the rights of others; (iii) to try to gain unauthorized access to or disrupt any service, device, data, account or network; (iv) to spam or distribute malware; or (v) in a way that could harm the Services or impair anyone else’s use of it; or (b) reverse engineer, decompile, disassemble, or work around any technical limitations in the Services, or use the Services to create a competing product. You are responsible for responding to any third-party request regarding your use of the Services or Preview Data, such as a request to take down Preview Data under the U.S. Digital Millennium Copyright Act or other applicable laws.
-
- 4. **Data Collection, Use and Location**. The Microsoft Privacy Statement https://privacy.microsoft.com/privacystatement applies to the collection, use and location of Preview Data. In the event of a conflict between Privacy Statement and the terms of these Terms, the terms of these Terms will control.
-
-4. **Confidentiality**. The following confidentiality terms apply to the Preview:
-
- 1. During the Term plus 5 years, the parties will hold in strictest confidence and not use or disclose to any third party any Confidential Information of the other party. “Confidential Information” means all non-public information a party designates in writing or orally as being confidential, or which under the circumstances of disclosure ought to be treated as confidential. Confidential Information includes information relating to:
- 1. a party’s released or unreleased software or hardware products;
- 2. a party’s source code;
- 3. a party’s product marketing or promotion;
- 4. a party’s business policies or practices;
- 5. a party’s customers or suppliers;
- 6. information received from others that a party must treat as confidential; and
- 7. information provided, obtained, or created by a party under these Terms, including:
- * information in reports;
- * the parties’ electronic or written correspondence, customer lists and customer information, regardless of source;
- * Personal Data; and
- * Transactional, sales, and marketing information.
-
- 2. A party will consult with the other if it questions what comprises Confidential Information. Confidential Information excludes information (i) known to a party before the disclosing party’s disclosure to the receiving party, (ii) information publicly available through no fault of the receiving party, (iii) received from a third party without breach of an obligation owed to the disclosing party, or (iv) independently developed by a party without reference to or use of the disclosing party’s Confidential Information.
-
- 3. Each party will employ security procedures to prevent disclosure of the other party’s Confidential Information to unauthorized third parties. The receiving party’s security procedures must include risk assessment and controls for:
- 1. system access;
- 2. system and application development and maintenance;
- 3. change management;
- 4. asset classification and control;
- 5. incident response, physical and environmental security;
- 6. disaster recovery/business continuity; and
- 7. employee training.
-
-5. **Data Protection.**
-
- **Generally**. To the extent Microsoft is a processor of Personal Data, the General Data Protection Regulation (GDPR) Terms in Attachment 1 govern that processing and the parties also agree to the following terms:
-
- 1. Processing Details: The parties agree that:
- * The subject-matter of the processing is limited to Personal Data within the scope of the GDPR;
- * The duration of the processing shall be for the duration of your right to use the Services and until all Personal Data is deleted or returned in accordance with your instructions or these Terms;
- * The nature and purpose of the processing shall be to provide the Services pursuant to these Terms;
- * The types of Personal Data processed by the Services include those expressly identified in Article 4 of the GDPR to the extent included by Preview Data; and
- * The categories of data subjects are your representatives and end users, such as employees, contractors, collaborators, and customers.
-
- 2. Data Transfers:
- * Preview Data and Personal Data that Microsoft processes on your behalf may be transferred to, and stored and processed in, the United States or any other country in which Microsoft or its Subprocessors operate. You appoint Microsoft to perform any such transfer of Preview Data and Personal Data to any such country and to store and process Preview Data and Personal Data to provide the Services.
- * All transfers of Preview Data and Personal Data out of the European Union, European Economic Area, United Kingdom, and Switzerland to provide the Online Services shall be governed by the Standard Contractual Clauses in Attachment 2.
- * Microsoft will abide by the requirements of European Economic Area and Swiss data protection law regarding the collection, use, transfer, retention, and other processing of Personal Data from the European Economic Area and Switzerland. All transfers of Personal Data to a third country or an international organization will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR.
- * In addition, Microsoft is certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and the commitments they entail. Microsoft agrees to notify you in the event that it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield principles.
-
-6. **No Support or Incident Response.** Microsoft will have no obligation under these Terms to correct any bugs, defects or errors in the Services or AAD, provide any updates, upgrades or new releases, or otherwise provide any technical support or maintenance for any Services or AAD. You will make reasonable efforts to promptly report to Microsoft any defects you find in the Services, as an aid to creating improved revisions of the Services. Microsoft will have no obligation under these Terms to provide you with incident response as part of the Services.
-
-7. **Term and Termination.** The term of the Preview begins when you accept these Terms and continues until: (a) either party terminates this Preview by providing the other party: (i) 2 days’ notice for any reason (or no reason), or (ii) notice of such party’s breach of these Terms and such party fails to cure within 15 days, or (b) upon the general availability of the Services. When the Term ends, you will no longer have access to the Services, and Microsoft will no longer have the rights to access Customer Data granted herein. Each party will, on request, return or destroy the other’s Confidential Information provided under the Preview.
-
-8. **Feedback.** Providing Feedback is voluntary. Microsoft is under no obligation to post or use any Feedback. By providing Feedback to Microsoft, you (and anyone providing Feedback through your use of the Preview) irrevocably and perpetually grant to Microsoft and its affiliates, under all of its (and their) owned or controlled intellectual property rights, a worldwide, non-exclusive, fully paid-up, royalty-free, transferable, sub-licensable right and license to make, use, reproduce, prepare derivative works based upon, distribute, publicly perform, publicly display, transmit, and otherwise commercialize the Feedback (including by combining or interfacing products, services or technologies that depend on or incorporate Feedback with other products, services or technologies of Microsoft or others), without attribution in any way and for any purpose. You warrant that (a) you will not provide Feedback that is subject to a license requiring Microsoft to license anything to third parties because Microsoft exercises any of the above rights in your Feedback; and (b) you own or otherwise control all of the rights to such Feedback and that no such Feedback is subject to any third-party rights (including any personality or publicity rights).
-
-9. **Representations and Warranties; Limitation of Liability.**
-
- 1. **By the Parties.** Each party represents and warrants to the other party that (a) it has all necessary rights, title, and authority to enter into and perform under these Terms; (b) its performance under these Terms will not breach any agreement with a third party; and (c) it will comply with any and all laws, rules, and regulations that are applicable to its performance under these Terms.
-
- 2. **Disclaimer.** EXCEPT AS OTHERWISE PROVIDED IN THESE TERMS AND TO THE EXTENT APPLICABLE LAW PERMITS, MICROSOFT (a) PROVIDES THE SERVICES AS-IS; (b) PROVIDES NO WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE; AND (c) DOES NOT GUARANTEE THAT THE SERVICES WILL BE AVAILABLE, UNINTERRUPTED, OR ERROR-FREE, OR THAT LOSS OF PREVIEW DATA WILL NOT OCCUR.
-
- 3. **Limitation of Liability.** Except as otherwise described in this Section 9, the only remedy either party has for claims relating to these Terms or participation in the Preview is to terminate these Terms or your participation in the Preview. NEITHER PARTY WILL BE LIABLE TO THE OTHER PARTY FOR ANY DAMAGES, INCLUDING DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, OR DAMAGES FOR LOST REVENUE, LOST PROFIT, LOST BUSINESS INFORMATION, OR BUSINESS INTERRUPTION, EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES. The limitations in this Section 9 do not apply to claims arising from any breach of confidentiality obligations under Section 4.
-
-10. **General.**
-
- 1. **Non-Exclusivity.** These Terms are nonexclusive. These Terms do not restrict either party from entering into the same or similar arrangement with any third party.
-
- 2. **Jurisdiction and Governing Law.** The laws of the State of Washington, excluding conflicts of law provisions, govern these Terms. If federal jurisdiction exists, then each party consents to exclusive jurisdiction and venue in the federal courts in King County, Washington. If no federal jurisdiction exists, then each party consents to exclusive jurisdiction and venue in the Superior Court of King County, Washington.
-
- 3. **Force Majeure.** A party will not be liable for failure to perform an obligation under these Terms to the extent that failure is due to a cause beyond that party’s reasonable control, including natural disaster, war, civil disturbance, or governmental action.
-
- 4. **Attorneys’ fees.** If a party employs attorneys to enforce any rights arising out of or relating to these Terms, the prevailing party will be entitled to recover its reasonable attorneys’ fees, costs, and other expenses.
-
- 5. **Assignment**. You may not assign these Terms or delegate any of your rights or obligations under these Terms to a third party without Microsoft’s prior written consent.
-
- 6. **Entire Agreement.** These Terms are the entire agreement between the parties regarding its subject matter and replaces all prior agreements, communications, and representations between the parties regarding its subject matter.
-
- 7. **Survival.** Sections 3.b, 4, 7 (with respect to post-termination obligations), and 8-10 will survive these Terms’ expiration or termination.
-
-
- Attachment 1: GDPR Terms
-
-For purposes of these GDPR Terms, you and Microsoft agree that you are the controller of Personal Data and Microsoft is the processor of such data, except when you act as a processor of Personal Data, in which case Microsoft is a subprocessor. These GDPR Terms apply to the processing of Personal Data, within the scope of the GDPR, by Microsoft on your behalf. These GDPR Terms do not limit or reduce any data protection commitments Microsoft makes to you in other agreement between Microsoft and you. These GDPR Terms do not apply where Microsoft is a controller of Personal Data.
-
-**Relevant GDPR Obligations: Articles 28, 32, and 33**
-
-1. Microsoft shall not engage another processor without prior specific or your general written authorization. In the case of general written authorization, Microsoft shall inform you of any intended changes concerning the addition or replacement of other processors, thereby giving you the opportunity to object to such changes. (Article 28(2))
-2. Processing by Microsoft shall be governed by these GDPR Terms under European Union (hereafter “Union”) or Member State law and are binding on Microsoft with regard to you. The subject-matter and duration of the processing, the nature and purpose of the processing, the type of Personal Data, the categories of data subjects and your obligations and rights are set forth in the Terms above, including these GDPR Terms. In particular, Microsoft shall:
-
- 1. process the Personal Data only on your documented instructions, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by Union or Member State law to which Microsoft is subject; in such a case, Microsoft shall inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
-
- 2. ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
-
- 3. take all measures required pursuant to Article 32 of the GDPR;
-
- 4. respect the conditions referred to in paragraphs 1 and 3 for engaging another processor;
-
- 5. taking into account the nature of the processing, assist you by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of your obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR;
-
- 6. assist you in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to Microsoft;
-
- 7. at your choice, delete or return all the Personal Data to you after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the Personal Data;
-
- 8. make available to you all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you.
-
- 9. immediately inform you if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions. (Article 28(3))
-
-3. Where Microsoft engages another processor for carrying out specific processing activities on your behalf, the same data protection obligations as set out in these GDPR Terms shall be imposed on that other processor by way of a contract or other legal act under Union or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR. Where that other processor fails to fulfil its data protection obligations, Microsoft shall remain fully liable to you for the performance of that other processor's obligations. (Article 28(4))
-
-4. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, you and Microsoft shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
-
- 1. the pseudonymisation and encryption of Personal Data;
-
- 2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
-
- 3. the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and
-
- 4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. (Article 32(1))
-
-5. In assessing the appropriate level of security, account shall be taken of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. (Article 32(2))
-
-6. You and Microsoft shall take steps to ensure that any natural person acting under your authority or Microsoft’s who has access to Personal Data does not process them except on instructions from you, unless he or she is required to do so by Union or Member State law. (Article 32(4))
-
-7. Microsoft shall notify you without undue delay after becoming aware of a personal data breach. (Article 33(2)). Such notification will include that information a processor must provide to a controller under Article 33(3) to the extent such information is reasonably available to Microsoft.
-
-
- Attachment 2 – The Standard Contractual Clauses (Processors)
-
-In countries where regulatory approval is required for use of the Standard Contractual Clauses, the Standard Contractual Clauses cannot be relied upon under European Commission 2010/87/EU (of February 2010) to legitimize export of data from the country, unless Customer has the required regulatory approval.
-Beginning May 25, 2018 and thereafter, references to various Articles from the Directive 95/46/EC in the Standard Contractual Clauses below will be treated as references to the relevant and appropriate Articles in the GDPR.
-For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, Customer (as data exporter) and Microsoft Corporation (as data importer, whose signature appears below), each a “party,” together “the parties,” have agreed on the following Contractual Clauses (the “Clauses” or “Standard Contractual Clauses”) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
-
-**Clause 1: Definitions**
-
-1. 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
-1. 'the data exporter' means the controller who transfers the personal data;
-1. 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
-1. 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
-1. 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
-1. 'technical and organizational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
-
-**Clause 2: Details of the transfer**
-
-The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 below which forms an integral part of the Clauses.
-
-**Clause 3: Third-party beneficiary clause**
-
-1. The data subject can enforce against the data exporter this Clause, Clause 4(2) to (9), Clause 5(1) to (5), and (7) to (10), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
-2.1.exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
-1. The data subject can enforce against the subprocessor this Clause, Clause 5(1) to (5) and (7), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
-1. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
-
-**Clause 4: Obligations of the data exporter**
-
-The data exporter agrees and warrants:
-
-1. that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
-1. that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
-1. that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 below;
-1. that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
-1. that it will ensure compliance with the security measures;
-1. that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
-1. to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(2) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
-1. to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
-1. that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
-1. that it will ensure compliance with Clause 4(1) to (9).
-
-**Clause 5: Obligations of the data importer**
-
-The data importer agrees and warrants:
-
-1. to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
-1. that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
-1. that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
-1. that it will promptly notify the data exporter about:
- 1. any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
- 1. any accidental or unauthorised access, and
- 1. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
-1. to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
-1. at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
-1. to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
-1. that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
-1. that the processing services by the subprocessor will be carried out in accordance with Clause 11; and
-1. to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
-
-**Clause 6: Liability**
-
-1. The parties agree that any data subject who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
-1. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
-The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
-1. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
-
-**Clause 7: Mediation and jurisdiction**
-
-1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
- 1. to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
- 1. to refer the dispute to the courts in the Member State in which the data exporter is established.
-1. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
-
-**Clause 8: Cooperation with supervisory authorities**
-
-1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
-1. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
-1. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (2).
-
-**Clause 9: Governing Law**
-
-The Clauses shall be governed by the law of the Member State in which the data exporter is established.
-
-**Clause 10: Variation of the contract**
-
-The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
-
-**Clause 11: Subprocessing**
-
-1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
-1. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
-1. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
-1. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.
-
-**Clause 12: Obligation after the termination of personal data processing services**
-
-1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
-1. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
-
-**Appendix 1 to the Standard Contractual Clauses**
-
-**Data exporter**: Customer is the data exporter. The data exporter is a user of the Services.
-
-**Data importer**: The data importer is MICROSOFT CORPORATION, a global producer of software and services.
-
-**Data subjects**: Data subjects include the data exporter’s representatives and end-users including employees, contractors, collaborators, and customers of the data exporter. Data subjects may also include individuals attempting to communicate or transfer personal information to users of the services provided by data importer. Microsoft acknowledges that, depending on Customer’s use of the Services, Customer may elect to include personal data from any of the following types of data subjects in the personal data:
-
-* Employees, contractors and temporary workers (current, former, prospective) of data exporter;
-* Dependents of the above;
-* Data exporter's collaborators/contact persons (natural persons) or employees, contractors or temporary workers of legal entity collaborators/contact persons (current, prospective, former);
-* Users (e.g., customers, clients, patients, visitors, etc.) and other data subjects that are users of data exporter's services;
-* Partners, stakeholders or individuals who actively collaborate, communicate or otherwise interact with employees of the data exporter and/or use communication tools such as apps and websites provided by the data exporter;
-* Stakeholders or individuals who passively interact with data exporter (e.g., because they are the subject of an investigation, research or mentioned in documents or correspondence from or to the data exporter);
-* Minors; or
-* Professionals with professional privilege (e.g., doctors, lawyers, notaries, religious workers, etc.).
-
-**Categories of data**: The personal data transferred that is included in data processed by the Services. Microsoft acknowledges that, depending on Customer’s use of the Services, Customer may elect to include personal data from any of the following categories in the personal data:
-
-* Basic personal data (for example place of birth, street name and house number (address), postal code, city of residence, country of residence, mobile phone number, first name, last name, initials, email address, gender, date of birth), including basic personal data about family members and children;
-* Authentication data (for example user name, password or PIN code, security question, audit trail);
-* Contact information (for example addresses, email, phone numbers, social media identifiers; emergency contact details);
-* Unique identification numbers and signatures (for example Social Security number, bank account number, passport and ID card number, driver's license number and vehicle registration data, IP addresses, employee number, student number, patient number, signature, unique identifier in tracking cookies or similar technology);
-* Pseudonymous identifiers;
-* Financial and insurance information (for example insurance number, bank account name and number, credit card name and number, invoice number, income, type of assurance, payment behavior, creditworthiness);
-* Commercial Information (for example history of purchases, special offers, subscription information, payment history);
-* Biometric Information (for example DNA, fingerprints and iris scans);
-* Location data (for example, Cell ID, geo-location network data, location by start call/end of the call. Location data derived from use of wifi access points);
-* Photos, video and audio;
-* Internet activity (for example browsing history, search history, reading, television viewing, radio listening activities);
-* Device identification (for example IMEI-number, SIM card number, MAC address);
-* Profiling (for example based on observed criminal or anti-social behavior or pseudonymous profiles based on visited URLs, click streams, browsing logs, IP-addresses, domains, apps installed, or profiles based on marketing preferences);
-* HR and recruitment data (for example declaration of employment status, recruitment information (such as curriculum vitae, employment history, education history details), job and position data, including worked hours, assessments and salary, work permit details, availability, terms of employment, tax details, payment details, insurance details and location and organizations);
-* Education data (for example education history, current education, grades and results, highest degree achieved, learning disability);
-* Citizenship and residency information (for example citizenship, naturalization status, marital status, nationality, immigration status, passport data, details of residency or work permit);
-* Information processed for the performance of a task carried out in the public interest or in the exercise of an official authority;
-* Special categories of data (for example racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, data concerning a natural person’s sex life or sexual orientation, or data relating to criminal convictions or offences); or
-* Any other personal data identified in Article 4 of the GDPR.
-
-**Processing operations**: The personal data transferred will be subject to the following basic processing activities:
-
-1. **Duration and Object of Data Processing**. The duration of data processing shall be for the term of the Preview. The objective of the data processing is the performance of the Services.
-1. **Scope and Purpose of Data Processing**. The scope and purpose of processing personal data is described in Section 5 of this agreement. The data importer operates a global network of data centers and management/support facilities, and processing may take place in any jurisdiction where data importer or its sub-processors operate such facilities.
-1. **Customer Data and Personal Data Access**. For the term designated under the applicable volume licensing agreement data importer will at its election and as necessary under applicable law implementing Article 12(b) of the EU Data Protection Directive, either: (1) provide data exporter with the ability to correct, delete, or block Customer Data and personal data, or (2) make such corrections, deletions, or blockages on its behalf.
-1. **Data Exporter’s Instructions**. For Online Services and Professional Services, data importer will only act upon data exporter’s instructions as conveyed by Microsoft.
-1. **Preview Data and Personal Data Deletion or Return**. Upon expiration or termination of data exporter’s use of the Services, it may extract Customer Data and personal data and data importer will delete Customer Data and personal data, each in accordance with the terms of this agreement.
-
-**Subcontractors**: In accordance with the DPA, the data importer may hire other companies to provide limited services on data importer’s behalf, such as providing customer support. Any such subcontractors will be permitted to obtain Customer Data and personal data only to deliver the services the data importer has retained them to provide, and they are prohibited from using Customer Data and personal data for any other purpose.
-
-**Appendix 2 to the Standard Contractual Clauses**
-
-Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(4) and 5(3):
-
-1. **Personnel**. Data importer’s personnel will not process Preview Data or personal data without authorization. Personnel are obligated to maintain the confidentiality of any such Preview Data and personal data and this obligation continues even after their engagement ends.
-2. **Data Privacy Contact**. The data privacy officer of the data importer can be reached at the following address: Microsoft Corporation Attn: Chief Privacy Officer1 Microsoft WayRedmond, WA 98052 USA
-3. **Technical and Organization Measures**. The data importer has implemented and will maintain appropriate technical and organizational measures, internal controls, and information security routines intended to protect Preview Data and personal data, as defined in Attachment 1 of this agreement, against accidental loss, destruction, or alteration; unauthorized disclosure or access; or unlawful destruction as follows: The technical and organizational measures, internal controls, and information security routines set forth in Attachment 1 of this agreement are hereby incorporated into this Appendix 2 by this reference and are binding on the data importer as if they were set forth in this Appendix 2 in their entirety.
From f00f9cc588b3790c897144e27cd5ea9c520ab2c2 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan
Date: Mon, 14 Jun 2021 14:49:36 +0100
Subject: [PATCH 011/184] Update .openpublishing.redirection.json
---
.openpublishing.redirection.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 1434fdccf8..445d23b7ea 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -18926,7 +18926,7 @@
"redirect_document_id": false
},
{
- "source_path": "data-processor-service-for-windows-enterprise-public-preview-terms.md",
+ "source_path": "windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md",
"redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
"redirect_document_id": false
}
From c307294265b743b49e0b295603929e96a82149ac Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan
Date: Thu, 17 Jun 2021 13:29:36 +0100
Subject: [PATCH 012/184] Update policy-csp-system.md
---
.../client-management/mdm/policy-csp-system.md | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 4d1e1393b7..536bae0e06 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -215,13 +215,20 @@ The following list shows the supported values:
-This policy setting opts the device into the Windows enterprise data pipeline.
+This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms.
-If you enable this setting, data collected from the device will be opted into the Windows enterprise data pipeline.
+To enable this behavior, you must complete two steps:
-If you disable or don't configure this setting, all data from the device will be collected and processed in accordance with our policies for the Windows standard data pipeline.
+- Enable this policy setting
+- Join an Azure Active Directory account to the device
-Configuring this setting does not change the telemetry collection level or the ability of the user to change the level. This setting only applies to the Windows operating system and apps included with Windows, not third-party apps or services running on Windows 10.
+Windows diagnostic data is collected when the **AllowTelemetry** policy setting is set to 1 – Required (Basic) or above.
+
+If you disable or do not configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft’s privacy statement at https://go.microsoft.com/fwlink/?LinkId=521839 unless you have enabled policies like 'Allow Update Compliance Processing' or 'Allow Desktop Analytics Processing”.
+
+Configuring this setting does not change the Windows diagnostic data collection level set for the device or the operation of optional analytics processor services like Desktop Analytics and Update Compliance.
+
+See the documentation at https://aka.ms/ConfigureWWD for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data.
From 4cac115392ab4615a65e85638331d198ff23d265 Mon Sep 17 00:00:00 2001
From: Andrea Barr <81656118+AndreaLBarr@users.noreply.github.com>
Date: Thu, 17 Jun 2021 16:36:54 -0700
Subject: [PATCH 013/184] Adding Question and Answer
Added a question and answer as requested from Radia Soulmani .
---
.../faq-md-app-guard.yml | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml
index 03baa2d537..98fc46090b 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml
@@ -70,6 +70,11 @@ sections:
answer: |
Make sure to enable the extensions policy on your Application Guard configuration.
+ - question: |
+ I’m trying to watch playback video with HDR, why is the HDR option missing?
+ answer: |
+ In order for HDR video playback to work in the container, vGPU Hardware Acceleration needs to be enabled in Application Guard.
+
- question: |
How do I configure Microsoft Defender Application Guard to work with my network proxy (IP-Literal Addresses)?
answer: |
From 3017e669b01e2b77df0bfcf621039734caacc8d3 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan
Date: Fri, 18 Jun 2021 14:25:35 +0100
Subject: [PATCH 014/184] minor updates for DPSW
---
.../changes-to-windows-diagnostic-data-collection.md | 1 +
...figure-windows-diagnostic-data-in-your-organization.md | 8 +++++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
index 113c415e29..38c0dfcce4 100644
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@@ -87,6 +87,7 @@ With the Enhanced diagnostic data level being split out into new policies, we're
Customers who use services that depend on Windows diagnostic data, such as Microsoft Managed Desktop or Desktop Analytics, may be impacted by the behavioral changes when they are released. These services will be updated to address these changes and guidance will be published on how to configure them properly.
The following provides information on the current configurations:
+
- [Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/device-policies#windows-diagnostic-data)
- [Desktop Analytics](/mem/configmgr/desktop-analytics/overview)
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index b3cf4f88b5..2e8b46a246 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -66,7 +66,7 @@ Depending on the diagnostic data settings on the device, diagnostic data can be
- Small payloads of structured information referred to as diagnostic data events, managed by the Connected User Experiences and Telemetry component.
- - Diagnostic logs for additional troubleshooting, also managed by the Connected User Experience and Telemetry component.
+ - Diagnostic logs for additional troubleshooting, also managed by the Connected User Experience and Telemetry component.
- Crash reporting and crash dumps, managed by [Windows Error Reporting](/windows/win32/wer/windows-error-reporting).
@@ -120,7 +120,7 @@ Here’s a summary of the types of data that is included with each setting:
This setting was previously labeled as **Security**. When you configure this setting, no Windows diagnostic data is sent from your device. This is only available on Windows Server, Windows 10 Enterprise, and Windows 10 Education. If you choose this setting, devices in your organization will still be secure.
->[!NOTE]
+>[!NOTE]
> If your organization relies on Windows Update, the minimum recommended setting is **Required diagnostic data**. Because no Windows Update information is collected when diagnostic data is off, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates.
### Required diagnostic data
@@ -247,7 +247,9 @@ Use the instructions below to enable Windows diagnostic data processor configura
In Group Policy, to enable Windows diagnostic data processor configuration, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** and switch the **Allow commercial data pipeline** setting to **enabled**.
-If you wish to disable, at any time, switch the same setting to **disabled**. The default state of the above setting is **disabled**. To use an MDM solution, such as [Microsoft Intune](/mem/intune/configuration/custom-settings-windows-10), to deploy the Windows diagnostic data processor configuration to your supported devices, use the following custom OMA-URI setting configuration:
+If you wish to disable, at any time, switch the same setting to **disabled**. The default state of the above setting is **disabled**.
+
+To use an MDM solution, such as [Microsoft Intune](/mem/intune/configuration/custom-settings-windows-10), to deploy the Windows diagnostic data processor configuration to your supported devices, use the following custom OMA-URI setting configuration:
- **Name:** System/AllowCommercialDataPipeline
- **OMA-URI:** ./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline
From c6737199096ae32a6330abd04fc33755935886f0 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan
Date: Fri, 18 Jun 2021 14:48:37 +0100
Subject: [PATCH 015/184] Update
configure-windows-diagnostic-data-in-your-organization.md
---
...configure-windows-diagnostic-data-in-your-organization.md | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index 2e8b46a246..033030780e 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -231,7 +231,8 @@ The Windows diagnostic data processor configuration enables you to be the contro
### Prerequisites
-The device must have Windows 10 Pro, Education or Enterprise edition, version 1809 with July 2021 update or newer. The device must also be joined to Azure Active Directory.
+- The device must have Windows 10 Pro, Education or Enterprise edition, version 1809 with July 2021 update or newer.
+- The device must be joined to Azure Active Directory.
The diagnostic data setting on the device should be set to Required diagnostic data or higher, and the following endpoints need to be reachable:
@@ -257,7 +258,7 @@ To use an MDM solution, such as [Microsoft Intune](/mem/intune/configuration/cus
Under **Value**, use **1** to enable the service.
-If you wish to disable, at any time, switch the same setting to **0** to disable. The default is **0**.
+If you wish to disable, at any time, switch the same setting to **0**. The default value is **0**.
>[!Note]
> - If you have any additional policies that also enable you to be a controller of Windows diagnostic data, such as the services listed below, you will need to turn off all the applicable policies in order to stop being a controller for Windows diagnostic data.
From c0911676bac82fb37ecce47c5823569b32c55e53 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan
Date: Fri, 18 Jun 2021 15:52:14 +0100
Subject: [PATCH 016/184] minor dpsw updates_2
---
.../changes-to-windows-diagnostic-data-collection.md | 2 +-
windows/privacy/windows-10-and-privacy-compliance.md | 9 +++++----
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
index 38c0dfcce4..814dedb66d 100644
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@@ -102,4 +102,4 @@ Previously, enterprise customers had two options in managing their Windows diagn
Now, customers will have a third option that allows them to be the controller for their Windows diagnostic data, while still benefiting from the purposes that this data serves, such as quality of updates and device drivers. Under this approach, Microsoft will act as a data [processor](/compliance/regulatory/gdpr#terminology), processing Windows diagnostic data on behalf of the controller.
-This new option will enable customers to use familiar tools to manage, export, or delete data to help them meet their compliance obligations. For example, using the Microsoft Azure portal, customers will have the means to respond to their own users’ requests, such as delete and export diagnostic data. Admins can easily enable the Windows diagnostic data processor configuration for Windows devices using group policy or mobile device management ([MDM](/windows/client-management/mdm/policy-csp-system)). For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration).
+This new option will enable customers to use familiar tools to manage, export, or delete data to help them meet their compliance obligations. For example, using the Microsoft Azure portal, customers will have the means to respond to their own users’ requests, such as delete and export diagnostic data. Admins can easily enable the Windows diagnostic data processor configuration for Windows devices using group policy or mobile device management ([MDM](/windows/client-management/mdm/policy-csp-system)). For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization](configure-windows-diagnostic-data-in-your-organization)
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index e5ce1e7e04..c6fade565c 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -65,7 +65,7 @@ The following table provides an overview of the Windows 10 privacy settings pres
An administrator can also use the Diagnostic Data Viewer for PowerShell module to view the diagnostic data collected from the device instead of using the Diagnostic Data Viewer UI. The [Diagnostic Data Viewer for PowerShell Overview](microsoft-diagnosticdataviewer.md) provides further information.
> [!Note]
-> If the Windows diagnostic data processor configuration is enabled, IT administrators should use the admin portal to fulfill data subject request to access or export Windows diagnostic data associated with a particular user’s use of a device. See [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights).
+> If the Windows diagnostic data processor configuration is enabled, IT administrators should use the admin portal to fulfill data subject requests to access or export Windows diagnostic data associated with a particular user’s use of a device. See [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights).
## 2. Windows 10 data collection management
@@ -82,14 +82,14 @@ Administrators can configure and control privacy settings across their organizat
The following table provides an overview of the privacy settings discussed earlier in this document with details on how to configure these policies. The table also provides information on what the default value would be for each of these privacy settings if you do not manage the setting by using policy and suppress the Out-of-box Experience (OOBE) during device setup. If you’re interested in minimizing data collection, we also provide the recommended value to set.
> [!NOTE]
-> This is not a complete list of settings that involve connecting to Microsoft connected experiences. For more detailed list, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
+> This is not a complete list of settings that involve connecting to Microsoft connected experiences. For a more detailed list, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
| Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection |
|---|---|---|---|
| [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**
MDM: [Privacy/AllowInputPersonalization](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off |
| [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:
**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**
MDM: [Privacy/LetAppsAccessLocation](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off (Windows 10, version 1903 and later) | Off |
| [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:
**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**
MDM: [Experience/AllFindMyDevice](/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off |
-| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#manage-enterprise-diagnostic-data) | Group Policy:
**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**
MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)
Note: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the recommended state to minimize data collection is not applicable. For more information, see [Enabling the Windows diagnostic data processor configuration](#238-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration). | Required diagnostic data (Windows 10, version 1903 and later)
Server editions:
Enhanced diagnostic data | Security (Off) and block endpoints |
+| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#manage-enterprise-diagnostic-data) | Group Policy:
**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**
MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)
Note: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the recommended state to minimize data collection is not applicable. See [Enabling the Windows diagnostic data processor configuration](#238-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration) below for more information. | Required diagnostic data (Windows 10, version 1903 and later)
Server editions:
Enhanced diagnostic data | Security (Off) and block endpoints |
| [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-ink) | Group Policy:
**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**
MDM: [TextInput/AllowLinguisticDataCollection](/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off |
| Tailored Experiences | Group Policy:
**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**
MDM: [Experience/AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-csp-experience#experience-allowtailoredexperienceswithdiagnosticdata) | Off | Off |
| Advertising ID | Group Policy:
**Computer Configuration** > **System** > **User Profile** > **Turn off the advertising Id**
MDM: [Privacy/DisableAdvertisingId](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off |
@@ -108,7 +108,8 @@ If you want the ability to fully control and apply restrictions on data being se
Alternatively, your administrators can also choose to use Windows Autopilot. Autopilot lessens the overall burden of deployment while allowing administrators to fully customize the out-of-box experience. However, since Windows Autopilot is a cloud-based solution, administrators should be aware that a minimal set of device identifiers are sent back to Microsoft during initial device boot up. This device-specific information is used to identify the device so that it can receive the administrator-configured Autopilot profile and policies.
-You can use the following articles to learn more about Autopilot and how to use Autopilot to deploy Windows 10:
+You can use the following articles to learn more about Autopilot and how to use Autopilot to deploy Windows 10:
+
- [Overview of Windows Autopilot](/windows/deployment/windows-Autopilot/windows-Autopilot)
- [Windows Autopilot deployment process](/windows/deployment/windows-Autopilot/deployment-process)
From 81271f6350475aad223a2ae910817091c42bda69 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan
Date: Fri, 18 Jun 2021 16:00:25 +0100
Subject: [PATCH 017/184] Update
changes-to-windows-diagnostic-data-collection.md
---
.../privacy/changes-to-windows-diagnostic-data-collection.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
index 814dedb66d..6d5194e8c5 100644
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@@ -102,4 +102,4 @@ Previously, enterprise customers had two options in managing their Windows diagn
Now, customers will have a third option that allows them to be the controller for their Windows diagnostic data, while still benefiting from the purposes that this data serves, such as quality of updates and device drivers. Under this approach, Microsoft will act as a data [processor](/compliance/regulatory/gdpr#terminology), processing Windows diagnostic data on behalf of the controller.
-This new option will enable customers to use familiar tools to manage, export, or delete data to help them meet their compliance obligations. For example, using the Microsoft Azure portal, customers will have the means to respond to their own users’ requests, such as delete and export diagnostic data. Admins can easily enable the Windows diagnostic data processor configuration for Windows devices using group policy or mobile device management ([MDM](/windows/client-management/mdm/policy-csp-system)). For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization](configure-windows-diagnostic-data-in-your-organization)
+This new option will enable customers to use familiar tools to manage, export, or delete data to help them meet their compliance obligations. For example, using the Microsoft Azure portal, customers will have the means to respond to their own users’ requests, such as delete and export diagnostic data. Admins can easily enable the Windows diagnostic data processor configuration for Windows devices using group policy or mobile device management ([MDM](/windows/client-management/mdm/policy-csp-system)). For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [configure-windows-diagnostic-data-in-your-organization](configure-windows-diagnostic-data-in-your-organization.md)
From ebdaba2b58dc25fc7c53b0af93826d17717fe56f Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan
Date: Fri, 18 Jun 2021 16:20:19 +0100
Subject: [PATCH 018/184] minor_update
---
.../changes-to-windows-diagnostic-data-collection.md | 2 +-
windows/privacy/windows-10-and-privacy-compliance.md | 7 ++++---
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
index 6d5194e8c5..f582ab8f63 100644
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@@ -102,4 +102,4 @@ Previously, enterprise customers had two options in managing their Windows diagn
Now, customers will have a third option that allows them to be the controller for their Windows diagnostic data, while still benefiting from the purposes that this data serves, such as quality of updates and device drivers. Under this approach, Microsoft will act as a data [processor](/compliance/regulatory/gdpr#terminology), processing Windows diagnostic data on behalf of the controller.
-This new option will enable customers to use familiar tools to manage, export, or delete data to help them meet their compliance obligations. For example, using the Microsoft Azure portal, customers will have the means to respond to their own users’ requests, such as delete and export diagnostic data. Admins can easily enable the Windows diagnostic data processor configuration for Windows devices using group policy or mobile device management ([MDM](/windows/client-management/mdm/policy-csp-system)). For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [configure-windows-diagnostic-data-in-your-organization](configure-windows-diagnostic-data-in-your-organization.md)
+This new option will enable customers to use familiar tools to manage, export, or delete data to help them meet their compliance obligations. For example, using the Microsoft Azure portal, customers will have the means to respond to their own users’ requests, such as delete and export diagnostic data. Admins can easily enable the Windows diagnostic data processor configuration for Windows devices using group policy or mobile device management ([MDM](/windows/client-management/mdm/policy-csp-system)). For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index c6fade565c..7a44461fae 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -131,9 +131,10 @@ For more information, see [Manage connections from Windows operating system comp
#### _2.3.4 Limited functionality baseline_
-An organization may want to further minimize the amount of data sent back to Microsoft or shared with Microsoft apps by managing the connections and configuring additional settings on their devices. Similar to [Windows security baselines](/windows/security/threat-protection/windows-security-baselines), Microsoft has released a limited functionality baseline focused on configuring settings to minimize the data sent back to Microsoft. However, the functionality of the device could be impacted by applying these settings. The [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) article provides details on how to apply the baseline, along with the full list of settings covered in the baseline and the functionality that would be impacted. Administrators that don’t want to apply the baseline can still find details on how to configure each setting individually to find the right balance between data sharing and impact to functionality for their organization.
+An organization may want to minimize the amount of data sent back to Microsoft or shared with Microsoft apps by managing the connections and configuring additional settings on their devices. Similar to [Windows security baselines](/windows/security/threat-protection/windows-security-baselines), Microsoft has released a limited functionality baseline focused on configuring settings to minimize the data sent back to Microsoft. However, the functionality of the device could be impacted by applying these settings. The [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) article provides details on how to apply the baseline, along with the full list of settings covered in the baseline and the functionality that would be impacted. Administrators that don’t want to apply the baseline can still find details on how to configure each setting individually to find the right balance between data sharing and impact to functionality for their organization.
>[!IMPORTANT]
+
> - We recommend that you fully test any modifications to these settings before deploying them in your organization.
> - We also recommend that if you plan to enable the Windows diagnostic data processor configuration, adjust the limited configuration baseline before deploying to ensure the Windows diagnostic setting is not turned off.
@@ -160,14 +161,14 @@ An administrator can disable a user’s ability to delete their device’s diagn
- Windows 10 Enterprise, Pro, Education editions, version 1809 with July 2021 update and newer
-The Windows diagnostic data processor configuration enables IT administrators to be the controller, under the definition of the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows 10 devices that are Azure Active Directory (AAD) joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration). Diagnostic data does not include data processed by Microsoft with the use of essential services and connected experiences in Windows.
+The Windows diagnostic data processor configuration enables IT administrators to be the controller, under the definition of the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows 10 devices that are Azure Active Directory (AAD) joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Diagnostic data does not include data processed by Microsoft with the use of essential services and connected experiences in Windows.
The Windows diagnostic data collected from devices enabled with the Windows diagnostic data processor configuration may be associated with a specific AAD User ID or device ID. The Windows diagnostic data processor configuration provides you with controls that help respond to data subject requests (DSRs) to delete diagnostic data, at user account closure, for a specific AAD User ID. Additionally, you’re able to execute an export DSR for diagnostic data related to a specific AAD User ID. For more information, see [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights). Microsoft also will accommodate a tenant account closure, either because you decide to close your Azure or Azure AD tenant account, or because you decide you no longer wish to be the data controller for Windows diagnostic data, but still wish to remain an Azure customer.
We recommend that IT administrators who have enabled the Windows diagnostic data processor configuration consider the following:
- Restrict user’s ability to sign-in with a Microsoft Account (MSA) using [Block Microsoft account group policy](/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts).
-- Restrict user’s ability to submit feedback, as any feedback or additional logs submitted by the user are not managed by the Windows diagnostic data processor configuration option. The Feedback hub app can be removed using [PowerShell](/powershell/module/appx/remove-appxpackage) and block ability to submit feedback in Microsoft Edge using [Feedback group policy](/deployedge/microsoft-edge-policies#userfeedbackallowed).
+- Restrict user’s ability to submit feedback, as any feedback or additional logs submitted by the user are not managed by the Windows diagnostic data processor configuration option. The Feedback hub app can be removed using [PowerShell](/powershell/module/appx/remove-appxpackage) and you can block the ability to submit feedback in Microsoft Edge using [Feedback group policy](/deployedge/microsoft-edge-policies#userfeedbackallowed).
>[!Note]
>Tenant account closure will lead to the deletion of all data associated with that tenant.
From 0e3e9a00129c3a331ec248982607271001cc853a Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan
Date: Fri, 18 Jun 2021 16:34:21 +0100
Subject: [PATCH 019/184] Update windows-10-and-privacy-compliance.md
---
windows/privacy/windows-10-and-privacy-compliance.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index 7a44461fae..9d66846576 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -89,7 +89,7 @@ The following table provides an overview of the privacy settings discussed earli
| [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**
MDM: [Privacy/AllowInputPersonalization](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off |
| [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:
**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**
MDM: [Privacy/LetAppsAccessLocation](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off (Windows 10, version 1903 and later) | Off |
| [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:
**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**
MDM: [Experience/AllFindMyDevice](/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off |
-| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#manage-enterprise-diagnostic-data) | Group Policy:
**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**
MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)
Note: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the recommended state to minimize data collection is not applicable. See [Enabling the Windows diagnostic data processor configuration](#238-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration) below for more information. | Required diagnostic data (Windows 10, version 1903 and later)
Server editions:
Enhanced diagnostic data | Security (Off) and block endpoints |
+| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#manage-enterprise-diagnostic-data) | Group Policy:
**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**
MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)
**Note**: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the recommended state to minimize data collection is not applicable. See [Enabling the Windows diagnostic data processor configuration](#238-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration) below for more information. | Required diagnostic data (Windows 10, version 1903 and later)
Server editions:
Enhanced diagnostic data | Security (Off) and block endpoints |
| [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-ink) | Group Policy:
**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**
MDM: [TextInput/AllowLinguisticDataCollection](/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off |
| Tailored Experiences | Group Policy:
**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**
MDM: [Experience/AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-csp-experience#experience-allowtailoredexperienceswithdiagnosticdata) | Off | Off |
| Advertising ID | Group Policy:
**Computer Configuration** > **System** > **User Profile** > **Turn off the advertising Id**
MDM: [Privacy/DisableAdvertisingId](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off |
From c24b0d494a1fd3bc184899a90c17e7538289ba6e Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan
Date: Mon, 21 Jun 2021 12:40:01 +0100
Subject: [PATCH 020/184] Update policy-csp-system.md
---
.../mdm/policy-csp-system.md | 89 ++++++++++++++++++-
1 file changed, 85 insertions(+), 4 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 536bae0e06..36cad84743 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -28,6 +28,9 @@ manager: dansimp
System/AllowCommercialDataPipeline
+
+ System/AllowDesktopAnalyticsProcessing
+
System/AllowDeviceNameInDiagnosticData
@@ -43,6 +46,9 @@ manager: dansimp
System/AllowLocation
+
+ System/AllowMicrosoftManagedDesktopProcessing
+
System/AllowStorageCard
@@ -55,6 +61,9 @@ manager: dansimp
System/AllowUserToResetPhone
+
+ System/AllowWuFBCloudProcessing
+
System/BootStartDriverInitialization
@@ -224,7 +233,7 @@ To enable this behavior, you must complete two steps:
Windows diagnostic data is collected when the **AllowTelemetry** policy setting is set to 1 – Required (Basic) or above.
-If you disable or do not configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft’s privacy statement at https://go.microsoft.com/fwlink/?LinkId=521839 unless you have enabled policies like 'Allow Update Compliance Processing' or 'Allow Desktop Analytics Processing”.
+If you disable or do not configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft’s privacy statement at https://go.microsoft.com/fwlink/?LinkId=521839 unless you have enabled policies like Allow Update Compliance Processing or Allow Desktop Analytics Processing.
Configuring this setting does not change the Windows diagnostic data collection level set for the device or the operation of optional analytics processor services like Desktop Analytics and Update Compliance.
@@ -257,6 +266,28 @@ The following list shows the supported values:
+
+**System/AllowDesktopAnalyticsProcessing**
+
+
+
+
+This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor for Windows diagnostic data collected from the device, subject to the Product Terms.
+
+To enable this behavior, you must complete three steps:
+
+- Enable this policy setting
+- Set **AllowTelemetry** to 1 – Required (Basic) or above 1
+- Set the Configure the Commercial ID setting for your Desktop Analytics workspace
+
+This setting has no effect on devices unless they are properly enrolled in Desktop Analytics.
+
+When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+
+If you disable or do not configure this policy setting, devices will not appear in Desktop Analytics.
+
+
+
**System/AllowDeviceNameInDiagnosticData**
@@ -609,6 +640,27 @@ The following list shows the supported values:
+
+**System/AllowMicrosoftManagedDesktopProcessing**
+
+
+
+
+This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data.
+
+For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data - Microsoft Managed Desktop | Microsoft Docs](privacy-personal-data.md).
+
+This setting has no effect on devices unless they are properly enrolled in Microsoft Managed Desktop.
+
+When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+
+If you disable this policy setting, devices may not appear in Microsoft Managed Desktop.
+
+>[!IMPORTANT]
+
+> You should not disable or make changes to this policy as that will severely impact the ability of Microsoft Managed Desktop to manage the devices.
+
+
**System/AllowStorageCard**
@@ -845,11 +897,18 @@ ADMX Info:
-Allows IT admins to enable diagnostic data from this device to be processed by Update Compliance.
-If you enable this setting, it enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service.
+This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms.
-If you disable or do not configure this policy setting, diagnostic data from this device will not be processed by Update Compliance.
+To enable this behavior, you must complete three steps:
+
+- Enable this policy setting
+- Set **AllowTelemetry** to 1 – Required (Basic) or above 1
+- Set the Configure the Commercial ID setting for your Update Compliance workspace
+
+When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+
+If you disable or do not configure this policy setting, devices will not appear in Update Compliance.
@@ -932,6 +991,28 @@ The following list shows the supported values:
+
+**System/AllowWuFBCloudProcessing**
+
+
+
+
+
+
+This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms.
+
+To enable this behavior, you must complete three steps:
+
+- Enable this policy setting
+- Set **AllowTelemetry** to 1 – Required (Basic) or above 1
+- Join an Azure Active Directory account to the device
+
+When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+
+If you disable or do not configure this policy setting, devices enrolled to the Windows Update for Business deployment service will not be able to take advantage of some deployment service features.
+
+
+
**System/BootStartDriverInitialization**
From 353358e8173321373e87b61fe44c76e11d657b1c Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan
Date: Mon, 21 Jun 2021 12:46:24 +0100
Subject: [PATCH 021/184] Update policy-csp-system.md
---
windows/client-management/mdm/policy-csp-system.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 36cad84743..c19189a66c 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -648,7 +648,7 @@ The following list shows the supported values:
This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data.
-For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data - Microsoft Managed Desktop | Microsoft Docs](privacy-personal-data.md).
+For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data - Microsoft Managed Desktop | Microsoft Docs](/microsoft-365/managed-desktop/service-description/privacy-personal-data.md).
This setting has no effect on devices unless they are properly enrolled in Microsoft Managed Desktop.
From b235ebe8c8421df84a90173b6556e35becf7b33b Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan
Date: Mon, 21 Jun 2021 14:45:26 +0100
Subject: [PATCH 022/184] Update policy-csp-system.md
---
windows/client-management/mdm/policy-csp-system.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index c19189a66c..149be2e826 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -277,7 +277,7 @@ This policy setting, in combination with the Allow Telemetry and Configure the C
To enable this behavior, you must complete three steps:
- Enable this policy setting
-- Set **AllowTelemetry** to 1 – Required (Basic) or above 1
+- Set **AllowTelemetry** to 1 – Required (Basic) or above
- Set the Configure the Commercial ID setting for your Desktop Analytics workspace
This setting has no effect on devices unless they are properly enrolled in Desktop Analytics.
@@ -903,7 +903,7 @@ This policy setting, in combination with the Allow Telemetry and Configure the C
To enable this behavior, you must complete three steps:
- Enable this policy setting
-- Set **AllowTelemetry** to 1 – Required (Basic) or above 1
+- Set **AllowTelemetry** to 1 – **Required (Basic)** or above
- Set the Configure the Commercial ID setting for your Update Compliance workspace
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
@@ -1004,7 +1004,7 @@ This policy setting configures an Azure Active Directory joined device so that M
To enable this behavior, you must complete three steps:
- Enable this policy setting
-- Set **AllowTelemetry** to 1 – Required (Basic) or above 1
+- Set **AllowTelemetry** to 1 – **Required (Basic)** or above
- Join an Azure Active Directory account to the device
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
From 7cc627275eb7ef939abb5f7a37dc94d2a5e978a5 Mon Sep 17 00:00:00 2001
From: Guillaume Bordier
Date: Mon, 21 Jun 2021 17:13:49 +0200
Subject: [PATCH 023/184] changed screen capture to remove double quotes
---
.../images/pinreset/allowlist.png | Bin 33880 -> 33638 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
diff --git a/windows/security/identity-protection/hello-for-business/images/pinreset/allowlist.png b/windows/security/identity-protection/hello-for-business/images/pinreset/allowlist.png
index 097b1e036df4ddd9e2f4dd657f4a9aef2a97dc1c..5b1df9448e00e4ddc1e45396eba1bba735ef6533 100644
GIT binary patch
literal 33638
zcma&N2UL?yyDl6XhzO{N3J6$UK|w^N6PgvJBLdPDq=pWmgeIc!DFUz3gb;c!iPS(s
zKtw@GLQhBnp%Wk^0Rn{1AHVP0`|Pv#I{!J(S}ay(&CD}%&&)mdbzS%K!ProT?}W$+
z006-E^vT0#0KgFp0C0$QoQqR(BxT#1^Y4)VGoAYYIPT&C=f_c(dj|IafT~2^-B-sr
zzj=I~So#A1f6f2-JM`A^*hK)~?atGO_nrsa(Z_hh&d%l@93VQfT-{7m`~3#-#-ZBQ
zSJDm-Um61JYinF6&AW2Jq;yvDtrgzODyap
zJV}KQ0O&h=3UcVu%)Mq-S2#R>z@@KaVi}D&~@MQ_U@UmLjY~l2lL0?JcgHD6190e
z@u&0t%kL>ccAIe#RonhRp_-s|elgY$J0Li~veB0+6U>Wu#Hjq&lF2t?u%*Y8ZEv
z^Pa~^r3-WdBKyRN6a05(#1LABdsSEVZ%?90O?^Bq;8V-iPJur4>?3v6gM16i2|RD|
zQ+VoiG?!D|roAB#+nfpHwDO@_Zf7@U7bGLc1!J?q6=zaoYv+yXK2QLFi6?H)uuw$P
zY8Q$pqqZ8
z{HktYIji<}Lg#f*^V#0RTiE
znwzKAdsQ|&^3^0*BH?0w^I~WDEUR7_wK&qBbx36|3>zg7Bw~-k&G%M1A^XX4b!snY
z#5-m|*J@j3OODwRhvBQ}*T?_^4J
zWZ8>?L-hd)mJ%(wX%>+Dg>Xdw1Vu^Q%RXnAjOlN`RcLJw^X{ngwWw6X9|q)*|ha6#3?&Cs3Pg!nRt9N$UhG7C;%+IwwcIsz^URodR_
z*XTF4@n_9pO?NivDW5;TqF&6%!_0~dEs}9B6n6r<1Oh-hT1(8~MfTxV&6mt(1WX~+
z=GSc->_)Hfs^eb2>Z~7C!ojEy4Auu+923c_M{XK`?Y)fK#q
z1)7(Ji`M!~#iMQx(i9dm4-p~33;ZeOL1P{vrGfCTa58+c+<%n67_v}pJ?B2HiEe_Y
zgy+r+b&rv53@1EJNh|SLxH+cb{&xf;=uL|1la>q>J()nsfQ34LI2Q>VQKwRcYtTPt
zN@t-*3x|1(6tU%dP5{8gN;U9eK~qzcZZtw77^~(yhBA-LB^(_wYJN&euGH&(Q2JrF
ze!x)Gyw~U-2-^gGdd}tI5i|FR!Zf>QR2)n|Yczbd1)?BgS3a(68b??1-S5@{8+9<}
zFM0=Nn#&%HJ#DtX##5;{(kvK;ZPI}47vk$qHiHB80ouUYD}=bFMS_m7lxkwJ?fg4?
zZ*yO-EG4dO}S;FVA{zm9y28*C)1ly%%-37TwEf-5I54;!^@eCRx8DMFA&4o
zLT=O5jVLnD+ym$H?e|&28sMj*-T~8S!|&|J8neLKSLtFF&Gmc330A-pX`xqz$1pko
zK*F<>W8>TWO^^59Q%ns9dG+xg71YZWJPM}dON
z{Bh*1A*~^&c>&Mh%GT!eA`)}YRKR2B89Upy>K4HXzcnKvA~yezMcA-2)Xek1AG3Vl
zqggZ)l#5H?0bC#x+&aDFzvQ*1ZJ786Ir}@UiA^Ldd}o@9}1jPuv2&
zwhzx8=+zy|ooTyY`PDxkjpJwN@)N
zCcjgik?&lZ8#VKEh6mfSBhVNb;oR)_ONo9Q?;iQ>UZhXr2a_T#4}N?y(|A&%scOw`
ztm!nzcn%+0k(Uo6OgNj1$Nhn1W*L=Daz;A8xW4CGCUF+jJ36?LSh=5z@0V=G8Mh@=
zn8R%rV$g$zKrF754-s8C5896$_X8%cA|5G~jVlk5S!pO2?`r;vu*v}T&~q?Pz?ndX
z9iq{HmaNsUs&TSMxuYS5y{FOSczD8cn=+!x*(xc);
ze2xEOnd!CX9HR~mhPn@BrUiuRc&}Uzb*qTTB6f@2x{zFncJVfLt9kD9Da;BX*K}_o
zN=(L1$$)q4J2dZ8=J|E
zXib3Oh7A(0$ZD;F6tq|%FFtSDe9YH0UQQQN^NwpL%p44dhoIcPzZM$le7Ha~qV?Yy
zOA$e4D+Ws>jQGyOKOnR!Z?dS@v4k;<_wWgq+C9X1+ItxT=DBNKqGSux6YxI4ZuCO@
zA?GcCM)ll1CpGUun_dt@aH$zj!+}(L0f3x4%b?)+nB$oB7lXV2SKTfpc;FF)iTaK-
zx%HXH^4qM>h+VB?G)UZfGtbAzq)s)}r^Z87ML`E2bw36+L=jvE%N!;Y6AsJ=)TT1J
zal=Je>sq&IE6g%2%PZdh6(b(C()k_S2p4G*=;)N)V~8l1%rgUPLxR>9nDLC8qqD>B
z(!7QrC!uzNOd;KYYGlm1=@N>PN2hq^KHCOMEguGm#J@~(ZfPgzYEu@jwWn)8(yvmO?b;&7r@Iwc5r|yMURj4X@9iXw
z=}Z_GUJrkr0M{D(1SRtr47!sCYm>_qTC_^@_DJ@fo~aHygQhNAsOL`%m~J2sf}4&>
zdc9E7+@~Pp-T-FI6FT}es;-9t#_R;TLPIr}g^LV4;0VAcK<{KzbIkGPca#Tz2ajb6
z_pJNvFJqO*=V^!*yoG(ZQ}!XiqFMMMV7b1D*tox*Hi_}!0
zF4GBm$=g1s=`Xf|v|TzC50P}IOnQV0ymaf=^Da@j<0?LqqbxnTvvIqyfEHuz(P71%
zN@Ec1jBtjdgmev$l5q{4-b(#vykRe4oFl!rFk&het-Ps$L069gtSfe95pL7ZT*^JS
z=RK5P0&#w+(2lo!UH0f!G-X5~T(bvH1^|YTU562f=4iQGB>&ew8mj}Fzo5<8?HIC?nvO
z%C|`8j<<+x37SJcp06JTOOwuzW?L_Td)-j`c)e*RQ`GavO?sGy5luh#W!h$4OG0wZ
zFc!l=8pqkK!Kw7fh@epG>m287r>d%&!ey5&5r##98v1!Gi&0e1w5mnHT1SN6SN3MTl?K
zDEk^g-L>;rzIwNBjpiGVF#AJC*O|%gY04I)t+uuAag8G53rB+tpLuf4f4(NS7`3FS
zTQjL#=!Du%47EZSbw5LUhp-k$7t-9r>MP6leBcc0c}0Su>huYh$aAz0zDI^CF$Z>;
zLH-bKCugI9-Pt(BD*G@o?;%T#6erM+BwGZOw7>L%{;h^Vl%=Zx03~PH3zhGGJ`l=O
zn%gbh^11)Y^hMw~x!|w6
zD--!zUuknaFByX%I1D(OY&r@CMF1(xq9R%Oz^xzbJt{~6W9
z@2hL#F=i^sD|ijj1SP(?g&|Q$?(Iqi&j0pgG}I;O~nCm-86|rZREQ
zoh^>N*{-IphblV!{KvcxlNP#k#xXI~AYe`lLp1Cl?*>#mK^4hF+>&fy^@+Ky547~X
z4~(`{qVJB9!_-}u#IQNAGw?uinjU@7l(D2Y+_S+LuEqqO;T&e*eQyo-e@s|c2clxu
z80D9PGzuO?j^uJe&%@I-SLnNgei}6aP+fWjmx*1`6urC7b+HoVVVDc!xzscIrm;De
z0hQPBU;5i@>D@%bC9+lJL4C7B!zfxmB+@^X*jXY=tD_d%*1GuK&JmBvPWZ$i|2AbQ
z0BCSx%o`Ht&3o+YVZn{
zx0dxrS?bS5wAZ*NC=qJa629oB;X~y^?XPOOkMF8@zmKUt;L}iFyQQ(K+x&5<`Oxt@
zQnfg{0jsOUHfPV}ZxaL|!Eiw)gP@jZDqvxk?1#;*cg>&&rYy22iAcn1V;8-l}g1*3g`dZv%
zZL3`g!-^`QTaoUD6MGBJ*aXlCu~Qy*Jqf-b@HkjJdv$JBN}uTqRo*cur3b$Rwu(%>
z^j`_Jw@+PG_ufCAp?d^iT=`fO;@!fCasMa$LFGQHzh`7%=Y<$F80?esS8P6Cb?*D;
zSMK`O$jUwyqSIW*a7lgh6U*Yc8@&QSMLeu)mO_VFSp-&XvCetqTtl5;$#nGUWr*^*
zTZEwO{LlR&qg~)e-vkD&%8s2uJqC4$=Ad$QY8z`UI~3BCXo#b|$Wh~%K5(}`vDRm?ErrWo
zYdHhlgVMPlKD?0%w<~y5PxK*w7H|(MKI@&wrJI@%9~hwMSPm05o?RWdA~ZuOwC7tC
zvZYd^;RBwgEHjT(X7`|h^ZuJoX`k$g-`E6r=-|K^;NV?y=W4Uy7K
zYUqUv)`B6s_55eueoZ4uI5cGbElvCx1vfI>eJ#=|2aTv9Gl&*#Qq2`VxG)XEt|HP$
z$wxm#jSPLu$S{{`b|X${EUpaxyxyP#CCDhXn58vH;=GD2l$zRuQqA~64Vd9+we<*l
z`AWHs!*fqm?-97{*?U~~*D!h;LphBBcWo6`AB%1Q*~V!YyLjZzgZmR5Z}8{2+p#Nl
ze%@jMWyb*8gMB54h02?o;(Sra{bcuPQW%hO@4*iE+w^+52lX(Y#O)`_8qGGMTA!|U
z3z(}TvpjNt&E&4y-cdCeFZmMzeexlT2FzD;w_hGRQyW)&fFBY;${GPv#k*l
z!Z(c3hPi`3S4-RMxI;7pf4Em0%P`f(nu=G4)H=a+MUFDpxVmmw4t#0)tCci89Kn@}
zhJlW`$4%GbA4OZqc$;4%EIw9c-WVw$@=*4-h3pUsjdhbzcI5_1b3X}wP&@l)Yy$8I
z;FMCl=9)$%0+w>-2
z6J7PtM(OBo0n%C;xNt(_&aaTM!AxqMzUhIr_)v*b;AHG0X*8rr9D^f!EiN1h*xAb;
z#^185!u(E9{3M{YYfR0KY~Gpg?(FpCwyy@iY5$8svaklCn_~rSWJ>n}ptSm~XXfu|
z?t&RgJNklDb7)<2wIl|nqjt#0s3N-fgJF)i*{^kYQN88xSba%cHEE8>cC2r-(10Dw!4j+uX(kKd>?
z*OU$JNElAAZv$O4ocH|fn;^#eOFZjk10O%PfOvpJcX#*LN_F+!AlJcmBL{Gyu{`QE
zC>N-y&r&w}cBsm^M-hE~roz7?7DvuofsOW;%yjG3O>NkrLJNhx;a*oIhUjVR=NZ;l
zq3;^&2`zACpar!382g*C(RvSFUUF?C)Yw}?{X5YiZ-T}*=&fvMtSnfKRm2cvZ_5t{
z_QY91Y{Lc_@q=nKi(Y6|y~z3$4b_YRl1=Lk1r9ta&ZV!EXXA^kQRo`cw>;GZyU@z4
z@C{2?1j=G|iQDer4pB|pN#9a%#%O2uvzCHQ<2wj4D4hW-Jb`?F7yuaNePrPM?P-nu
zG-&Re^5-3rX{S_kc1SpF6D*Kk?0qiKq!&)cjQ&34S2Ayx#k^)(?`jG0j-
z{1w$$3i)|_HaYOT6vmD)B*|ohzCppp=u}P^knz#{{6h0f9Xs%dyaGo+Fv#b_q#U!e
zFNtPaTFlSw*VnVZs~HH(t1|X$eRYGb%PDJ-GLa$W_5IGxkt3+K1WOLt1~K{3q+5`Q
zx6Nm?$dmN^{v$FyxG&b*we^Izg40W7#U6w7KQZPz6V96idZE^C
z6YE>8gbLAH*p!goi+u5v7%3xD4pqtvN9)PkS;FHZNjdQ{cKA;ph^Uv}%`#TKE}cR$
ziz=Kct}9FEwdIdjQo_v31`>Jemf`m9jPboE7hk8!8n?z?lV(Bhq@}o0NnxHfNqfB?
z@#DJKj1Ks)?N*F=vUNdmM0%yL9|3MQSS0LIphq}&X#b3dMpJc0(J$eowYi>~MD$GAe2S>z
z>qV{<;zG$_tlN~_M+GM<2PU>vJYPn4LGfuzc4}dLKUpfpecd)3O#ZlO@%y)Bp%fP+
z)a2Q1TSpEihD8*cf5<2V4Ke5Dx98Wp6SO(4J-1FsFe@e-ohynZZ)KNOG&uK1vH$i_
zf79Nctaxv~)?R$;2u7KsbiFHJ&qD+b&Okg
zwwX}WH(1kS>;;*6R{H672Y@&2ZhkLv*6-s*%(*)R`m~rPlbX@niBJyH*c&g<^v7C0
z$4eFr`byj(hZLR`Rq(79@2&opxSsaMj(;!-XS5go=w|@HDJu@;!FjY@Pec9*dvYKB
z5#=})&i(faVqo@y2I((x@ko+77dIo8Cnxu7wdC*Yjqa%r^8f__@PWye+3ua)D897V_W$NTc2M|-8~)8ne3Z3U*S1dbfQmD3q(W@I2z{jrC$DS=$p$;4Mq4U$>A7lJ<)L6gT^|yyBHk_x@RT6a;YF6OvbM$l2St|
z=bNRL+As+3Kxibod&=E0ddI9yWM<;d>Uf-WH?&wIlr`#jR$XZyRW;X78Go6MZef!+
zIurn~D42`v_kBB28d|$=D_EceOq9F;VQJp2(f4E5%*JRUQt?Nb8VF$2
z@|T?@f9Bw$r)=7CZS%8DNPVw1e@Yb=Kzl=oan84K4WEZwK@h35AZ!tG9^=Fo8
zDXzY>PWW-1IpvI$G!pfMZP4kr&t-|~P1mZfIUh_2Lef+bWJio(K>n-o-SD13M$O=V
z%;)r7gS4@4jX_3BB-;Zkdw&gPsp0VrbA!G|SG{Yo?}5NxGOYsC4x`S0`CO$?_7u3Mj8CMa#YVKwd)>!aa)`!Bq1ZE2n0q9J&rlZe1e9`&|FXlS5<
zTgmu@jgg6C-!qiGy(*bVzr(LzhSy|EKJ1W>QZ^cAgYtBSCooV6-X<h=x_9!tdsU
z(y=-{X?L-5MPzj8p+AWPeaoD~@#Xw+0x%ufVdS}1eJCJ&0z%2~19_y)sIK&rzMKb9
zmfpF^e(=tMB7a8Onubb;*Zw4)R(1vM_$)%Oc1=?C_NnB!+RDptVQ;dRpo1gx?ktAp
zp>;{S~b2b-gvU)gI
zQ1%Fc0eK}8VaHd8dU92cC`cP|YhycNp;*Q8xoxu+OXfd_10^GMjgq&SAq1XQrB8ti
z6g4l2w=n%NbhA#*Q{Qz?1pmx3vIeHpNDxX4Z~z}Bm)Eo~X)^H74?(sHq|w8jkw&!j
zJ$I;bC>FIheH*RP_ii-CwdHF0EoI7ivUiY*u6G?rmUelD@Z!^d`>j7Y3#i1|
z*;z&~Cu;#%>o(YKD*;&icmwoy*R4f;mAmU2rxC|*{+ZC_$N$|I+6-F9|7@E!f_6-N
zuk#0p{BP~RvzVq9clsw!wdIAhKz_hQRjk!Tgxz$nc}Il=N!9G?n)%h0<;}slJ1RbY
z|IK?ETR5-VRoM3|R+?))<@7x9o47+ggHeOTKSl_@raq6K<46{Ok}su`*Om{fSbbeB
zQIa*{q(X3>H+@&uINlckxF5&KoZvjiW&gz{U8?0&cwo1SKwf}*=TVAspn8!tgi2J6
zP2kLsip}iXvNoo1C<;eQ={&FlKB&cmX=@G45C_xQjN0qI
z*@9z_b37LA;&0S6;icRB3*Tloo>7blTmHMhs6dOs$2Xr=v@YV$`qX7HQ(rmGOA@W
z5KFp7!MrY-g{C{12!6uJ;ZS)OawA~TbTZ?Z2nlGrI7HZD;7V6xzg>{}2mjZK+7Jqx
zlzci}W(P7J8U!rQyI0%rq^s{%$a&f1d3wq-=fpCRTioeypt6tbU5cu$iljkBrl~45
z@_y#3EJ>9@;Wyj0;p5hU6?rKBCN9oRZXBd$(6=iu4VqheH|4uu`nn89BMc^l-u0`d
ze{e=^H%Mi#3_g-b_f(Ur=v9##B6Ps9dQ1)dV~;2c-p0i9h1*`_dNpb;_mJ<>^}6{!
z3XD5PoZdY+I{IpHuv7mllc82=m%Xb~n)9X5zxFoJVtR}!YTB^5h720Su?}y
zhbK1HA(z!!-16jYklNcXE#8x6lLa$?QS1nI|4CbB^H}&%<49dRwfqtqvDeylLja!n
zS7jLb3tnR7?f{8&ryLA)Y8dxq>fBW>@v<$j=qZJ7a|(N;gLHl>Mhb5D=Ub46>n;q}&WU
z%R>rB2Zw@TGj>@oBa=mLTOK=>v~I(vR$JER;MjXhXha)I%1;!{;?=4)NQY@J8JrI>
zCBYMUe3k#&)fQMzIxMBqE3
z;!r>5{!#J~0?FoP9kBq5S*068Pd5dQZ^fX~?ruiaI{^!YWl-2_{S|kUS+5X)J?|_mWZHdBXxQSA8{(R8Fv0H27)DW
z%b+irQ5hl=zvabVIIRH@_seS=Lf}51IjIcW
zhychK1FtE3gvVeI4YI%(84IJ6Ya1h;9}SpT?P&Q{q~;NXul~N&c8CUosRWb5OmH(RuE?pUyB1v+IyHS2T
ze`aA_`R}XnRBBSUOLjOuylI038q;|W_hF`?Hi?OAD^xqI7uXQEGQPfDH*NtbpQc}&
z==;wFzO;6@M20DJ&Yhm2HUB;8$iME)3`J7}g<9?iLBUKF?|Unr5lGbX6pwyz!SI&B
zgqUVnLv>9}{^a@2bWk8rV?S!Yi75jtc8(ZWRq+%Hib>FD#{u}G{_{S+FZTv@7c@7$
z{mUtOxC{&easv`FF`*mt!{c%T^HtMJnPvT-g=~&eNa>q%;~=qMKGsDR2XTrBnzrdp
z9P_EYJ!|4=m30c@dm#$>FvJm94odreTd6laRON(X8xi-ZGH~_!Yxj`sFsV-TQV2>D
zw(a<6bn+y&u11g}ucCse17cPyo0TGWb7F%sLpO&19Y+!ZS>
zU)Ije5(eixpB*B~48`YzTii>6iMAqs-QCjC$UnQwn0XvyU}HP9%nw6yXh`U*6iN4L
zNjZ(o5h#2GSKl5~ourd11U$$cK=6}F-?Dn;8m{5uq3wt@bIz#2YT0zc%3DDKlD@
z*SokV#Q&(uT))XA4SS<@Fd^Te<;!*Ok4;(JxU1zvjr}XTbX`qSF6_~cneLyU$@O-J
z$9OZQ9&DH!IG651x|7%_ev5+@5$UYh{8>_CujWoqxcWjt(r8E7#fS+-MNGI^K={pq
z)SF`EydNLC4mM=iKBrvJSi?)9SO?{0ANl%Ebs&%p~)&m565%5Y$Ee|J0Gqy9~j2MDt|__
z?5j;>YCmq?UM&CJvcHb_9d(5JN?~E)=U%M?_0>+P?1vxY;^^ighD-|PDohRhF>ITI
zMGgH})Lvzm&eKxMB-L1l$eFr3uq%Vek{btaS>K3)`&|R-_4oYz90pa9D+hH;rj{-WfWyI$8$12vHUVD9U+J9MZaupYP
zU`b_sj-_mM;huOM#89sU@iC_>Xcyx?X?_MtgvnOZvI8e6ge#7)El2yYbC&E8#m^Mn
zX76_5hnt&mNNmHjYfMLG%e#ZjYx^d9($%2Oq2F~>C>ZBo-y*$A%6A^!ACs6(+zg0fL6%$o5A>J?y51etz}-MxpFA|qx8uORIp
zSxCxO+GDT1vF+dc-b+*Nl+a`2VW){3OR}Hs8<;hw1?)o8tF-2C-5ZF+o^|$c6Rw5{
zL@=IghM}0MTAk|DJxB-Xpn~kUIzs+z8^`#x*6q{Y+akHz2aWVkL-l|XSo?5Bgj^&p
zR4XJq*lB=jeYN*d;&{mCd!~ek`^@V%(*Oz)Eg|#wfLs8bSW>c{f;WG9hj^&|qeqX_
z4t81jb3KeiXh|L|zMtqx3A4zV96YMX+bx{0uYZ
z$WG9?b#S&xD}G@S0&}3rW)~;`BR9E|9LUYhFf`y0eq2+A-BGnmxquLe3Mfm9On^%cZ0m;QvOacG%iuRyr+7
z`00BX)aE^>@KBiZ?zSpDV6HgvMfv%Nu`yv9oNUj@5`FxbVoyG6;lXL}mxX$N@jD4X!ON)>&$a#b0Qc
zMq~ZqnWf0g*?b_%`X8oEYv-up@If96jm0GbEkkS7LkQb!qP!2k4POXyVrrNyES8Gw
zZ}NkonML
z14W~+M6&278_5`7>dF%`#;=-TxAg&b*r((;=JH^vsT77oDW`CabE4(POBobdRBnm)
z#LOKt%jxRONc!_c&93Vsg$_VjAvc01kaWXVDBt|UYL?}MN927E%kG;_TZA31`jkcW
z7BA7i&Ebya-sGyIX?4bPEA|WNof7UDFtc=BqzUMn)!x!!A#i5Sjt;-^&fv2YJg7FS
zp*XP%uUWh+KzC0tg^M6ev_R!UgWRt3#!@p3N)a2o;*GbFQkKtEdvrre(Sqg7SUhx1
z`bE8s69csN+^V}?w`JEbzGd_lJbphP{2(Vj(EWf1)ohXR3`X!IgWknBt6biXwv|>@
zdW1DnYb9Ro@Rd@T#-{jH>?FUrFS~_RlR7(|%b_d1*q|@s7l`JM{3(6y+S}!87>mh<
zInQCwnWO7LKioSd=3FOZ!xe5&PtQDVsuD-^tC`-DropXW|F>zjtXzm|Ugg#CDFE3BuPJya4ZRf5?mc-T?8%zPv#l
zEg+Xz>{z(1EH;ZIp|x2xz0U|9%+uN`ryvhXswb=^qLfXx8#t)UcJ}A#?xCS=sn#Qs
z9qy%>%iBL!HLWyq%95rXgoIQs%MiuRaPU!4$be4}*)he!;7zIC9y!tin^?X%oW8R+
zof(-pxL(gqHIiBQ-K9?O$d}A0t_SbSK6|>V7cKUSv<_$W&FZHshGVVMK}ta-D$CH0
z1zAVJDT#y1E>MDu?uLkAN%^S+(05{NL-!Z9XJ4LM(1OJS#DG(JxZ*YQcuUL|2fE57
zFm3sP+(m0Cq=M(6kL#Vqlv)!`=9xO{++N`8j8!SS3V#TD*r4&fmjLmXgvzAV7792R
zk&0d$@RZ54oULo|G&|-=YES5FA?w60td-rDJwPU!R{UsayeqY9ezo^EK_e|I{}ZqG
z0E;QnX;&HQKD9a`@Di#-)h!Y_u2`Zi=pRG6Zc!uRNS_fPe}vvWH2H9zuk`1{&gOI?
zA#?&vC(k}q=srquAw7a#f);fO2Y&88I{v-W_tym3+)bGFytczo@@^|(49?TbcRnmp
zdFKZp
zw!)jfNSt(+HS>&EQvWLQ!aFAaIXYUaHM09?gxf)s+^EiUw|AMFt9AW7frF{XvNwT7
zNTVItT+2R6vOQe8>@&$+EOP?m+hISQvBnsuh8>0$mfAXDKa~4)_gsP)Spe`68U=Qt`aC
zj0*POiHCR$nL^klZsQ*A_SnRi{)fj65W>~$wtKrl_<*8wdr>zpBu8syrjy-NYevBm
zy)|{+&RIlwiw3Y+(MWl#H;$r<7ZZPRJ`5h$ZZFW4$
zwDP=W;Q__l<*%B^6o!()2l@ozFjQo6GO^;zeg^GUBQ*zE|uH;eZE2R*kudo
zQkWY$t0$}CVBdcNyf@cfk`3Y@8t~4?*-Z;RjV7t
z&0K2ZV%~mP->S;6qdrtR=V#DRm+$)wY}b;7>vWqa@Xz+oqp2faFRYF5_;&|Vz|DNF
zUB|`;jjSN|5K2A%J^rAZg=nv@UkYpA#wvUpkB4lg%#t>X`J`W{=>-`n5|)ajr}GZ!
zhIpeG=@=WJ)-99%?72n84l89qOD}w}Kx(dj5l`5PJEuQ96JmILr{Rex)d2sX)rvTz
z02_NuYMfV{^^`MN!8byJx4F>Y&J^Mx42@r=$$mEJ8wlH+_pP343G#KF5+25rvAE?Z
zWjRUPaJZf+QBOd%;};PT{)^POc6m$#{lbl4Te8-bA!w2N`j?IDs8z+lvjwy)xeFm-
zxVP}W%eCIdKaw5uakOhl?s;usLTaQd=#}UE!Ll4K!Xs#7c&7L@%YAw&OJuY{pO+c>
zTeawyG$pGzwz$V+>1@SAnYo+BlO2W9X8y3zRpVz7;r{!NiL_b>CWKXF>03Wz&p)~U
z!l{L97~<2~HL`xtU(_zS%*iZ^l$Y|MM|d>{B&JI=>|S<<6{%k}sP2VEw!gNWh%puX
zY0;i*g~$SM0~B}&UA8&aL7LM^6ktR^L0Zvmer9d2tAlN
zfb{w!L!oQ0ZR8gOYJ;m3NVXBhD0tT5`{C@@p#55py3!>@*eTI4Oh4pN9M=#Z?gf~$}?_UfMGzKhrF}Pg^A4h
z`oOu!ah|Mtx7r15J(kFZIk2c`V@t+p*iDLylyBZv0m?ERw6e2b+`{pEj}vfrr5e?S
zE!u7mmxzLCOJHgL`{^HSusa$hglv)ABn!jgzxB2ktI?D`UrtK)`i<}@=oyKa`sgAW
z@+unC(Ig7C3`{W3R<{!P3W7klT3e!H_MG3|-CvI>I*BoEJFiF(x@tgo6?(Sgy4H}j
z?MJK>30@J(uqK&W`f5cK(7rsibZ>D=jS;};i5@t)aM$+YhIv)T>Ohniwn`HYw!ocm
zaCe9as|Glt=q@!|fJly{UfNTyNxQX!-Rb%r@^m_K?&56fk+u1nq#=5~Dr)769d5Ne
zU|fXSu-U?iunW=6!Lzq)l_ZTAi5ndB^H?`1KFH4B$KPL{+ijD%A;W?L$8c3MT-#?0
zBT^9Lm^E|f@$R+0gS8j_kG0D(*QMYTIHe{?nex
zykR34X%M;iz2e1pthmXqpypypiXd<8f`#F;$II1mxzNc%^(ARBE3$ZIF~oyBUrT*GQ)swWl=Ki`_BxPG&KbotDdyMf`)QPM)Er;c^w
zYcIufk?6bGjRr}f=+YC&z}1*}dS_mDG*V8l*?=ARVh(R*(n>BgYXWB|BUZ_I>EUZ$
z(Ly$IlH1~6JjhFW%jUM)FNT-!mm(8y!ZHOdw?Du>?Owaf67fcDVl#i+dZXBDaiWRa
zubpP#oibOwc-AR3pFw*oCwi2!>CE)1k><^*jjNm6{48~E%c;=2
zQ`BE}ZFhGLmh4AOSR(rk-8a$BuJ2pbwTQk?Ar*jz2B*_~+J@er^9VJO6Z{WwnkL1t
zv*lZg)6Q8fqZMRV3{u=D$Vc(nff!z6Kbu3n_NHc;CZ_L7aD|y7a@(LV?>^02&G_x7B7cD|W
zeF}_97%4k5Z$>f8vy~VcUSH8R6$H&?Zkkarz}y(HcU9m)jzL9gy{;YB_0b2GRzKrF
zMpOn(`4VfOb69O#4%q~r$m1UeLvKX}
z>_jd?xg(eUXc6+=BABEMTHG&H)W#P()XTmX*fFAEeiq~b(nVqFQsj`H$zqkLV$hFE
zwtt6I#q3Jjci1XCl~WISKfpf;ndPD$r9ip#%`?W;8%@VEY!5^{7j0HD_P-Q{D7xl(
zR17Ak<@G+J>?IXOP=_bDMVKNpH`v_pNifuj-5n_>vX*Uv6zUTh50}BC!i;?bbHlYp?H3yVLB*8aElMgXE-*=QAQYnXy?>e3
zxy%P>^z{awc7@zf(vS=_U4&SFJ9482#^dE;vchs46;ImJc6B$TYk;Tcpb4dnb;K{l
zo#l@aw`J?Si>AvhMP}(qLffV_3Qq;Sgpo?~icB_JEwa
zQYhNUtJoSXm)Jt}{t=o;HX3BrNMvx>6Wk4-x9Bk)fUmpxt&jv?!+#vdB>Y!e@uJbc
zS#Hk0bG`nbIT#tvjnD6VJ**N|r`mW@OVCew@gh>$8K9%<*>x>L*}BpSiH|zM*fZr&
zes2ntW(|jndc2O><($6!Pl+$(wn1{Ni$EMd1M?;tn{w#l`X4I))KkJHR>70YIEb_c
zJv&bJTT^=lh(Gqf5Nl1R@K)w;0m$_2C(_3J3*tnP?b90EK7@0F@1kick<)v&beBT?8dtUM0{IAb{
zgfT$LjeizsJHGti8Dh}?Nk;u&2_pa0S^v*DC;!)^l+%z(j@3&nYn(ZZ9p^d4)v-I5
z%Y8Ml>8X4a(t^nvzN0aQTX}e8oM??^IEI8Y0`1Jr=lDHIwY~)IHz(!waxy6htIV6uM5mcvKdOT#GI#{
zuYr^g8$F|61gQ9J>^D9{B-rKmgSd#QX8Hfr3(8)*2lF%m63!K=ml<>m{ujyi&)Wad
zbf2Epq*&TY$km$anBTh>C25qk#E%@0K<_lT4@--w_>T0Liqnj2HwTK%YA`usZy-wAdF&?v{M9oNn}mFSW;ULWQ7r#3P1sp<
z5Edy@1%{0JgKF&=p>g9yJdLf?qC|3@!Sqz)jk#;W(dFQi{mxn!T-4V$PZ@^|mJuD|(tifk$@(NlUs_n+V)N=!i7
zQcdR(v8^D*oBQp;F-q6vZZ1MR}j9_#Hg
z=6x4cKcrk=&u5IY`-gtqNsmkockbX9%T*4@l=}gGWcZKF(u&l;)c(7AMm?fM?|YB(
z)+;z|B$*?OHvJeJX;VPb&7mHaAl*-vDeRG{f%&8(kV)@mQGZiHzn=K$e!;G0N7`Hh
zT2>JiMY6QErVk$`AMB1w9M#XU&zZ#SLQ^9q@CpLGDJT549}~)#CEl8zYB=^5UHOhg
zo1m#2_?}gxb)0B=F=d*O58ccF4CaO}@jnQUtNdUHaQ;;I>!9pO@x-zUdxc>
zj&7Uwwz!$JWV{l*wUb3tm-?&y{=fFlGpwntYu8xWii(QBmTCp*Dxp_F
zM5Rjah)9jpP(z7|fPlbOngl`-2%Si;0W5&D&v(T;k-EaBM`L6Th
z{5W6!u`aHaxmM;{bB;0Y=NV)E%eBwtc%;>@4d@)xlos@$o)K;{a{A1efMAh$JQZB~
zM9FV==2$0QpebfUuFx
zVO%Z=gfk=G`iI&muX>`{ZiaUBa3eWSGnt0-hIPLhR$c7oH&fKse5d
z>DJ7#-U$xe+&^=5y_DY8YG!zOI7W7k&HTU|$B|0-yE(&Qvyaw1fhAbDP|q;@FnGHw
z_N#WSkKI)6*We%!$Zy#;nVeO@#bR`zz&XO_)2k)@crpi;v7@wxTz1!aggY2q^?J)z
z!WP_OcEb&yz%4|lhdhJG%+W)>^+7s2=sbNcjLsdjASu`k016y3BaHT_O_9&gWv+Iz
zfZgJ_R5_mljtb1e7A#FwqgG=9QqN-xPEIyc{=32a0f@*IIoJB##!G>R8#Z4CHleYx=#VLo7j&x;Y{}<(6XSm(M2=@M
z`y6WYyU`*jcw4{z8Lo9rh+hq?JI0Zax}u<*R8$L(*btI9-4+{Lfr_DEOo2^0l^o)beFtDws&kT>gm?YT2OXj*N|O#M=2Z|^TQkTgM^CUpq
zoI>2{qQ>A$$gmta7_CG(N}a#g+TlI8yGm*&!FPW%$1EpOR
zw~!}}L(k=+*tt7|L
zZn6b;?VZnt+y|0@X3#;akX}yNg}PSCTkW%dxbL60vi`i&#fNbKkO~ffBxww
ze=M`5`N(UN;Ib)T?{07Ojr{!l<&zJGWj4nkq%-aZC0?@e3Gjn__pi{Fv(5q}SUvT(
za}f_E;`ly(+UZ?>Q4jFfa7XDVy2rRnhgrKFqszdKM#PIqJI&OOC+*E18Tz-!ZK|eD
zev#F-kTFoRdqR#(sJf|9gRFk(gL8S&kv>fpS%Ne1tK2{-8R|^XnJnwUFNva;&l>oV@ksTUSVLG^?CQr7x`Q`
z_@Ex+hT*-?O~;h_*KyMyZKvFNcEe}aCze{kK^IkF7c2aVR7QYxqa$4<6La^X9xx}8hx9rH-U^scCyI&U002U
z#%t9CI!%f?Xe&Q>d$ltzK|`^+RowLQg|7%h}kgFa2#&dBXI!?(+RVVsmp^!EAS8gyuHE*c?|
zK2IeTysutaQm2(cJivu_+Qo>?T*I)TH0A
zH+9D!AztPQX%60|o*8G~RA{ZTNu+j;@t*oTVf$Y3kae3tgF%J1)1*{S<;n+Zqbz!j
zZAtyI?51LaMv`bWc=1tdw|se5kt*4q%U>%u^vGkuB_t)An~Ehrg?
zIpXu&uH<-(k#sWoNe%I-t>#zSji~Z*vxy(jT%HCd3F>F3^~SkUZ`%OxhSlD
zx>z?8BM0(deb^0`=yV~-JN0MRP`CE0>*+fIvnTA;u%_9DZ1>Y=EKUQItXh(G#j*V9
z%I%1r&K2&Wq3cQpbAsJ2-LoR;DOClliN@{lhsO7v6~iy1*+%lpF5@!u`VfflT?LWPxgV9YddEPIXra>I&3xb`uT^LixGcPQtn@;Zfuq|
zG>mbJ2?;^MC0%ee#EaQoC>&DY1!4_eGPr?L$?*A=b
zQH+<)43*wHXpl@@HRe3Y+1pp96G8O=@f1oExVn$v<5HWA0xMR8PTT>q3C_?bA5OWj
zk(dtxKqZSY9^RgHiWAVIJ;?G8c}rtvo4HS0b0lX^XI69kOen-@FdT3B
zrI49D{kTqL9-yf*f3R{4C%(tK1%pK`-*D8q#qHcfkHc&_F6xU8o$3CI({sG_+uubd
zy2cZo)WTuR2=YLBu+to%sJGqkhWh4EXgkbIN-a3`*YKrl5B`1l04CpX7Kl_CPX2>F
z<^MkY@Z${Ln(h453qD*ibZJU}PZ!I7%&q-f+?;<+mjC9n3BjM*8g0>ipfkU?r0<9x
z$ZZew2V^@E=%Js9hrv9Cf5TH|B@ViE-QXn;m5nRAy1I|2}S
z?_czK`{l=Bf6sa(4+WG4Un{IOqg@)>BOo1C(lyo==OsAM_J05*9(+&alyMgsmekBN
z#@eal86|(R=6s@)Z?sZq=Z)(`-QRPbUK#Uj!rR64^R*u4Kp3Y|iY0cnal*S$>t#HRUeaYJl
zJ&`(XOO#4z4A05Y2khlg4}g?45FzX;rcOVboxf8C+0R{+3FkkK${zLl
zmssPmSz4~NW~?Talw6A-i(3
z!E`yN;Hi#8&19QKR0>saa);sYRNfGP-~gfw!?WKnPMnCntRkjj^X1b^=yWLi(wWDA
zn6V@5
z@DY8Sb;F}iHYaGZRdZmc*Dc1xrC9Ur!h;iK6-9U^alE=dmf=Bvo4>?c*RA5h7{ci$6i|fUeS9e6
z+t-klN~~4k9)pW8p4{6VzPTs<1X}|jiV^`EkDiLTgGQ5bYimCYw(ZdE_OFPO-gKvo
z+qWlNf8ra{{{}JrWw-{3Eq1C?>~_&3NxCfiTFvseQhoBTWFc_4_7|y!8|ynZ_C*AC
z<>H)J^PGs?SY2-s+?x;jtM^`VA8@Y_f45OwJ<$)C5f!z^@dKpD-rcC!X$HS9@%S9U
zU#FECcgR|wWv5q_c~pR59piOW;(l2_LCYPL>#cM9fP{D`xFByq!p6YKd5#fNT
z%zVV!c`)l@ZK}5qm$K~?<0OSV_j5oPxs?XTsrBTk6lvx>DLXYYM7{E%dXkq5_cA$F
zP&j>?a;v3>a+X0DlZ;S@wMuRi3e@=lPOzRiNMiQIn8}kOq4gHN&TI*e)ys^yb<1|BbQdZ{*@a1Jg)
zSf<}4BmMxHLfw=3HVSs@FrQg{7t$){7Wx<&{Up*V0~>pOuI#Ea0!fQ$wcQa5>qE@r
zrF;V*)59lPE-r}8SG_;)vp8>yvEdWq_ZRDBP{{{22oh*5qfDN(wX(<#(xqM#OBsE)
zVynU&CI@E~`Wcr7x}c@IMp`82=koD}SiTZ-^OWPZcT;D9fw3=}Wl34oj5JKC5xs?bEc-0LFN^|LZ=5F{J9;vEK_r@tqB7
z1TzJPi5D#tsC0c&c|%fIkAT5~E37U&Y%HCZiF-Cj5HS5?f&#udX+hotsmBG+KgufM
z@_h8w+{CsMHhp1nYV+6$ed-FA+(7nq
zckl%U8uWYI5EDa=hvcLV5)CCla}ry>ilf_)G!*)v-3-0{Af~^=<+0D1BFaq~tlBEY-sp5eRoA_V
zCqf|dx*>EriT}#VMt#M+tw7L6GX;;FazNV!wOKb)=vA5?ot0bD^r^Csx5~>+3P9m)
zvRKj(_cFAG!`UpRa-aS&`0utkHQOF+1CM{@=Oj$Lq9!OA!pqBO7B(u5LBZI$sAb_G^yC3
zn_Oopp>j4?!WeIrEIXMjx?687m#BogeHJU*iIc`VkE$QomVq!GopF`Wwbo?rNr&y$
zB357fhlYCTvRLt7$q6+e*uN80gw0yZrt9Ue4T!DHR_n#%77ia@p4Vh=$PVST2c9xF
z-8!2p1dT&R0
z=M*%h;*8yk6y!T|FD;olAYabES!J8V<;scNyKU!Ljn
z|87K~Xe^X`Yf8zGgw?1WfDLPW$c1W!Mk#(uszVeHr1+a_czKqyESX$Ry~;^De6WdW
z=!yW&CRkPv=j0QXMG@eaqbDvhHAR%a{EEhJd8qCL9?ZxG|Iqo&9)Fw_A`q)tYoHIf
z1pJg}_Rd4y6fXiU8U8__Bv$$CiE4K6$ZWrOE%2V@-u=?WX;{?91o3J=n=fd7YJPOo
z!hGIJ$u@=MvUWWd_ptDa15ltgS&CT+b}!~xfIXBYUh7U3tDC>T4e7d8_w_wfZO%PM
zgB@YcPCK93v(N=e
zB@G%%O|*k<){4=^0pw96m*++xCb_w5NkzoMIv-k!4
z3IIOHoL6B@WofB-C*$uG?$$`*TV2OmtEaMj`ULm~vQn^3yR0(qQ_9&D6`)nhT)Mg<
zCOF)CD5X63;^aX!4}L*+=0~`u6V*ftp`t>68nrEfbp;
z#bU)f(RMGjCipVw%K`m1v8H5nV4LXH4NO{Xgrl%
zKTrDcbWy{kV7cH+ZzxV=M6q)??qFn5({zVGLr)j%2`BdPp)QUR63Ma5y
z?jcr-qPD2Jsq=UuVc!NN=PW;>hzaWE7Y9-oM8&JZz8fIqDS_O=E~=fq$ZJ4XhF}KC
z>fk`sri87#7!CU+S~k<%w?4Z{FJ6)0q|obzMZtzu=PV?&tnGRRNk~ZkpS)MG
zV_n#>`J5>A#>{@U2=*zX^D}ytlm1D&LgWYI+u>Cl^m;D4v@asgldy_yDVSEZ3?A*R
zrXv2%R&IV#Exs}}dsoA?Nu9DGS*c(`z
z_Dja~!~Ef*(BA7r`T5V1y?0mrN}~pu@VLaX9+3Yyar_QA$8Q)Rn1n#agDcZSwZ
z1J3Y3=<4L;*`0EvaqoDq7buy!#uqj|HfABmhAN%R-K1~O$7A;WCiFAxK5j2tYO!r*
z4YNd+2ftb_0qpvE&w$!{%}u8yI0EJmoeciPbbR;KfZrz*3if|D?K@`yH<$-x+Q1hn
z5A;7&5qt987XzNghy9U(==A~&@b|{?ui!)5%`Ppjd-*>#=CrFsvrK!h_C$h9-tl20lsu_dRL`d!v&TSVqWK#1+b3*V@30kM;J^72hf>$+AqzVG9a
zmVY+Em;YUt%_%swH^SyqD)TOHuCKHknrX+ZZj7F7uc<^KhK5cU4((4ddjLb1#I`Mh
zY%Zv$ONSJE*$Ku@COWI%g-7KK)Kp}@JBuc*J%48?!dDI
z4ozHG3Hl-gsU5HGW=Zuu0gNCc|J<6S9fHqs_iTHLOp-7nD|EE>3D{Xb!J7tX#N)El
zDgc@AnI*ka#9I87mE=Pl(4a)JrVez)M(|3cb)n>SPtW+FeoiTTKVyBWasHNU{s9Q+
z+6V2t;{NNy`Hr!OJ+pz{?32)xnl+CEDG25^7~Cez;yRv@oMD%k_L{%i$@2kuIuuLk
zjzqizIcaa~sM>6_#K6Jv17`TXqp5Ed#f{6TFDsB7z=@O{Jv!ew|MV#hU+0U0QLb
z1a|zyNDk+l?pVMJ3KCy67SLFW^mWA*m<%|S@6!4&ZF+AP%x~Y<>G{?Zo&QL&x8~P_
zJ(Z}&u-Fmc4;#Xr#d}Q+h<%4y;FZ!==+^Y&7*nMRNWrc7;-BvZ$H7djjmqp-i-Bh&
zhc%?0L9uI4n|^t*YZiQ`enYuvxl3Yk+wUavFe+||@n2^#7zFJ;CztCCykK(yI
zNu81l!f*znl#P#E^y<^Xg|{6R;*X$?8%gRZ?7l#JHad~gEkC#JdKIBBGf;^(cK=M&
z9Dd#`f##E^q9%?D4Se*e`(Q9-%L-f=BJm>-=6
z{1^iSk<#;~ZKit%;g^8S=+vjH=(qf1`1+D1vxbk{3?Q!R*`bk!4^6yH=8}7ek6d)G
zhmue%R(&D%>bAqEgU`};%Z2ckF+E`?6cOpLStq@(B=m1dw8z`CRSgAE!vOYlIwdwH
zVA0sDG4l;{=REl>S1~n|!<3A5kZ{pTM9BWIfw;3L{}-ApIqAxT74GdNa&CBr{0lO{
zzz`kvcXWZB!QD@GeW>?oAe#G8WQ~{(1QMRFllu`v5TsU)k2wnmC+FKlOyKc0NE*q&
zi0nE2YO)Yp)VAL9d3^akP#t0L7FrH)Ny#^IEL$9YJL=s^$nP~>hWXOGZ6}G!5JC-H
zMqg68v+8h_p;P$?@b+7;W*6pvy1As|*GM-*+T9%^H@F=Cj@`(TZD;iZli4PZ$&Gqk
zD}ZV@sKS{2`><6YB~iGfsy$=}pZ(PwBjphk~cj
z)syDi+8uX%mTjJA+y(64UT}5*_HWZbx0HxL+B)`SSy|ctZp(F)VGxm3YJuA@$^A5P
znMyLaR0eB*eLJbGD!KF%I2KLVAzmZ;leq(|qh65YMLuh}L}>y)YggSswckuBsaF3b
zw)JD;Whi96@@4g{nCON8y6VdW)o{Rf;zXO9tfE^RmpM|c?nOipD(Ks!J{iHo;_re&
zcr~q*dcL>BCdW`?sQ4mXN$J^JYwHaQk&`f##q$JJ`~_6)OavKSc3IYCQ>f7*lH~hf
zl+d_&-;{L>dpAZSp(g_3xAHE1Bi3cCqRIMQkY?b@5fsa&{KaM3Xp_cTZOqY?PSe~1
z7shm=hO`kiseuq}?0>9~^5PO6HRW0FHsR$ip9gQc(L3G1NPk^Jg^U(o{1A$@
znIB2IZe@IovcVnVGpqzT4J$Yo)uzN~DK-Fm$k}6jbJiQj&JT<}KwGsb{3a7f>MK;d
z#QeUP*0tGXS*=>7uOVUhkJYi5!s+5{&5Wp_JZKX7l3g&DH|$)VU(ww}g3L^%^s>ZM
zkYxD*Zq-p_+cNdUQIK~D!R@~6(yDVPCqdy^#F0iNM~^D=&L7aieul*`G+W6zcfEMo
ztLiLDpJF84I*sil&>QdqV#9h}$wDDz)aT^~kQ9?EeN%*A4jh5v)GC5zdVA
zbz!dFPjVf3Gzq)hmeVo!F+Y9tWZRPM81wTF@%gDE#Mz=qDt#+d
z@aDA-h%T7a@Z7GMQk=`1f3Zm4jc8kZnn2+1!*PAMbb6zc_DD26`vRSwA_~|S(AcPr
zXx{S;z$h$gH>9yUZn|PC=f7xvE$(RsbJ;@6%Vut0_|pK2OWvHX?YojiBOHXWd_5WvzXVk-1j(f6z>uyM$U^(i;TEmKWX;ggW
zz6^V3%K_r>1#P1z2rsv`vOxPKwp-GxzDsK~oz!?Mt
z8Fil{g~n!qJEXPmFEA&wtQU{e;`9w-$P@a*3hQPVM
zTor+h-hbp~elAG=kjr$;vw!wC_o+qIa{KPV!cEHJ>onK7!LA)&r6DakT8Dl`s2ZZn
zGN~nFq_bnJah&eNB*$p@mwy=99=ORWZk0css#Fmc7&xUS*kkm5rSmurb0cV^-XYeC
zM!OKrBZtA{Cllg)PWmywJkppGCpRKs@E0ewH%cJI86C6d^Ej*odBL0`iD(X(m-Yd^
zA&>dL&`llBExKI@Vb8l?jo2fF9z$=fy}X??*my!tqBvMER9d9|(t@%7<7
zznCw-RpO;hRhN5=5v>D+Adttnnby+K7^Znzqc4LltHqAXuY0w@JK2AS?#jP6lv^))
zqh8Nw>yqQ(do8=X$e;EJn!iLvYcGnJ${JbL%V#^JHQiHM={FUxk|ic46^8p9di@SAfg%
zS$)FVmGpKQ9L9Mo`!)nHYsI;O14Z#TvlQN~(p_(TA+-E-Tixy%hly{KeOVZYBKJ$@
zVc^mjH~>!Nm2AoA5udJ2cvTS93SH?R)$04ohhPuhdQ}Cla70h|uWMIYdSY}6|X*3hN
z4bR~r*YWK}NSB^YFHL(9ZPy#IScF>JSw%w~DU%g7AN`k;7(p(5lU_lJ-F-khy4UX%
z^j@EXT*Z7&5+GL1HwWcg6$pvCg4>u9zLz*-bZ@1c$*EY%+DA*RJrpYF6r3j7U}5%c
zSu*)|vnqeYD$pIS%T-`PKdZr|f>-=TNY7nEavV<3_KV}X(pw8k@coj(BthzX|0^^V
z`W1*3{lz{GXz)OBbZXTWeGMZez~R}K&kC1`RixsbXP=E4vy=M7>lLxZ_{KqpyZ7c|
z`Z>jxu$(z<^Qp^9{qqB{hJDr>i(&MaRSoo7MFqz+?!GjUbnv$lzU`2`)V9hKVBU>A
zLR~EEDg=S)R~5by_dUUlo{`vu5F0IV9?F8B7Kp_w$AH>9W!74To}Fio63R9ncCs~1
zt||`F;&`23&LWN)zg5kP96cLD$en*Um$_y=6k1fpA-{gl4k+HKUJsamn!@hrVCh>o
z^g4dW(ikO|A*Qd>o0Zfe1z8U4FU2&qEo_^+kO@(ZS#e$aH&f{OtvfB06vXQ{6>cZy
zli7D|?DqznsWPwjg7j&zSc15YiDHSrXFBWD>2v+wUWYhbg}=t5*U6X3@$s(79Airo
zE+bWj#KgNHV)M&4rw?KzWkGS0yOp0X?(xBIXc$%ept9;bij<{z@6LV0%7rXE1iOg9
z@*1QwBZ)YRfMPcm!-_JK0mWAs`T7J5EfKNc*HmF4yOm?Fu+7d5aR7|HHtn656eu$@
zsWZFLiW*MHLNOp4#08A=oaS%n=cU}H60t@LM#zxuht)%ilUl|T8>bV3jS4;&GgW+6
zsF%)(yUutQ=I5EX>)!vHX;fiv3=`Ay_9
z{rbrMg4;zm<*ea_hx))lOqK39SytXFkd4t%>*~d_e4zn_s0|__q-~*#%_q?oN3~uo
zhsjwPGs_wJ`YPU2#n93cqouX75O(Y*WK7v5>9^c=U}{i%osY-6VsX5(iquxh+!hR5
zJC~NBxm^m}a^;J+=3CC+zPJ54cU`&K61tcav`+47i;T}bDLM2Ex-qrV{a&Tm
zlFZ00-5Vb;Ux>EvhUb4*;UW^17#{lpPLn?&R~5IdlTc2c%xe2zK`+Rlb}+F2#Qv4@
z*WXopc{0k)CQFb#XrIg8ISi*^?GRdiy6@6ZtX2}_#i!KrM%Fx(Q7aq
zCGtxAr&VaL?(Avq8t$}@C&u1S+Su%s=8W!P1Qo7b9l{iHdTsp1a69a;IJsAsKZ)U&
zCi;AQ=4O|XndHrRhndi`Ik;NS7{acoPN9;pw>=1G
zr^d3jRUurtKJ0jI5BL1=2B4=iUOHylB_S8zvuXE^ulZV{=U3qCN_N|WqH3%iQI(%d
zqCj7Eqwm&!(WY(W=OU)H?YNB#PS*qKXq&y*8gzQn$PBVj9=kytYe}CE6-jsOD(B6M
zweG}|4P2V$gsTaI$LQPZ%w8G=pfB(Zj8}jN(HT47yS9izcrR~1De*K0
zDZBz&U9Sw(DrLz?A-7po4%fuZhP(PkYynKs2h=)J;KfW(_}oVS*QCe>N=~SmAH*6l
z^Jpb?pY3|rtZ%pxaLpuFx&NGgfD9nA!)+gD~aKf1p8;MCP?yO)CX06ZC=OkX@t`Ovxx2
zZAPT<`WJ?Uus9lj(MXEzof2OvI@;K4>{8MP<_kth=NU
zD;jJWYhh5(fM?Ik=t{PyMSzbTpPaeBi{~0usTfOa
zaxJ_prQQ1`7G1oLq4$qHCI79@>2)?YN|B^(vtm3goDd_gQD35qJ%nHRi|AQ!x)Wc+2d@ARGE
zzls`&-)99`D6uT7>=n+i4FIa&%6lV~Rja@2wQdU=_}r6YG^uni%R4fSH@<*L|HOP>
zL#)^GczT@#x^ak;o^v5*z6&EVC}Rkve`o?%iqmO&{Gr@CdgVN{C_Gc8QtEoZivM)4
zk;8_g5V}g)e?xZsW=m9?`;UJwXIePdqFYazK|6S|g#b-vedhP2jzRb7Q
zl4FKKRhzPEI@;(IgO&K(4!c_i5ev`8hG1VgmbC-u8bKRwZNx>J+{I-Kzw@Ws$$_#{
zxiaTvEpXP9jIdxg1o9YW_(cw};+qaUeZ;PJKz4U*n2ZsTLr&a>l);QDu2|J=HH}gT_xRTI&6fc9=@0lHt!O(mmFAu&9C~LU{cB3S8@H
z+H#?|sgZpQuYfXg3>ScmdBg&%HPEs#7Wi?2&p+DquRlj(_KvwfJOw2l`N50C04uMA
zGmF)cItKU~V3h^8>6*94SOOtxg|E)e@g!XZNLN?s0fuv@s)Y-lOr2kC>$WXB|84kO
zv3a%6FH;Ly6Sm~cOjlD7eO$+T0Jbuq)X_oW8hm!7;a4czMz*ra94?`RoZynaKbOI$
zIYk)u2Glryi`TQO2vKrjt*w*9i?k?RV$fD3P+!J5lJ_PW1
zcl!16WZgOT%eI$-bULcV%El(cwjSh4!Cz
z6tjOY`MdG{Q!!Lb?tX1}^M;~^aBT!bUYxxft})zD;fS}D2wQuLEQ?9nx7KNy>Q$G2
z+OXdX+cNb}8tdL4uD%V@4}AzwvQ3S#kHF0znb0LHj95|#H?&P8VLrf=>k>?@-g9o=
z7)9=TYx})G2;LKaZxO$
z59U?hYTX#+rQY)1gQ7e}7sJVhsU%6@m*<+4X=cc;zNVH~%5GlTZna9k7yxko8lfzh
zm1^y1qk4%s#H6RrmtvU|ll9#Wn4^%Td&i+W$$d{+Fb5P%m
zmT>POhwtEm?w%RM3}tjrazd5)$5+*t0^K_-r_-6L(&uYG*K|(ogi|Dtxw!dY%cISA
zHkG~PP!?Df6Qjk3;z!r^AA5CVy}#y8C)CsNPsffUb`!5dy?)BcI)oKpu)UkWoyml;
zQ!lB7<@=&XpHTZ?&}EvB5OuGtocysp^RVE)wS$)8rIKd55B2ULUHg4o$B}d|_X-ke
z-6YVF_9QS&Xq)7-U$imCV2CZJ_Gm>(wL^th2T12pg**H6iPp`K2~)T9DJVPfbNJp?
zUeyQ&%1L4brog)$=lwI;d&r-H4me3mJR6g%&_8luFTi+Eu97lVue*FWGm&&?bP~%i
z5^7|*yb}tk(@(4ES$%Lk-TTp7RZ?BH?>pO^@c}Vo=EpZ(#d8@pSB9wa@{d>2GCi_+
z0eN>_TwOhPHWoBSZqVOD=_GC+FZKT|EVjXan<@_t-7R(8+Puek`gjsFERp+xX3WtA
zzo^eannTn1BWT%SA6U#dtRzc=`bHwch&_KzxUs%1*ORf~PhsyrBetM_XxgyxJ4v?0
z4bhhZ;sY-w!aa%;t%i3-idd@3S3l)Kn47wK*lhb1bw{yS+9q?t&$wvJZJkLGoRD(K
zWlfE;zy&@@e35SS0^<4r2%?1FR~97^+uM+@>tMyIq@lvKITVZ0pu#M*?6Cd40@c*i
zhL1SuEN4RLwj5>19+_y1SWr!Ilh&Fr%}getFO+=TV!&JSFA3*N?G%fJGgZX@x(`k_
z3WO`2A&y5KK0Z|KtncdLGODIuNhBNJ_(LSOkR^F
z1W2&c8`?O#zXBD;I&%WQMJhqh-`1U93am~O
zUi9yfg+56>Ytn3*?utM@Kq~%eCnz^jIIvKaC8sdFWT^Gm!jqIuwLSmrXGbfsgZN(
zrBAS7;TVm2m7k?W!SyXC0FmuwM(OgMU0vl$o7>Nc70x4-;B^rMFp{%L{|Fqz)@#4Z
z{0@<23{9<%f7~R^d|xvbg_SuJ9&rp^xesNK*5}$N9sA|_AAZ(vhbh*N`Uuf<_VwWK
zy|kVcw+_$2Z71aPj_bQV+ZPOtR$@1qIFk#q>zcIVu6973QMo_UgN+i{+J*S1hYjB9w{h4pJP}+S_80~T;
z#o<|-M`?Vxj(*GLR*=??PAYEF^iRk2cdLs*i2V!wMLkvctxQ;OL_&84$}-}5{JJg2
z^Q{W%J*p}DiME%|)9XsPV|M9vtOu$sQ-?w!L*~s!SyrQdGvE%V#gh7R-$K=Q{evNg
z0C{iAu5XUOCzTfz)^ZRv;o%D+E5z}=Ed_NVUwnpem1`wmfOkdU`iCnm#g%+;snLu`
zxW#x+@m`frTf~z#F#iTYX*irMfsN=8!7>-)p^fsjJslCm(L4GU5R@{x0<@DmzeRIq
zQ6}w=LtzgApGO<-c5P(7J;RT$%eBQS+Q}B|UxYt=={QWPG|-(Z-pW+>X@*JM67uZC
zUa{_?^b|M_e$lA;IDWtX?+g$4QV^w{^g3R~!KZJ^h}eKM##aZTtM=JI+ud;~_}HnP
z)qvD++XVqhi8G*KoEQ|^b40bSDDZrFT>7EQ%zRyfDE#%R_6;GqVdph3j!z+xZ)Ei_
z=32RPykg74CR)OPMN_YOb28$@4VHL0%)|PV)eZ-^jSqSF<`yR${HZ83{a6Gup^!cQ
zGl3f|Ur8RBh&_sXz=?5`F5%A#%*-J}vM8BPtJhx6hd-*&3NRt-)NM799%OB*>+x&U
z*y0iOVoSz4oIs6Y6`TP218QqOtc~%gv*qkqN%+J=NUzh}66c5dr`7s?he7jUxjuu@
z#vS}@Pby?zqi6ob
zs<&IL{Eea+#kkn4cdqg#%W=pXiT|d*_-$p|#!Uj=@Z>M_Qf8Aup`2Oj&21Sxdha+8rJ}Y1-qCVPzgbpU2@B5WPc=Q@3d@B|m#&0RVlu
z>QRAM@}%$P@>6y-4mU2YaP3;aOBln;j)a{()c5ihWazXs4lTinN=sUB5eb6zHa%{e
z%{)ppVWYzC@c;+it>dgXH7!fF%r|JUa#}hiFY$T!DTkRXrSgshTd#J-qPc`I8!EJp
z+0(B!#-i8~yLm_GKc72N{2#3hh$(MsqtNipDDTY2$@|uV)AL1l%`Klu3l+NS6zaFH
zTY$#HM<&B=KkLXZmTK8Zsp-xwP;!E=KBImri(XzEaRw>?^3-I=xDkHbgO%}e
zFJ7bS*5il=&8z!=RM6!{LZto_^(>xCxq8>MBa6zpCM!dlIpSF0kQM)&czZ?6fc^?B
zuVHP6_8Ckg(ARfSh$iKpm`2rwcIkt}87yd7`+RZTMiY4adX%5^BBstOl~IQ&w^wHEcPp9|%~10oC9^G9aLAuP1S
zdJ5UkyymBB!D4+ev$-lN31=!aZoFz|AF*1fjVbUm)ET*}A)2yEc+Bt_)A>br2;&u$
zYD)V2*3fi&?z}@p>^W78P-cETy4X|3(lb25>^?8_(>wC@ZyUv!@H2B}mz43C%4$lU
z!+lqh>2jGO)c`+;7rP8yOq(CM)kIvsFj^?Sw2n(JE4Je~0k|`j_D4_{|0%AK`WIKQ
zYKrgaGrK>z@O#ACDXdVTWp_ZE2k@mbX#KSF4pw9h|o-Go0p($72`j`mb2UB1HH(EUbs8mOapfPWN2bB~$ddf*w)zu>B%
zQ=+C)0zZGtl!rsjV4g3u3s5bYyW<<-gC=Sf&u`nwC$zLc>iBBwcIq{~Z-_@Z{37nD
zoAp=;vau7oa>1=lIq=CXErxeKmyY24{rzS6aoReYT!18+k4cL|df)Lp
zn^C;k>xud)k#&n=Lv>$&@!YELbn;0oJjaopOI#79D3&ExYRL@^ww(WPoZFov{QbZH
zoe@cs?!HIxZ};R<)#UXv(9&}sW&}agl2k^_5hr$@BP8tQh1{V*yT`?5%FF4=UUIcU
zL&d!TsJ7uB9Hp5IGGp(IC&PIPI+i!OH_cGFRwzTy9}^vHeD()B>js!6&w#b}Fi$NW
zAh#@G9^aRE&seic3cSqq0W0P5%iFt?cEqE2eVNC#Vxd>p4tmJLP`v@q-n)C`=KKJ=
z@C@v1v&ZEI->IsM6}8UVj)|<1l9QD_8I?Iu%{*yIeH?{p(6jX9aW#W_v5zm)@p(J7
zJ2HgWiIkCf(c3>|@G4h~#G8K-$^+c(%i_k+RU0q1u<&Z4y~a%UwQP<}S%>rqv!ukm
z5I-v695N+C>;7?T`QhmUD^Q%N`?^(HC7%fl?*r{c!#
z;!@67{kh8guK>CUufz-bRbwt~1pq`ZkQOWxORzT%S7P^6UM=*!OM)jDMKxM=u1OJ#Sv4-qF=~s^)B0TSTDzXB;UpE
z@yN#N^d+RK32X6h%f;x)hKpn??|p3bvxe~&-QWml+Srd0Z?Sr&G^GyWc_Z&aOzxY+
zCGy1sw{o0Lic)YBxRzh(vIwm6zYV%dUuW
zyau|WAmYis1Ti+G2lC?(@1%6LQ^Hx(=Ggs2u|UoYXQ+CHk9v%MW|EHZ*hC`cW
z!gx+TGxk6>Ra8DOY5G&X0oJtQ=*m%6sIsbMc8GGsHo=ETE0ybba4|O0R>Mx!8~Oq=oc(zxxiV9Xct-u=s0*oTYGk2#N>h8D&}H(TN>hPsWSNmy
zKEtAvzqZc)V&l-4e+E-`O_frQ0P<{sDr;02h5z5|P_NJ{IVT%C;8>hh^wWgv10{6@W}EI;55lsoi{-8Ko(%Gyg=
z{^syWWiCliirFq>$T>9KGxDnaxltg|_f=kodXJwg@JKM`KqD{>#k|g$!uzt{@#Zam
z3`k>pdSmSi?TTsTqt|u*F3#%S<)XAn?bf$h;tuSh8A(`?E1JFf0=r(er`}N&&~vdC
zpI)~W=^*W~)4k~}E;~@x;Zu!-uMZq1YL(z9)#d3%dkufV9o#XLrj`fB;RZ4M2tUO>
zO^c&wzSBI_rB9WWD~&@3;|q6&=+befzPV^03$O4jA3tC=#Texkl)$`RF1nFP4N>p}
zJGHox92XCF_xndx@i#B+@JG*uq%q3x2F$x)J=YRcR^g07pB=m?g#9x5bJ78C1%WqN
zQ~1Rk^*M{;NNIB_VZix>s+u!oEvCtT?!sKgVMzyhm{SJ*=
zXjav&RIdnw!K%)YWM*3FC?8WKDWlYq%s>mKmiT^qA)2A39~0=xKU9gHFek&`1wL|Z
zqq9#ddK0fRZ700#>R0M2;+0c(kXt)!nclUH#n{e}6xzcbU^dXZ%(`p-(CBM?g0%?l
z1<6qp`=!2Jxu4PAzi>7v*Sny;61Ln17WdVId`UWN>VRLSf|KE19#k%@8qN&Ww~A|3
z9e+;z)5^3?Z~B6v1|@N%{Mn4w4fB{HSmS*N1s#+?rQ(3UAuhSgA4>k)96xN__=t^i
zK&d)4P{tJLonwf>?ts`GUXs*k2rIBFLha`u#ZlUo^0s_tNgce_q~B52@x!gqtP-i|
zXu?#P686r~aOeuZZE!qYt=F#6g6)*ymVRb_Ud9@v+atC92hE$EP$=jzcMi6~%UT~$
zFAI6DK0JHb)v{q@crA1>de|l3iVDRBo6MGazoUbI9ae@XQU+^2x&|9W)pwM0PF#m;
z5RVO=?eHvr9b0Ef%{HtWPVlFie=?{Q!g1EG;T**Sz->Hut1Kx(9BM`d-~4e21wR6~
z=#?2drySMFetg)mMJ6B&{=^leq%#557neQ{(Oo6vS
z9B^*26I-BZm=@jnO7ltCl^*6BMwU`
zd2eJ$^?0K}&aOa2QzGo(Wbzzs-yKp&>ry(-OUn@z678iLJx!j-uY+Ca(1B-=TJ?vf13WGSqAt
zEnY6(5=*?D*+>2j5@roFHCuhf&I?FrFKVZyr#DTxy1Fj)RUvb~E*R#!LAyqt!9%0Z
z`XF6+o)O-IVG7^JCKCmnJ^_WA8VXE*q^E<1y~6^DAVsQ~)&re9vOKd=3G+aOE0&-l
z93ZeN^uwb|PxEsYk(I^3Iq~I4YN*HGwcqZw62(2@?N6TRG9=Y0pvDx(&yc
zHA?zgACv>NF>a3UqSyc;u}?rSZy`5SFl)}E*nx}MV3~n)z!SLUPrMUr2MRtAi_h+=
z>jysvhn6R=67EnItT%2>vh)nfEW8P#rf?sxTNsS=;c}IresKJ^99-
z(k)#w3^`*2zN!?cJx6?knfoYE$+!(r67iNFz_%vi7CyOq005a;Qeuc}TvqgmccQkc
zPl1<2qUwn$d5;e@>yI!=Xk;dO
zC=isF&M$0A%r8ENg|2JLjd^yw&<=8VZ53P~^CG0=sZZx2E@Zs;h8qLJJX&`Rc~HHA
z&2AK5&(iKDnrG0Oie_*o%re5kmx9b(Up4gJo09V8ih*vxo{_^Zss`%d2cI`M3%b@X
zKX^@}mcFzSE}b4UOAWUu`3B!hpWP=UeZA{8c3C*|(T7_t=K^fvxV(WVprN*0;lZgK
z`rx`~OBqIi8TvgNf@eUM&*P{)&F)F{_4xaU)s`A%aBzM+K|9p;!-sX&`fK`yK*#?6
z511ks_8W)S{~+-CGnv#Zy5STPuQvJUZQ4V^h+cWQr)~Dl`;hLQcX*?!c*kbbwjzjG
z1~O6IIa+ET_t&7?)eY+T#hcg4bZo#UHa*@S!OM`ltF
z0n3U+?$o+;W?qaSDJ1Pa_vhm>hD^ub-`{!lTTtO1`S*Y4-~fQ=v%m9c0KiFGZbprJ
z-0}F|Z?Gz8GJ!ZJ2L;VAR!eQ`|SVLwD&W#wz6RWW{i)hUHLxy2IRNL09B#Y
z3*0y%j$|4Eb+eWbQunL{>2=ah8E)|_gtZZoqBwCPu4`eSnYd(t$d=9e&6M&yFRrQF
zq#$5}BS5Jh+Z_z3K**Ra%o{b3Oe9ntrtsXpVPNO#?8
zz7Ajv-z;l3!Ae1cF;-mJW7mcK+MJ{!B14xp{*3A%{WD5G_2#@mq`-hLKOcD41C!Xo
zMtJ!j$GQU!t~ikwLeT!IBj-s<5;^6S}0a`!D~o
z#r#$|Ll|u41TWn@c0nwH@|fkpgnar!nFv|b{5^r|aed_J+jp1i!bqEmd}ek?eW4Th
zV2MndqQ+XG=S_#dJbNRARasxnJf1XPRB7aWRH>EmBdjyi4P=kZr@icCwUvr3WXo-L
z%_gMftQ~Z^5sg*u@y_P>>*ZP-fuq>X#OymkTwvYEUik2F2O7x5osfu}CA>@S>Otb<
zl3ki~!n&h|QE+GN4(8eF_~-ETftOv+dP^;=$wQlAvo
z1ZDU*PAr79o=s%b_w!-?4Wev@s{feiH>wHsyVPKWJ8@l0PLF^mV!X2f=N?Zi7W4J5
zJe(v9vUfA*ZYl>cXFCpR*akQzjYtSoqntr-#=Ce@JBYw|0*d^-h?O*TA<5H+za$vX
zGS-E}@LmAQ9}PK}qH$5OYp`)>9eUuT>8ztO*T1^sSg}RPA&!|FGxhL&>v3b;oYBTNbr@+4|Cr?#
zKqzYrABK!*fU1(-ru)4kKNE?@l8(M&9A-;oRfm
zS8l1n?>71_uO0mTkM3(QqWtZDIY5}e9lihlTwWC}i!D-_Td((0d+STjfk@}#`{hEz
z?!U$sve$Vuib2s-(A5hUB1oD?c#Y)`D4j7MIkYtx9y~3WVgy*|%x*SXXQ_n^&+3>l
z&I4}4Hug*Jq24$YSJPuh)hr8wxgiEn<^l@h!vRE(n_n0%n&JDudFV9GZiZ0RVsKbZXZ->nC!>uG@x^onjNp^L&MB
z{c9%bVkBuM!(U?G(SA`NR!8s-cm2CzGRj*1vePJi;STOvyly$XA9&*`kH`5D&dfQ&
z<8;^J#Pi%2KjKAP(=%7DKZU%}9JWJ2GTV!L~dJ^xCaa==V=d_ye(6a&K@+g_&x~SW0TH(
zsIMZsw}MvKYJ^!a&X}pUI+t-xczO*!tDGYW%4=NZVQTSEhcITw
z=zyeu`lCOf>~}Y_h+;hk4T$Nqu0nfJW>0{X)biaLF1jaeH+K0eYpRmfR_ujTwYpF@
z{f#3P9#c#p4P9u@{F-Z8KjpGHAC2koW_1TeduC4#n0BzlB!+(0GiV~P)F^`1q=D*`
z`0_0KqPj=fz}cV)u=xX*swHL^lftNoJJSE_vW#BHv_sva4;U+>415`=;k?U1AM}|p
zM#0kQCyEN8-xn?
z36kIKQ*nhItX6fHRxYd(MyUnZ3xNRqJ%Y^`)Z9WWW&0TJ$nRCd_EMz1eNGzx^@0C+
z=J^nRdvH;^zNNkDiOKh4Ipv<2r}0#(M7N;*Fx10U*ZaXTDU2qzL?U6-BHbK*s=H(QADoYfpp6mzU~M;Sb2
z`>4sPv%Z561da+YulX~|!2bvc6zSX>_$2k_B<@(HJnoJi@TFB{?b>FijBLCkw$JH4
z5pvvqitZp`?^`qxNZL72aYsC*?@z4gM)NQ9;vc20nAk_yDc_Xp^9aG+M2)@k;rr6%@Ha_sV
z+B(ZW?%(M3{{W}|6TMoLay@VTzR5U=_s-Ol&MW5f!)NfS)>l@RHwR~L-tIG!{h!#C
z`yN%Mf~^ktr9jwf43Y=Xk;sP&lgg>=vC;VyQ1)Q1^1-j4E5!t7-^uCI|I_PpqXoHGM&Ap+-dFB-4cl*AJ;v#;depml1{`~Knf`bM;ESene5J6;-b%yQs
zL;jKo+fLPBt|jkV(!yF|Vxej_BG7HLhG5C@q6)s%V$SM!i9gf1Eg!`X8)|Cq)dimr
z$hKE8kq9*_^6O$Z=3``~*0gUnRQ7nJKBEEjds39|?$tS6*y5St%Km_SjP1WC^3rwb
z^j=NYo1Gv=JrSE!V*hhbA#g=eVxgcHmq}U3-a|$VgNflL^WMgF0g+dn|3ezM39>4j
z-Q$vVdN@k&rNEdPx07`q{kmb>IjElbd6@Aq*R;R>ZQ9e@jY`kq)8F5A_VgsiI$d?I
z8e^=E?raY}S72mkZY7Oy_0?!a=&m2^i0`5QP&2MO8A?^Fl^E<*5GzyhCX;@@V{rmw
zg4*?oYfsF5LbFInteCvKJkm3*x@SfI41Q00Pdf>lXUV*)XkL{cYyT$2aBz_
zdkUNC7OL%(ydEhqZ?l(BPg|&YW=)$Vsp%dp+zK`iv!&5v@iSjnOKbK4LAIpUxg0sJ
zGD?K?eELg<#T_wEdb|$3L1P2V5Rsmv6__!if@T}t#FWwSLLdCJEM?uldf>=Jen)Po
zVbZ>=oqO)1vRh4^{jv@kdM)pp43O>kJk^l|bA)F#?2M0fe=&6ZnEr>yX)Kx>|jqqBQs_m)GMeFz0MehXRp78#=si%MQO3`jV4fs-pH`2U>GpDap<9s1N
z%bts{oD^w-2{WWd6CKV_nC8}WGNq&JeAuM2GM-}@73Z+Tuf_59{a|&jTz>?Z>OV5K(z?-+=)zifB?FGy^=#2x
z<>e;p9$8-q_rUt#83G!Ixqzv%Q<4^a)Y8}Z%+wLubia7>-ZuR^H`gxgXMFLBQ}~wa
zbngDH`*dHv-rIqJf$#3QVQ05Cr;@IG`}PfXjlUQ&(fn540eeq-Yg$M{x-sUsNM`Ny
zE1@7p_7%Sys|yYCZ!^e?E-v~mZbZMg)@-stN2}}9WeOG+Cr}L)N+bd@DbS_c1Aq9yNTEXO2OfVJ;7vVHlM&W~FWH^?QYX!!j)aPRjQkO)ur
zt8m}J+P50|8v!HG#QP6gzSj%lM8{ZyO}_i(Z&!MDS5S+uyn@y;|8jEQE#~RCf0i>w
zb{qFoYAfh*`V!G|YriD?+*qv_Vw%JvsMFNQPC~)!rxbnmeS}BY`^|f_)=-t~b%|i*
zcRCD1cOCqe)7i?n?(D$QCKF0FTkXl0+P4mFEsTw*otZsKGK1K8?ya4?R<9j%*XRmn
z7v?-YNrd?+Gx1R<%so?n$j(FRBgoa)%%H
zi%*|e#P#y4&zI?Ea}dDe`ni=KewX%4oNZU;R4wAAxjw_;iUhgvLb6kUBTHFJ^Wy!&
zqNHfOm`vq`2Ly!{U6abd4dvqE_zPVlL&Jq;G(Q9@hCJM6Q`v!X^vz*M$}b{as4}y{
z?}CC8&*u6jI0jv^b{>Fx{_qZ{8?mpkZ#FW~Ky6LGqM|{>
z7j!JwhqL>pttW;^))AGgBvg|W6WGoxiD;U
z?r?~OS8?HGhT0STrjO;%hGb2tgRiq0Ch>A$Wa0IF#KdQ`8Infy<{9XO`mlf+X_GZp
zoti5~T3YKogip1y=JP6`%6s5kn~xuQk^?8^?k)r&$_BRI3{Sz?=40FLsr%0z2!0Ee
zLdvtnj8sJXMSh8;=yANpT8`SDob5u&St*O+KWC=XKx1DVwDRs9zGhX{9hN{f1XCR6
z(|xMDxGxxuZYxUwrqA^4Ic3(=i_tZ$8uX7
zO}V|i+@fjw{KQH^bK>y(=dQN(&t6c7LgQgTProt@O2%N;ax~)FlqkpFSGq7Kr;3hh
z{*qB`rm^=+bFrJaD`=*)W)1i75UFM2m1lDd7Ur~N`uRY?T>U!d#;4Y1-j#QOAo!U}
zbsL~Tkw^@xHOwe?GR5gqGnZZ7mY}yVp7s1Ujc}_7R!I}+
zvM3nCxntUiQP38Mu*^@}&yxPr>gl*yMsj#TzxynG$*9+~Jw|oDk)7y@8o?_EyDsv6
zlCukt96S~+YLSs3H-!I^k*qOk3K9a{jAMOT$9q&_OtBNY+KxX2kJP7?!E|63
z9`aYHwwadUTXQE{o*rxoT<)VS6|8(C4lC8kkw3l+4=*^Ijw~j-?OGjo3IQfhX75sn*!3)0H&*cV&@@rPVYCRx~h|x#rTYfqNvmFoSe-K
