Update Assigned Access recommendations and policy settings

windows/configuration/assigned-access/_recommendations.md

@@ -18,7 +18,7 @@ For kiosks devices located in public-facing environments, the recommendation is
 Consider enabling *automatic sign-in* for your kiosk device. When the device restarts, from an update or power outage, you can configure the device to sign in with the Assigned Access account automatically. Ensure that policy settings applied to the device don't prevent automatic sign in from working as expected.
 
 > [!NOTE]
-> If you are using a Windows client device restriction CSP to set "Preferred Microsoft Entra tenant domain", this will break the "User logon type" auto-login feature of the Kiosk profile.
+> The policy settings [PreferredAadTenantDomainName](/windows/client-management/mdm/policy-csp-authentication#preferredaadtenantdomainname), prevents automatic sign-in from working.
 
 You can configure the Assigned Access and Shell Launcher XML files with an account to sign-in automatically. For more information, review the articles:
 

windows/configuration/assigned-access/includes/example-kiosk-uwp.md

@@ -8,6 +8,7 @@ ms.topic: include
 <!-- example of a kiosk experience with UWP app-->
 
 ```xml
+<?xml version="1.0" encoding="utf-8"?>
 <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
   <Profiles>
     <Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}">

windows/configuration/assigned-access/overview.md

@@ -280,6 +280,9 @@ The Assigned Access configuration takes effect the next time the targeted user s
 
 The touch keyboard is automatically triggered when there's an input needed and no physical keyboard is attached on touch-enabled devices. You don't need to configure any other setting to enforce this behavior.
 
+> [!TIP]
+> The touch keyboard is triggered only when tapping a textbox. Mouse clicks don't trigger the touch keyboard. If you're testing this feature, use a physical device instead of a virtual machine (VM), as the touch keyboard is not triggered on VMs.
+
 ### Sign out of assigned access
 
 By default, to exit the kiosk experience, press <kbd>Ctrl</kbd> + <kbd>Alt</kbd> + <kbd>Del</kbd>. The kiosk app exits automatically. If you sign in again as the Assigned Access account, or wait for the sign in screen timeout, the kiosk app relaunches. The default timeout is 30 seconds, but you can change the timeout with the registry key:

windows/configuration/assigned-access/policy-settings.md

@@ -16,7 +16,7 @@ This reference article lists the policy settings and AppLocker rules applied by
 
 ## Device policy settings
 
-The following settings are applied at the device level. Any user accessing the device is subject to the policy settings, including administrator accounts.
+The following policy settings are applied at the device level when you deploy a restricted user experience. Any user accessing the device is subject to the policy settings, including administrator accounts:
 
 | Type    | Path                                                                       | Name/Description                                                          |
 |---------|----------------------------------------------------------------------------|---------------------------------------------------------------------------|
@@ -39,7 +39,7 @@ The following settings are applied at the device level. Any user accessing the d
 
 ## User policy settings
 
-The following policy settings are applied to any nonadministrator account accessing the device:
+The following policy settings are applied to any nonadministrator account when you deploy a restricted user experience:
 
 | Type    | Path                                                                             | Name/Description                                                  |
 |---------|----------------------------------------------------------------------------------|-------------------------------------------------------------------|