diff --git a/education/windows/edu-take-a-test-kiosk-mode.md b/education/windows/edu-take-a-test-kiosk-mode.md
index 712eec4c91..14a1e7515a 100644
--- a/education/windows/edu-take-a-test-kiosk-mode.md
+++ b/education/windows/edu-take-a-test-kiosk-mode.md
@@ -1,7 +1,7 @@
---
-title: Configure Take a Test in kiosk mode
-description: Learn how to configure Windows to execute the Take a Test app in kiosk mode, using Intune and provisioning packages.
-ms.date: 09/06/2024
+title: Configure Take a Test in Kiosk Mode
+description: Learn how to configure Windows to execute the Take a Test app in kiosk mode using different methods.
+ms.date: 04/07/2025
ms.topic: how-to
---
@@ -11,10 +11,11 @@ Executing Take a Test in kiosk mode is the recommended option for high stakes as
The configuration of Take a Test in kiosk mode can be done using:
-- Microsoft Intune/MDM
-- a provisioning package (PPKG)
+- Microsoft Intune
+- Configuration service provider (CSP)
+- A provisioning package (PPKG)
- PowerShell
-- the Settings app
+- The Settings app
When using the Settings app, you can configure Take a Test in kiosk mode using a local account only. This option is recommended for devices that aren't managed.
The other options allow you to configure Take a Test in kiosk mode using a local account, an account defined in the directory, or a guest account.
@@ -26,19 +27,7 @@ The other options allow you to configure Take a Test in kiosk mode using a local
Follow the instructions below to configure your devices, selecting the option that best suits your needs.
-# [:::image type="icon" source="images/icons/intune.svg"::: **Intune/CSP**](#tab/intune)
-
-You can use Intune for Education or a custom profile in Microsoft Intune:
-
-- Intune for Education provides a simpler experience
-- A custom profile provides more flexibility and controls over the configuration
-
-> [!IMPORTANT]
-> Currently, the policy created in Intune for Education is applicable to Windows 10 and Windows 11 only. **It will not apply to Windows 11 SE devices.**
->
-> If you want to configure Take a Test for Windows 11 SE devices, you must use a custom policy.
-
-### Configure Take a Test from Intune for Education
+# [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
To configure devices using Intune for Education, follow these steps:
@@ -51,23 +40,19 @@ To configure devices using Intune for Education, follow these steps:
:::image type="content" source="./images/takeatest/intune-education-take-a-test-profile.png" alt-text="Intune for Education - creation of a Take a Test profile." lightbox="./images/takeatest/intune-education-take-a-test-profile.png" border="true":::
-### Configure Take a Test with a custom policy
+# [:::image type="icon" source="images/icons/csp.svg"::: **CSP**](#tab/csp)
-[!INCLUDE [intune-custom-settings-1](../../includes/configure/intune-custom-settings-1.md)]
+To configure devices using configuration service providers, use the following settings:
| Setting |
|--------|
-|
Value: **Take a Test** (or a string of your choice to display in the sing-in screen)
|
-|
Path: **`TakeATest/LaunchURI/`**
Value: **\**
|
+| - Path: `Policies/LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn` - **Value:** `Enabled`|
+| - Path: `Policies/WindowsLogon/HideFastUserSwitching` - **Value:** True|
+| - Path: `SharedPC/AccountManagement/AccountModel` - **Value:** Domain-joined only|
+| - Path: `SharedPC/AccountManagement/EnableAccountManager` - **Value:** True|
+| - Path: `SharedPC/AccountManagement/KioskModeAUMID` - **Value:** **Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App**|
+| - Path: `SharedPC/AccountManagement/KioskModeUserTileDisplayText` - **Value:** Take a Test (or a string of your choice to display in the sing-in screen)|
+| - Path: `TakeATest/LaunchURI/` - **Value:** \|
:::image type="content" source="./images/takeatest/wcd-take-a-test.png" alt-text="Windows Configuration Designer - configuration of policies to enable Take a Test to run in kiosk mode" lightbox="./images/takeatest/wcd-take-a-test.png" border="true":::
diff --git a/education/windows/images/icons/csp.svg b/education/windows/images/icons/csp.svg
new file mode 100644
index 0000000000..6baa611d0f
--- /dev/null
+++ b/education/windows/images/icons/csp.svg
@@ -0,0 +1,10 @@
+
diff --git a/education/windows/images/takeatest/intune-take-a-test-custom-profile.png b/education/windows/images/takeatest/intune-take-a-test-custom-profile.png
deleted file mode 100644
index 71e94646ec..0000000000
Binary files a/education/windows/images/takeatest/intune-take-a-test-custom-profile.png and /dev/null differ
diff --git a/education/windows/take-a-test-app-technical.md b/education/windows/take-a-test-app-technical.md
index 244868ff4c..4633fbdfc4 100644
--- a/education/windows/take-a-test-app-technical.md
+++ b/education/windows/take-a-test-app-technical.md
@@ -1,7 +1,7 @@
---
-title: Take a Test app technical reference
+title: Take a Test App Technical Reference
description: List of policies and settings applied by the Take a Test app.
-ms.date: 09/06/2024
+ms.date: 04/07/2025
ms.topic: reference
---
diff --git a/windows/configuration/start/layout.md b/windows/configuration/start/layout.md
index 42002f195e..7d53966dec 100644
--- a/windows/configuration/start/layout.md
+++ b/windows/configuration/start/layout.md
@@ -470,7 +470,7 @@ You can configure devices using the [Start CSP][WIN-1]. Use one of the following
[!INCLUDE [provisioning-package-1](../../../includes/configure/provisioning-package-1.md)]
-- **Path:** `Policies/Start/StartLayout`
+- **Path:** Policies > Start > StartLayout
- **Value:** content of the XML file
> [!NOTE]
diff --git a/windows/security/identity-protection/access-control/access-control.md b/windows/security/identity-protection/access-control/access-control.md
index 12fe65bda4..0c65908b37 100644
--- a/windows/security/identity-protection/access-control/access-control.md
+++ b/windows/security/identity-protection/access-control/access-control.md
@@ -1,6 +1,6 @@
---
-ms.date: 09/06/2024
-title: Access Control overview
+ms.date: 04/07/2025
+title: Access Control Overview
description: Learn about access control in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer.
ms.topic: overview
appliesto:
diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md
index 102e723645..9323170072 100644
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@@ -1,5 +1,5 @@
---
-ms.date: 09/06/2024
+ms.date: 04/07/2025
title: Local Accounts
description: Learn how to secure and manage access to the resources on a standalone or member server for services or users.
ms.topic: concept-article
@@ -225,33 +225,33 @@ The following table shows the Group Policy and registry settings that are used t
#### To enforce local account restrictions for remote access
1. Start the **Group Policy Management** Console (GPMC)
-1. In the console tree, expand <*Forest*>\\Domains\\<*Domain*>, and then **Group Policy Objects** where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO)
+1. In the console tree, expand <*Forest*>\Domains\<*Domain*>, and then **Group Policy Objects** where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO)
1. In the console tree, right-click **Group Policy Objects > New**
-1. In the **New GPO** dialog box, type <**gpo\_name**>, and > **OK** where *gpo\_name* is the name of the new GPO. The GPO name indicates that the GPO is used to restrict local administrator rights from being carried over to another computer
-1. In the details pane, right-click <**gpo\_name**>, and > **Edit**
+1. In the **New GPO** dialog box, type <**gpo_name**>, and > **OK** where *gpo_name* is the name of the new GPO. The GPO name indicates that the GPO is used to restrict local administrator rights from being carried over to another computer
+1. In the details pane, right-click <**gpo_name**>, and > **Edit**
1. Ensure that UAC is enabled and that UAC restrictions apply to the default Administrator account by following these steps:
- - Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\, and > **Security Options**
- - Double-click **User Account Control: Run all administrators in Admin Approval Mode** > **Enabled** > **OK**
- - Double-click **User Account Control: Admin Approval Mode for the Built-in Administrator account** > **Enabled** > **OK**
+ - Navigate to the **Computer Configuration** > **Windows Settings** > **Security Settings** > **Local Policies** > **Security Options**
+ - Select **User Account Control: Run all administrators in Admin Approval Mode** > **Enabled** > **OK**
+ - Select **User Account Control: Admin Approval Mode for the Built-in Administrator account** > **Enabled** > **OK**
1. Ensure that the local account restrictions are applied to network interfaces by following these steps:
- Navigate to *Computer Configuration\Preferences and Windows Settings*, and > **Registry**
- - Right-click **Registry**, and > **New** > **Registry Item**
+ - Right-click **Registry**, and > **New** > **Registry Item**
- In the **New Registry Properties** dialog box, on the **General** tab, change the setting in the **Action** box to **Replace**
- Ensure that the **Hive** box is set to **HKEY_LOCAL_MACHINE**
- - Select (**…**), browse to the following location for **Key Path** > **Select** for: `SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`
+ - Select (**…**), browse to the following location for **Key Path** > **Select** for: `SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`
- In the **Value name** area, type `LocalAccountTokenFilterPolicy`
- In the **Value type** box, from the drop-down list, select **REG_DWORD** to change the value
- In the **Value data** box, ensure that the value is set to **0**
- - Verify this configuration, and > **OK**
+ - Verify this configuration, and > **OK**
1. Link the GPO to the first **Workstations** organizational unit (OU) by doing the following:
- Navigate to the `*Forest*\\*Domain*\*OU*` path
- Right-click the **Workstations > Link an existing GPO**
- - Select the GPO that you created, and > **OK**
+ - Select the GPO that you created, and > **OK**
1. Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy
1. Create links to all other OUs that contain workstations
@@ -278,23 +278,23 @@ The following table shows the Group Policy settings that are used to deny networ
#### To deny network logon to all local administrator accounts
1. Start the **Group Policy Management** Console (GPMC)
-1. In the console tree, expand <*Forest*>\\Domains\\<*Domain*>, and then **Group Policy Objects**, where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO)
-1. In the console tree, right-click **Group Policy Objects**, and > **New**
-1. In the **New GPO** dialog box, type <**gpo\_name**>, and then > **OK** where *gpo\_name* is the name of the new GPO indicates that it's being used to restrict the local administrative accounts from interactively signing in to the computer
-1. In the details pane, right-click <**gpo\_name**>, and > **Edit**
+1. In the console tree, expand <*Forest*>\Domains\<*Domain*>, and then **Group Policy Objects**, where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO)
+1. In the console tree, right-click **Group Policy Objects**, and > **New**
+1. In the **New GPO** dialog box, type <**gpo_name**>, and then > **OK** where *gpo_name* is the name of the new GPO indicates that it's being used to restrict the local administrative accounts from interactively signing in to the computer
+1. In the details pane, right-click <**gpo_name**>, and > **Edit**
1. Configure the user rights to deny network logons for administrative local accounts as follows:
-1. Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\, and > **User Rights Assignment**
+1. Navigate to the Computer Configuration\Windows Settings\Security Settings\, and > **User Rights Assignment**
1. Double-click **Deny access to this computer from the network**
-1. Select **Add User or Group**, type **Local account and member of Administrators group**, and > **OK**
+1. Select **Add User or Group**, type **Local account and member of Administrators group**, and > **OK**
1. Configure the user rights to deny Remote Desktop (Remote Interactive) logons for administrative local accounts as follows:
-1. Navigate to Computer Configuration\\Policies\\Windows Settings and Local Policies, and then select **User Rights Assignment**
+1. Navigate to Computer Configuration\Policies\Windows Settings and Local Policies, and then select **User Rights Assignment**
1. Double-click **Deny log on through Remote Desktop Services**
-1. Select **Add User or Group**, type **Local account and member of Administrators group**, and > **OK**
+1. Select **Add User or Group**, type **Local account and member of Administrators group**, and > **OK**
1. Link the GPO to the first **Workstations** OU as follows:
- - Navigate to the <*Forest*>\\Domains\\<*Domain*>\\OU path
- - Right-click the **Workstations** OU, and > **Link an existing GPO**
- - Select the GPO that you created, and > **OK**
+ - Navigate to the <*Forest*>\Domains\<*Domain*>\OU path
+ - Right-click the **Workstations** OU, and > **Link an existing GPO**
+ - Select the GPO that you created, and > **OK**
1. Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy
1. Create links to all other OUs that contain workstations
diff --git a/windows/security/identity-protection/passkeys/index.md b/windows/security/identity-protection/passkeys/index.md
index ebad860cb2..aef59bf2b1 100644
--- a/windows/security/identity-protection/passkeys/index.md
+++ b/windows/security/identity-protection/passkeys/index.md
@@ -1,10 +1,10 @@
---
-title: Support for passkeys in Windows
+title: Support for Passkeys in Windows
description: Learn about passkeys and how to use them on Windows devices.
ms.collection:
- tier1
ms.topic: overview
-ms.date: 09/06/2024
+ms.date: 04/07/2025
appliesto:
- ✅ Windows 11
- ✅ Windows 10
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
index 8c0882c38c..5d48549c5c 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
@@ -2,7 +2,7 @@
title: Deploy Virtual Smart Cards
description: Learn about what to consider when deploying a virtual smart card authentication solution
ms.topic: concept-article
-ms.date: 09/06/2024
+ms.date: 04/07/2025
---
# Deploy Virtual Smart Cards
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
index 3ee5766ed3..99ccd6d643 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
@@ -2,7 +2,7 @@
title: Evaluate Virtual Smart Card Security
description: Learn about the security characteristics and considerations when deploying TPM virtual smart cards.
ms.topic: concept-article
-ms.date: 09/06/2024
+ms.date: 04/07/2025
---
# Evaluate Virtual Smart Card Security
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
index f9d707ff54..d4c5e6d5b9 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
@@ -2,7 +2,7 @@
title: Get Started with Virtual Smart Cards - Walkthrough Guide
description: This topic for the IT professional describes how to set up a basic test environment for using TPM virtual smart cards.
ms.topic: get-started
-ms.date: 09/06/2024
+ms.date: 04/07/2025
---
# Get Started with Virtual Smart Cards: Walkthrough Guide
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
index 985c2fcf93..5cc635e4d2 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
@@ -2,7 +2,7 @@
title: Virtual Smart Card Overview
description: Learn about virtual smart card technology for Windows.
ms.topic: overview
-ms.date: 09/06/2024
+ms.date: 04/07/2025
---
# Virtual Smart Card Overview
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
index 4204ca10f0..b908769c7e 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
@@ -2,7 +2,7 @@
title: Tpmvscmgr
description: Learn about the Tpmvscmgr command-line tool, through which an administrator can create and delete TPM virtual smart cards on a computer.
ms.topic: reference
-ms.date: 09/06/2024
+ms.date: 04/07/2025
---
# Tpmvscmgr
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
index d1a28711ff..fc2fc88404 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
@@ -2,7 +2,7 @@
title: Understanding and Evaluating Virtual Smart Cards
description: Learn how smart card technology can fit into your authentication design.
ms.topic: overview
-ms.date: 09/06/2024
+ms.date: 04/07/2025
---
# Understand and Evaluate Virtual Smart Cards
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
index de527ed1b0..66b7644792 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
@@ -2,7 +2,7 @@
title: Use Virtual Smart Cards
description: Learn about the requirements for virtual smart cards, how to use and manage them.
ms.topic: concept-article
-ms.date: 09/06/2024
+ms.date: 04/07/2025
---
# Use Virtual Smart Cards
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
index 1696c770a0..8d95c636d5 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
@@ -2,7 +2,7 @@
title: Configure Windows Firewall logging
description: Learn how to configure Windows Firewall to log dropped packets or successful connections with CSP and group policy.
ms.topic: how-to
-ms.date: 09/06/2024
+ms.date: 04/07/2025
---
# Configure Windows Firewall logging
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md
index b332d7b87d..0222d06e64 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md
@@ -1,8 +1,8 @@
---
-title: Manage Windows Firewall with the command line
+title: Manage Windows Firewall With the Command Line
description: Learn how to manage Windows Firewall from the command line. This guide provides examples how to manage Windows Firewall with PowerShell and Netsh.
ms.topic: how-to
-ms.date: 09/06/2024
+ms.date: 04/07/2025
---
# Manage Windows Firewall with the command line
@@ -53,7 +53,7 @@ netsh advfirewall set allprofiles logging filename %SystemRoot%\System32\LogFile
### Disable Windows Firewall
-Microsoft recommends that you don't disable Windows Firewall because you lose other benefits, such as the ability to use Internet Protocol security (IPsec) connection security rules, network protection from attacks that employ network fingerprinting, Windows Service Hardening, and [boot time filters][BTF]. Non-Microsoft firewall software can programmatically disable only the [rule types][FWRC] of Windows Firewall that need to be disabled for compatibility. You shouldn't disable the firewall yourself for this purpose.
+Microsoft recommends that you don't disable Windows Firewall because you lose other benefits, such as the ability to use Internet Protocol security (IPsec) connection security rules, network protection from attacks that employ network fingerprinting, Windows Service Hardening, and [boot time filters][BTF]. Non-Microsoft firewall software can programmatically disable only the [rule types][FWRC] of Windows Firewall that need to be disabled for compatibility. You shouldn't disable the firewall yourself for this purpose.
If disabling Windows Firewall is required, don't disable it by stopping the Windows Firewall service (in the Services snap-in, the display name is Windows Defender Firewall and the service name is MpsSvc). Stopping the Windows Firewall service isn't supported by Microsoft and can cause problems, including:
- Start menu can stop working
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure.md b/windows/security/operating-system-security/network-security/windows-firewall/configure.md
index f6540ef8df..b4ca3feac9 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure.md
@@ -1,8 +1,8 @@
---
-title: Configure firewall rules with group policy
+title: Configure Firewall Rules With Group Policy
description: Learn how to configure firewall rules using group policy with the Windows Firewall with Advanced Security console.
ms.topic: how-to
-ms.date: 09/06/2024
+ms.date: 04/07/2025
---
# Configure rules with group policy
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md b/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md
index 55844489b4..30210647b8 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md
@@ -1,8 +1,8 @@
---
-title: Windows Firewall dynamic keywords
+title: Windows Firewall Dynamic Keywords
description: Learn about Windows Firewall dynamic keywords and how to configure it using Windows PowerShell.
ms.topic: how-to
-ms.date: 09/06/2024
+ms.date: 04/07/2025
---
# Windows Firewall dynamic keywords
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md b/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
index 3b126e154b..67bab0410a 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
@@ -1,8 +1,8 @@
---
-title: Filter origin audit log
+title: Filter Origin Audit Log
description: Learn about Windows Firewall and filter origin audit log to troubleshoot packet drops.
ms.topic: troubleshooting
-ms.date: 09/06/2024
+ms.date: 04/07/2025
---
# Filter origin audit log
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall.md b/windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall.md
index c0f1b76b53..dee3c9a4a0 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall.md
@@ -1,8 +1,8 @@
---
-title: Hyper-V firewall
+title: Hyper-V Firewall
description: Learn how to configure Hyper-V firewall rules and settings using PowerShell or Configuration Service Provider (CSP).
ms.topic: how-to
-ms.date: 09/06/2024
+ms.date: 04/07/2025
appliesto:
- ✅ Windows 11
---
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/index.md b/windows/security/operating-system-security/network-security/windows-firewall/index.md
index 4de85b91d4..1a10def08e 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/index.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/index.md
@@ -1,8 +1,8 @@
---
-title: Windows Firewall overview
+title: Windows Firewall Overview
description: Learn overview information about the Windows Firewall security feature.
ms.topic: overview
-ms.date: 09/06/2024
+ms.date: 04/07/2025
---
# Windows Firewall overview
@@ -75,7 +75,7 @@ The *public network* profile is designed with higher security in mind for public
## Disable Windows Firewall
-Microsoft recommends that you don't disable Windows Firewall because you lose other benefits, such as the ability to use Internet Protocol security (IPsec) connection security rules, network protection from attacks that employ network fingerprinting, Windows Service Hardening, and [boot time filters][BTF]. Non-Microsoft firewall software can programmatically disable only the [rule types][FWRC] of Windows Firewall that need to be disabled for compatibility. You shouldn't disable the firewall yourself for this purpose.
+Microsoft recommends that you don't disable Windows Firewall because you lose other benefits, such as the ability to use Internet Protocol security (IPsec) connection security rules, network protection from attacks that employ network fingerprinting, Windows Service Hardening, and [boot time filters][BTF]. Non-Microsoft firewall software can programmatically disable only the [rule types][FWRC] of Windows Firewall that need to be disabled for compatibility. You shouldn't disable the firewall yourself for this purpose.
If disabling Windows Firewall is required, don't disable it by stopping the Windows Firewall service (in the Services snap-in, the display name is Windows Defender Firewall and the service name is MpsSvc). Stopping the Windows Firewall service isn't supported by Microsoft and can cause problems, including:
- Start menu can stop working
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/quarantine.md b/windows/security/operating-system-security/network-security/windows-firewall/quarantine.md
index 66d7f05f80..5c15f745cf 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/quarantine.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/quarantine.md
@@ -1,8 +1,8 @@
---
-title: Quarantine behavior
+title: Quarantine Behavior
description: Learn about Windows Firewall and the quarantine feature behavior.
ms.topic: concept-article
-ms.date: 09/06/2024
+ms.date: 04/07/2025
---
# Quarantine behavior
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/rules.md b/windows/security/operating-system-security/network-security/windows-firewall/rules.md
index 3e4efcc4cd..6b6eef9e48 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md
@@ -1,7 +1,7 @@
---
-title: Windows Firewall rules
+title: Windows Firewall Rules
description: Learn about Windows Firewall rules and design recommendations.
-ms.date: 09/06/2024
+ms.date: 04/07/2025
ms.topic: concept-article
---
@@ -21,7 +21,7 @@ In many cases, allowing specific types of inbound traffic is required for applic
Because of 1 and 2, when designing a set of policies, you should make sure that there are no other explicit block rules that could inadvertently overlap, thus preventing the traffic flow you wish to allow.
-Outbound rules follow the same precedence behaviors.
+Outbound rules follow the same precedence behaviors.
> [!NOTE]
> Windows Firewall doesn't support weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors as described.
@@ -33,12 +33,12 @@ When first installed, network applications and services issue a *listen call* sp
:::row:::
:::column span="2":::
If there's no active application or administrator-defined allow rule(s), a dialog box prompts the user to either allow or block an application's packets the first time the app is launched or tries to communicate in the network:
-
+
- If the user has admin permissions, they're prompted. If they respond *No* or cancel the prompt, block rules are created. Two rules are typically created, one each for TCP and UDP traffic
- If the user isn't a local admin and they are prompted, block rules are created. It doesn't matter what option is selected
To disable the notification prompt, you can use the [command line](/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line) or the **Windows Firewall with Advanced Security** console
-
+
:::column-end:::
:::column span="2":::
:::image type="content" source="images/uac.png" alt-text="Screenshot showing the User Account Control (UAC) prompt to allow Microsoft Teams." border="false":::
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/tools.md b/windows/security/operating-system-security/network-security/windows-firewall/tools.md
index bd17b1a53c..6c1d8fbbd2 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/tools.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/tools.md
@@ -1,7 +1,7 @@
---
-title: Windows Firewall tools
+title: Windows Firewall Tools
description: Learn about the available tools to configure Windows Firewall and firewall rules.
-ms.date: 09/06/2024
+ms.date: 04/07/2025
ms.topic: best-practice
---
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md
index 07a5074ab6..0d7e9b0c1b 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md
@@ -2,7 +2,7 @@
title: Troubleshooting UWP App Connectivity Issues in Windows Firewall
description: Troubleshooting UWP App Connectivity Issues in Windows Firewall
ms.topic: troubleshooting
-ms.date: 09/06/2024
+ms.date: 04/07/2025
---
# Troubleshooting UWP App Connectivity Issues