From 13f59c7b058804c40fdd1ea8b50d5e5775db00f9 Mon Sep 17 00:00:00 2001
From: RavennMSFT <37601656+RavennMSFT@users.noreply.github.com>
Date: Thu, 20 May 2021 14:02:10 -0700
Subject: [PATCH 01/23] Update policy-csp-authentication.md

updated description for web sign in policy
---
 windows/client-management/mdm/policy-csp-authentication.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index d62b5b232d..0c1b971103 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -542,7 +542,7 @@ Value type is integer. Supported values:
 > [!Warning]
 > This policy is in preview mode only and therefore not meant or recommended for production purposes.
 
-"Web Sign-in" is a new way of signing into a Windows PC. It enables Windows logon support for non-ADFS federated providers (e.g. SAML). 
+"Web Sign-in" is a new way of signing into a Windows PC. It enables Windows logon support for new Azure AD credentials like Temporary Access Pass
 
 > [!Note]
 > Web Sign-in is only supported on Azure AD Joined PCs.

From 4867c75d1f89c3f1efe92ef338d4134b046f4137 Mon Sep 17 00:00:00 2001
From: RavennMSFT <37601656+RavennMSFT@users.noreply.github.com>
Date: Thu, 20 May 2021 15:29:01 -0700
Subject: [PATCH 02/23] Update
 windows/client-management/mdm/policy-csp-authentication.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 windows/client-management/mdm/policy-csp-authentication.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 0c1b971103..1b75bd9a6b 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -542,7 +542,7 @@ Value type is integer. Supported values:
 > [!Warning]
 > This policy is in preview mode only and therefore not meant or recommended for production purposes.
 
-"Web Sign-in" is a new way of signing into a Windows PC. It enables Windows logon support for new Azure AD credentials like Temporary Access Pass
+"Web Sign-in" is a new way of signing into a Windows PC. It enables Windows logon support for new Azure AD credentials, like Temporary Access Pass.
 
 > [!Note]
 > Web Sign-in is only supported on Azure AD Joined PCs.

From 6ac2a0bc368fced5f672d96224d9e54f53891fa1 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 31 May 2021 12:51:27 +0100
Subject: [PATCH 03/23] Update policy-csp-system.md

---
 .../client-management/mdm/policy-csp-system.md  | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 61558a2ca2..9497ff874d 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -748,11 +748,14 @@ The following list shows the supported values for Windows 10 version 1809 and ol
 
 Most restricted value is 0.
 
-The following list shows the supported values for  Windows 10 version 19H1 and later:
+For Windows 10 version 19H1 and later we simplified your diagnostic data controls by moving from four diagnostic data controls to three. The following list shows the supported values:
 
--   **Diagnostic data off** - No Windows diagnostic data sent.
--   **Required (Basic)** - Minimum data required to keep the device secure, up to date, and performing as expected.
--   **Optional (Full)** - Additional data about the websites you browse, how Windows and apps are used and how they perform. This data also includes data about device activity, and enhanced error reporting that helps Microsoft to fix and improve products and services for all users.
+-   **0 - Diagnostic data off** - No Windows diagnostic data sent.
+-   **1 - Required (Basic)** - Minimum data required to keep the device secure, up to date, and performing as expected.
+-   **3 - Optional (Full)** - Additional data about the websites you browse, how Windows and apps are used and how they perform. This data also includes data about device activity, and enhanced error reporting that helps Microsoft to fix and improve products and services for all users.
+
+> [!NOTE]
+> If your devices are set to Enhanced when they are upgraded, the device settings will be migrated to the more privacy-preserving setting of Required diagnostic data. For more information, see [Changes to Windows diagnostic data](/windows/privacy/changes-to-windows-diagnostic-data-collection). 
 
 <!--<table style="margin-left: 20px">
 <colgroup>
@@ -1614,13 +1617,13 @@ To enable this behavior, you must complete two steps:
 
 -   Enable this policy setting
 -   Set the **AllowTelemetry** level:
-    - For Windows 10 version 1809 and older: set **AllowTelemetry** to (Enhanced) 
+    - For Windows 10 version 1809 and older: set **AllowTelemetry** to Enhanced
     - For Windows 10 version 19H1 and later: set **AllowTelemetry** to Optional (Full)
 
  
 When you configure these policy settings, a basic level of  diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: <a href="/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields" data-raw-source="[Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields)">Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics</a>.
  
-Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft.
+Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send Required (Basic) or Optional (Full) diagnostic data to Microsoft.
    
 If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy.
 
@@ -1785,4 +1788,4 @@ Footnotes:
 - 7 - Available in Windows 10, version 1909.
 - 8 - Available in Windows 10, version 2004.
 
-<!--/Policies-->
\ No newline at end of file
+<!--/Policies-->

From e41479bca6a0e65258440054adaec42a36b7a21b Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 31 May 2021 12:59:35 +0100
Subject: [PATCH 04/23] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 9497ff874d..905ec90ac2 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -748,7 +748,7 @@ The following list shows the supported values for Windows 10 version 1809 and ol
 
 Most restricted value is 0.
 
-For Windows 10 version 19H1 and later we simplified your diagnostic data controls by moving from four diagnostic data controls to three. The following list shows the supported values:
+For Windows 10 version 19H1 and later, we simplified your diagnostic data controls by moving from four diagnostic data controls to three. The following list shows the supported values:
 
 -   **0 - Diagnostic data off** - No Windows diagnostic data sent.
 -   **1 - Required (Basic)** - Minimum data required to keep the device secure, up to date, and performing as expected.

From 70acd1d2b6e65ecdce2dbf73fa5a8bfc84416a25 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Wed, 2 Jun 2021 13:01:35 +0100
Subject: [PATCH 05/23] updates for AllowTelemetry

---
 .../mdm/policy-csp-system.md                  | 20 +++++++------------
 ...s-to-windows-diagnostic-data-collection.md |  2 +-
 2 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 905ec90ac2..89ff9b9090 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -740,22 +740,16 @@ In Windows 10, you can configure this policy setting to decide what level of dia
 
 The following list shows the supported values for Windows 10 version 1809 and older:
 
--   0 – (**Security**) Sends information that is required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Microsoft Defender.
-    **Note:** This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 IoT Core (IoT Core), Hololens 2, and Windows Server 2016. Using this setting on other devices is equivalent to setting the value of 1.
--   1 – (**Basic**) Sends the same data as a value of 0, plus additional basic device info, including quality-related data, app compatibility, and app usage data.
--   2 – (**Enhanced**) Sends the same data as a value of 1, plus additional insights, including how Windows, Windows Server, System Center, and apps are used, how they perform, and advanced reliability data.
--   3 – (**Full**) Sends the same data as a value of 2, plus all data necessary to identify and fix problems with devices.
+-   0 – (**Security**) This turns Windows diagnostic data off.  
+-   **Note**: This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 IoT Core (IoT Core), HoloLens 2, and Windows Server 2016 (and later versions). Using this setting on other devices editions of Windows is equivalent to setting the value of 1.
+-   1 – (**Required**) Sends basic device info, including quality-related data, app compatibility, and other similar data to keep the device secure and up-to-date.
+-   2 – (**Enhanced**) Sends the same data as a value of 1, plus additional insights, including how Windows, Windows Server, System Center, and apps are used, how they perform, and advanced reliability data, such as limited crash dumps.
+-   3 – (**Optional**) Sends the same data as a value of 2, plus additional data necessary to identify and fix problems with devices such as enhanced error logs.
 
-Most restricted value is 0.
-
-For Windows 10 version 19H1 and later, we simplified your diagnostic data controls by moving from four diagnostic data controls to three. The following list shows the supported values:
-
--   **0 - Diagnostic data off** - No Windows diagnostic data sent.
--   **1 - Required (Basic)** - Minimum data required to keep the device secure, up to date, and performing as expected.
--   **3 - Optional (Full)** - Additional data about the websites you browse, how Windows and apps are used and how they perform. This data also includes data about device activity, and enhanced error reporting that helps Microsoft to fix and improve products and services for all users.
+Most restrictive value is 0.
 
 > [!NOTE]
-> If your devices are set to Enhanced when they are upgraded, the device settings will be migrated to the more privacy-preserving setting of Required diagnostic data. For more information, see [Changes to Windows diagnostic data](/windows/privacy/changes-to-windows-diagnostic-data-collection). 
+> If your devices are set to Enhanced when they are upgraded, the device settings will be evaluated to be at the more privacy-preserving setting of Required diagnostic data. For more information, see [Changes to Windows diagnostic data](/windows/privacy/changes-to-windows-diagnostic-data-collection).
 
 <!--<table style="margin-left: 20px">
 <colgroup>
diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
index 692cfa0a09..9514d43951 100644
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@@ -50,7 +50,7 @@ Starting in Windows 10, version 1903 and newer, both the **Out-of-Box-Experience
 
 ## Behaviorial changes
 
-In an upcoming release of Windows 10, we’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. If your devices are set to **Enhanced** when they are upgraded, the device settings will be migrated to the more privacy-preserving setting of **Required diagnostic data**, which means that analytic services that leverage enhanced data collection may not work properly. For a list of services, see the section named, **Services that rely on Enhanced diagnostic data**, later in this topic. Administrators should read through the details and determine whether to apply these new policies to restore the same collection settings as they had before this change. For a list of steps, see the section named **Configure a Windows 10 device to limit crash dumps and logs**. For more information on services that rely on Enhanced diagnostic data, see **Services that rely on Enhanced diagnostic data**.
+In an upcoming release of Windows 10, we’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. If your devices are set to **Enhanced** when they are upgraded, the device settings will be evaluated to be at the more privacy-preserving setting of **Required diagnostic data**, which means that analytic services that leverage enhanced data collection may not work properly. For a list of services, see the section named, **Services that rely on Enhanced diagnostic data**, later in this topic. Administrators should read through the details and determine whether to apply these new policies to restore the same collection settings as they had before this change. For a list of steps, see the section named **Configure a Windows 10 device to limit crash dumps and logs**. For more information on services that rely on Enhanced diagnostic data, see **Services that rely on Enhanced diagnostic data**.
 
 Additionally, you will see the following policy changes in an upcoming release of Windows 10:
 

From 22accc8ca4a4ba3c025ce8f159ab90b8b9308dcc Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Wed, 2 Jun 2021 13:26:44 +0100
Subject: [PATCH 06/23] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 89ff9b9090..bd8c72813a 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -741,7 +741,7 @@ In Windows 10, you can configure this policy setting to decide what level of dia
 The following list shows the supported values for Windows 10 version 1809 and older:
 
 -   0 – (**Security**) This turns Windows diagnostic data off.  
--   **Note**: This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 IoT Core (IoT Core), HoloLens 2, and Windows Server 2016 (and later versions). Using this setting on other devices editions of Windows is equivalent to setting the value of 1.
+    **Note**: This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 IoT Core (IoT Core), HoloLens 2, and Windows Server 2016 (and later versions). Using this setting on other devices editions of Windows is equivalent to setting the value of 1.
 -   1 – (**Required**) Sends basic device info, including quality-related data, app compatibility, and other similar data to keep the device secure and up-to-date.
 -   2 – (**Enhanced**) Sends the same data as a value of 1, plus additional insights, including how Windows, Windows Server, System Center, and apps are used, how they perform, and advanced reliability data, such as limited crash dumps.
 -   3 – (**Optional**) Sends the same data as a value of 2, plus additional data necessary to identify and fix problems with devices such as enhanced error logs.

From dda6cdab04575fe870475be63abfc869fc7056bc Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Wed, 2 Jun 2021 20:10:48 +0100
Subject: [PATCH 07/23] Update
 basic-level-windows-diagnostic-events-and-fields-1903.md

---
 ...ndows-diagnostic-events-and-fields-1903.md | 124 ------------------
 1 file changed, 124 deletions(-)

diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
index 7f1681e846..23b3637f84 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
@@ -276,11 +276,6 @@ The following fields are available:
 - **DatasourceApplicationFile_20H1Setup**  The total number of objects of this type present on this device.
 - **DatasourceApplicationFile_21H1**  The total number of objects of this type present on this device.
 - **DatasourceApplicationFile_21H1Setup**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_21H2**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_21H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_CO21H2**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DatasourceApplicationFile_RS1**  The total number of objects of this type present on this device.
 - **DatasourceApplicationFile_RS2**  The total number of objects of this type present on this device.
 - **DatasourceApplicationFile_RS3**  The total number of objects of this type present on this device.
@@ -294,11 +289,6 @@ The following fields are available:
 - **DatasourceDevicePnp_20H1Setup**  The total number of objects of this type present on this device.
 - **DatasourceDevicePnp_21H1**  The total number of objects of this type present on this device.
 - **DatasourceDevicePnp_21H1Setup**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_21H2**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_21H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_CO21H2**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DatasourceDevicePnp_RS1**  The total number of objects of this type present on this device.
 - **DatasourceDevicePnp_RS2**  The total number of objects of this type present on this device.
 - **DatasourceDevicePnp_RS3**  The total number of objects of this type present on this device.
@@ -315,11 +305,6 @@ The following fields are available:
 - **DatasourceDriverPackage_20H1Setup**  The total number of objects of this type present on this device.
 - **DatasourceDriverPackage_21H1**  The total number of objects of this type present on this device.
 - **DatasourceDriverPackage_21H1Setup**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_21H2**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_21H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_CO21H2**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DatasourceDriverPackage_RS1**  The total number of objects of this type present on this device.
 - **DatasourceDriverPackage_RS2**  The total number of objects of this type present on this device.
 - **DatasourceDriverPackage_RS3**  The total number of objects of this type present on this device.
@@ -336,11 +321,6 @@ The following fields are available:
 - **DataSourceMatchingInfoBlock_20H1Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoBlock_21H1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoBlock_21H1Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_21H2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_21H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_CO21H2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoBlock_RS1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoBlock_RS2**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoBlock_RS3**  The total number of objects of this type present on this device.
@@ -354,11 +334,6 @@ The following fields are available:
 - **DataSourceMatchingInfoPassive_20H1Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPassive_21H1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPassive_21H1Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_21H2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_21H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_CO21H2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPassive_RS1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPassive_RS2**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPassive_RS3**  The total number of objects of this type present on this device.
@@ -372,11 +347,6 @@ The following fields are available:
 - **DataSourceMatchingInfoPostUpgrade_20H1Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_21H1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_21H1Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_21H2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_21H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_CO21H2**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS2**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS3**  The total number of objects of this type present on this device.
@@ -391,11 +361,6 @@ The following fields are available:
 - **DatasourceSystemBios_20H1Setup**  The total number of objects of this type present on this device.
 - **DatasourceSystemBios_21H1**  The total number of objects of this type present on this device.
 - **DatasourceSystemBios_21H1Setup**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_21H2**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_21H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_CO21H2**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DatasourceSystemBios_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DatasourceSystemBios_RS1**  The total number of objects of this type present on this device.
 - **DatasourceSystemBios_RS2**  The total number of objects of this type present on this device.
 - **DatasourceSystemBios_RS3**  The total number of objects of this type present on this device.
@@ -412,11 +377,6 @@ The following fields are available:
 - **DecisionApplicationFile_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionApplicationFile_21H1**  The total number of objects of this type present on this device.
 - **DecisionApplicationFile_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_21H2**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionApplicationFile_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DecisionApplicationFile_RS1**  The total number of objects of this type present on this device.
 - **DecisionApplicationFile_RS2**  The total number of objects of this type present on this device.
 - **DecisionApplicationFile_RS3**  The total number of objects of this type present on this device.
@@ -430,11 +390,6 @@ The following fields are available:
 - **DecisionDevicePnp_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionDevicePnp_21H1**  The total number of objects of this type present on this device.
 - **DecisionDevicePnp_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_21H2**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionDevicePnp_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DecisionDevicePnp_RS1**  The total number of objects of this type present on this device.
 - **DecisionDevicePnp_RS2**  The total number of objects of this type present on this device.
 - **DecisionDevicePnp_RS3**  The total number of objects of this type present on this device.
@@ -451,11 +406,6 @@ The following fields are available:
 - **DecisionDriverPackage_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionDriverPackage_21H1**  The total number of objects of this type present on this device.
 - **DecisionDriverPackage_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_21H2**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionDriverPackage_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DecisionDriverPackage_RS1**  The total number of objects of this type present on this device.
 - **DecisionDriverPackage_RS2**  The total number of objects of this type present on this device.
 - **DecisionDriverPackage_RS3**  The total number of objects of this type present on this device.
@@ -472,11 +422,6 @@ The following fields are available:
 - **DecisionMatchingInfoBlock_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoBlock_21H1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoBlock_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_21H2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoBlock_RS1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoBlock_RS2**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoBlock_RS3**  The total number of objects of this type present on this device.
@@ -490,11 +435,6 @@ The following fields are available:
 - **DecisionMatchingInfoPassive_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPassive_21H1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPassive_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_21H2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPassive_RS1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPassive_RS2**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPassive_RS3**  The total number of objects of this type present on this device.
@@ -508,11 +448,6 @@ The following fields are available:
 - **DecisionMatchingInfoPostUpgrade_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPostUpgrade_21H1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPostUpgrade_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_21H2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPostUpgrade_RS1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPostUpgrade_RS2**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPostUpgrade_RS3**  The total number of objects of this type present on this device.
@@ -526,11 +461,6 @@ The following fields are available:
 - **DecisionMediaCenter_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_21H1**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_21H2**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionMediaCenter_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_RS1**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_RS2**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_RS3**  The total number of objects of this type present on this device.
@@ -540,11 +470,6 @@ The following fields are available:
 - **DecisionMediaCenter_TH2**  The total number of objects of this type present on this device.
 - **DecisionSModeState_20H1**  The total number of objects of this type present on this device.
 - **DecisionSModeState_21H1**  The total number of objects of this type present on this device.
-- **DecisionSModeState_21H2**  The total number of objects of this type present on this device.
-- **DecisionSModeState_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSModeState_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionSModeState_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSModeState_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_19ASetup**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_19H1**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_19H1Setup**  The total number of objects of this type present on this device.
@@ -552,11 +477,6 @@ The following fields are available:
 - **DecisionSystemBios_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_21H1**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemBios_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_RS1**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_RS2**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_RS3**  The total number of objects of this type present on this device.
@@ -569,49 +489,20 @@ The following fields are available:
 - **DecisionSystemBios_TH2**  The total number of objects of this type present on this device.
 - **DecisionSystemDiskSize_20H1**  The total number of objects of this type present on this device.
 - **DecisionSystemDiskSize_21H1**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemMemory_20H1**  The total number of objects of this type present on this device.
 - **DecisionSystemMemory_21H1**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessor_RS2**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuCores_20H1**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuCores_21H1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuModel_20H1**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuModel_21H1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuSpeed_20H1**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuSpeed_21H1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DecisionTest_19H1**  The total number of objects of this type present on this device.
 - **DecisionTest_20H1**  The total number of objects of this type present on this device.
 - **DecisionTest_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionTest_21H1**  The total number of objects of this type present on this device.
 - **DecisionTest_21H1Setup**  The total number of objects of this type present on this device.
-- **DecisionTest_21H2**  The total number of objects of this type present on this device.
-- **DecisionTest_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionTest_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionTest_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionTest_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DecisionTest_RS1**  The total number of objects of this type present on this device.
 - **DecisionTest_RS2**  The total number of objects of this type present on this device.
 - **DecisionTest_RS3**  The total number of objects of this type present on this device.
@@ -621,18 +512,8 @@ The following fields are available:
 - **DecisionTest_TH2**  The total number of objects of this type present on this device.
 - **DecisionTpmVersion_20H1**  The total number of objects of this type present on this device.
 - **DecisionTpmVersion_21H1**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_21H2**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_CU22H2Setup**  The total number of objects of this type present on this device.
 - **DecisionUefiSecureBoot_20H1**  The total number of objects of this type present on this device.
 - **DecisionUefiSecureBoot_21H1**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_21H2**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_CO21H2**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_CO21H2Setup**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_CU22H2Setup**  The total number of objects of this type present on this device.
 - **InventoryApplicationFile**  The total number of objects of this type present on this device.
 - **InventoryDeviceContainer**  The total number of objects of this type present on this device.
 - **InventoryDevicePnp**  The total number of objects of this type present on this device.
@@ -662,11 +543,6 @@ The following fields are available:
 - **Wmdrm_20H1Setup**  The total number of objects of this type present on this device.
 - **Wmdrm_21H1**  The total number of objects of this type present on this device.
 - **Wmdrm_21H1Setup**  The total number of objects of this type present on this device.
-- **Wmdrm_21H2**  The total number of objects of this type present on this device.
-- **Wmdrm_21H2Setup**  The total number of objects of this type present on this device.
-- **Wmdrm_CO21H2**  The total number of objects of this type present on this device.
-- **Wmdrm_CO21H2Setup**  The total number of objects of this type present on this device.
-- **Wmdrm_CU22H2Setup**  The total number of objects of this type present on this device.
 - **Wmdrm_RS1**  The total number of objects of this type present on this device.
 - **Wmdrm_RS2**  The total number of objects of this type present on this device.
 - **Wmdrm_RS3**  The total number of objects of this type present on this device.

From f8d5beb59dc57b41624537e10e26ab376f68a8d3 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Wed, 2 Jun 2021 20:40:51 +0100
Subject: [PATCH 08/23] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index bd8c72813a..c23eade407 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -743,14 +743,11 @@ The following list shows the supported values for Windows 10 version 1809 and ol
 -   0 – (**Security**) This turns Windows diagnostic data off.  
     **Note**: This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 IoT Core (IoT Core), HoloLens 2, and Windows Server 2016 (and later versions). Using this setting on other devices editions of Windows is equivalent to setting the value of 1.
 -   1 – (**Required**) Sends basic device info, including quality-related data, app compatibility, and other similar data to keep the device secure and up-to-date.
--   2 – (**Enhanced**) Sends the same data as a value of 1, plus additional insights, including how Windows, Windows Server, System Center, and apps are used, how they perform, and advanced reliability data, such as limited crash dumps.
+-   2 – (**Enhanced**) Sends the same data as a value of 1, plus additional insights, including how Windows apps are used, how they perform, and advanced reliability data, such as limited crash dumps.
 -   3 – (**Optional**) Sends the same data as a value of 2, plus additional data necessary to identify and fix problems with devices such as enhanced error logs.
 
 Most restrictive value is 0.
 
-> [!NOTE]
-> If your devices are set to Enhanced when they are upgraded, the device settings will be evaluated to be at the more privacy-preserving setting of Required diagnostic data. For more information, see [Changes to Windows diagnostic data](/windows/privacy/changes-to-windows-diagnostic-data-collection).
-
 <!--<table style="margin-left: 20px">
 <colgroup>
 <col width="100%" />

From 77dabeb223dde79f049e4093e17d09f92dc51381 Mon Sep 17 00:00:00 2001
From: Charles Inglis <32555877+cinglis-msft@users.noreply.github.com>
Date: Thu, 3 Jun 2021 11:36:20 -0400
Subject: [PATCH 09/23] Add link detailing how to find Commercial ID

---
 .../deployment/update/update-compliance-configuration-mem.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md
index aefc6bdaaf..f43304ac75 100644
--- a/windows/deployment/update/update-compliance-configuration-mem.md
+++ b/windows/deployment/update/update-compliance-configuration-mem.md
@@ -36,7 +36,7 @@ Take the following steps to create a configuration profile that will set require
 4. For **Template name**, select **Custom**, and then press **Create**.
 5. You are now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**.
 6. On the **Configuration settings** page, you will be adding multiple OMA-URI Settings that correspond to the policies described in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md).
-    1. Add a setting for **Commercial ID**, with the following values:
+    1. Add a setting for **Commercial ID** (to get find your Commercial ID see [Get your CommmercialID](update-compliance-get-started.md#get-your-commercialid)) with the following values:
         - **Name**: Commercial ID
         - **Description**: Sets the Commercial ID that corresponds to the Update Compliance Log Analytics workspace.
         - **OMA-URI**: `./Vendor/MSFT/DMClient/Provider/MS DM Server/CommercialID`

From 006e1bafc5512fa50f7699003f08a0f650c0f7a5 Mon Sep 17 00:00:00 2001
From: Jaime Ondrusek <jaimeo@microsoft.com>
Date: Thu, 3 Jun 2021 08:49:17 -0700
Subject: [PATCH 10/23] Update update-compliance-configuration-mem.md

Reorganized first steps.
---
 .../deployment/update/update-compliance-configuration-mem.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md
index f43304ac75..c4ce3579f9 100644
--- a/windows/deployment/update/update-compliance-configuration-mem.md
+++ b/windows/deployment/update/update-compliance-configuration-mem.md
@@ -1,5 +1,5 @@
 ---
-title: Configuring for Update Compliance in Microsoft Endpoint Manager
+title: Configuring Microsoft Endpoint Manager devices for Update Compliance
 ms.reviewer: 
 manager: laurawi
 description: Configuring devices that are enrolled in Endpoint Manager for Update Compliance
@@ -36,7 +36,8 @@ Take the following steps to create a configuration profile that will set require
 4. For **Template name**, select **Custom**, and then press **Create**.
 5. You are now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**.
 6. On the **Configuration settings** page, you will be adding multiple OMA-URI Settings that correspond to the policies described in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md).
-    1. Add a setting for **Commercial ID** (to get find your Commercial ID see [Get your CommmercialID](update-compliance-get-started.md#get-your-commercialid)) with the following values:
+    1. If you don't already have it, get your Commercial ID. For steps, see [Get your CommmercialID](update-compliance-get-started.md#get-your-commercialid).
+    2. Add a setting for **Commercial ID** ) with the following values:
         - **Name**: Commercial ID
         - **Description**: Sets the Commercial ID that corresponds to the Update Compliance Log Analytics workspace.
         - **OMA-URI**: `./Vendor/MSFT/DMClient/Provider/MS DM Server/CommercialID`

From 4cc511c578586714115269e3fb2eac4675c0a450 Mon Sep 17 00:00:00 2001
From: Baard Hermansen <cavebaard@gmail.com>
Date: Fri, 4 Jun 2021 02:03:37 +0200
Subject: [PATCH 11/23] Update feature-update-maintenance-window.md

Added PowerShell as language identifier to the code section.
Put the Disclaimer section in the PowerShell code as comment.
Removed surplus spaces on several line endings.
---
 .../feature-update-maintenance-window.md      | 219 +++++++++---------
 1 file changed, 111 insertions(+), 108 deletions(-)

diff --git a/windows/deployment/update/feature-update-maintenance-window.md b/windows/deployment/update/feature-update-maintenance-window.md
index e3accdee77..723ec7bcfb 100644
--- a/windows/deployment/update/feature-update-maintenance-window.md
+++ b/windows/deployment/update/feature-update-maintenance-window.md
@@ -62,7 +62,7 @@ Priority=Normal
 
 You can use the new [Run Scripts](/sccm/apps/deploy-use/create-deploy-scripts) feature to run a PowerShell script like the sample below to create the SetupConfig.ini on target devices. 
 
-```
+```powershell
 #Parameters
 Param(
   [string] $PriorityValue = "Normal"
@@ -91,6 +91,7 @@ foreach ($k in $iniSetupConfigKeyValuePair.Keys)
 #Write content to file 
 New-Item $iniFilePath -ItemType File -Value $iniSetupConfigContent -Force
 
+<#
 Disclaimer 
 Sample scripts are not supported under any Microsoft standard support program or service. The sample scripts is 
 provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without 
@@ -100,162 +101,164 @@ Microsoft, its authors, or anyone else involved in the creation, production, or
 for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, 
 loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample script 
 or documentation, even if Microsoft has been advised of the possibility of such damages.
+#>
 ```
 
->[!NOTE]
->If you elect not to override the default setup priority, you will need to increase the [maximum run time](/sccm/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for Feature Update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value. 
+> [!NOTE]
+> If you elect not to override the default setup priority, you will need to increase the [maximum run time](/sccm/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for Feature Update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value.
 
 ## Manually deploy feature updates
 
 The following sections provide the steps to manually deploy a feature update.
 
 ### Step 1: Specify search criteria for feature updates
-There are potentially a thousand or more feature updates displayed in the Configuration Manager console. The first step in the workflow for manually deploying feature updates is to identify the feature updates that you want to deploy. 
+There are potentially a thousand or more feature updates displayed in the Configuration Manager console. The first step in the workflow for manually deploying feature updates is to identify the feature updates that you want to deploy.
 
-1. In the Configuration Manager console, click **Software Library**. 
-2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. The synchronized feature updates are displayed. 
+1. In the Configuration Manager console, click **Software Library**.
+2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. The synchronized feature updates are displayed.
 3. In the search pane, filter to identify the feature updates that you need by using one or both of the following steps:
-   - In the search text box, type a search string that will filter the feature updates. For example, type the version number for a specific feature update, or enter a string that would appear in the title of the feature update. 
+   - In the search text box, type a search string that will filter the feature updates. For example, type the version number for a specific feature update, or enter a string that would appear in the title of the feature update.
    - Click **Add Criteria**, select the criteria that you want to use to filter software updates, click **Add**, and then provide the values for the criteria. For example, Title contains 1803, Required is greater than or equal to 1, and Language equals English.
 
-4. Save the search for future use. 
+4. Save the search for future use.
 
 ### Step 2: Download the content for the feature update(s)
-Before you deploy the feature updates, you can download the content as a separate step. Do this so you can verify that the content is available on the distribution points before you deploy the feature updates. This will help you to avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment. 
+Before you deploy the feature updates, you can download the content as a separate step. Do this so you can verify that the content is available on the distribution points before you deploy the feature updates. This will help you to avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment.
 
-1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**. 
+1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**.
 2. Choose the feature update(s) to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select Download.
 
-   The **Download Software Updates Wizard** opens. 
-3. On the **Deployment Package** page, configure the following settings: 
-   **Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings: 
-     - **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It is limited to 50 characters. 
-     - **Description**: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters. 
-     - **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\server\sharename\path, or click **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page. 
+   The **Download Software Updates Wizard** opens.
+3. On the **Deployment Package** page, configure the following settings:
+   **Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings:
+     - **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It is limited to 50 characters.
+     - **Description**: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters.
+     - **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\\server\sharename\path, or click **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page.
 
-   >[!NOTE]
-   >The deployment package source location that you specify cannot be used by another software deployment package. 
+   > [!NOTE]
+   > The deployment package source location that you specify cannot be used by another software deployment package.
 
-   >[!IMPORTANT]
-   >The SMS Provider computer account and the user that is running the wizard to download the feature updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location to reduce the risk of attackers tampering with the feature update source files. 
+   > [!IMPORTANT]
+   > The SMS Provider computer account and the user that is running the wizard to download the feature updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location to reduce the risk of attackers tampering with the feature update source files.
 
-   >[!IMPORTANT]
-   >You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location. 
+   > [!IMPORTANT]
+   > You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location.
 
-   Click **Next**. 
-4. On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then click **Next**. For more information about distribution points, see [Distribution point configurations](/sccm/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs). 
+   Click **Next**.
+4. On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then click **Next**. For more information about distribution points, see [Distribution point configurations](/sccm/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs).
 
-   >[!NOTE]
-   >The Distribution Points page is available only when you create a new software update deployment package. 
-5. On the **Distribution Settings** page, specify the following settings: 
+   > [!NOTE]
+   > The Distribution Points page is available only when you create a new software update deployment package.
+5. On the **Distribution Settings** page, specify the following settings:
 
-   - **Distribution priority**: Use this setting to specify the distribution priority for the deployment package. The distribution priority applies when the deployment package is sent to distribution points at child sites. Deployment packages are sent in priority order: High, Medium, or Low. Packages with identical priorities are sent in the order in which they were created. If there is no backlog, the package will process immediately regardless of its priority. By default, packages are sent using Medium priority. 
-   - **Enable for on-demand distribution**: Use this setting to enable on-demand content distribution to preferred distribution points. When this setting is enabled, the management point creates a trigger for the distribution manager to distribute the content to all preferred distribution points when a client requests the content for the package and the content is not available on any preferred distribution points. For more information about preferred distribution points and on-demand content, see [Content source location scenarios](/sccm/core/plan-design/hierarchy/content-source-location-scenarios). 
-   - **Prestaged distribution point settings**: Use this setting to specify how you want to distribute content to prestaged distribution points. Choose one of the following options: 
-     - **Automatically download content when packages are assigned to distribution points**: Use this setting to ignore the prestage settings and distribute content to the distribution point. 
+   - **Distribution priority**: Use this setting to specify the distribution priority for the deployment package. The distribution priority applies when the deployment package is sent to distribution points at child sites. Deployment packages are sent in priority order: High, Medium, or Low. Packages with identical priorities are sent in the order in which they were created. If there is no backlog, the package will process immediately regardless of its priority. By default, packages are sent using Medium priority.
+   - **Enable for on-demand distribution**: Use this setting to enable on-demand content distribution to preferred distribution points. When this setting is enabled, the management point creates a trigger for the distribution manager to distribute the content to all preferred distribution points when a client requests the content for the package and the content is not available on any preferred distribution points. For more information about preferred distribution points and on-demand content, see [Content source location scenarios](/sccm/core/plan-design/hierarchy/content-source-location-scenarios).
+   - **Prestaged distribution point settings**: Use this setting to specify how you want to distribute content to prestaged distribution points. Choose one of the following options:
+     - **Automatically download content when packages are assigned to distribution points**: Use this setting to ignore the prestage settings and distribute content to the distribution point.
      - **Download only content changes to the distribution point**: Use this setting to prestage the initial content to the distribution point, and then distribute content changes to the distribution point.
-     - **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This is the default setting. 
-      
-     For more information about prestaging content to distribution points, see [Use Prestaged content](/sccm/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage). 
-   Click **Next**. 
-6. On the **Download Location** page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options: 
+     - **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This is the default setting.
+
+     For more information about prestaging content to distribution points, see [Use Prestaged content](/sccm/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage).
+   Click **Next**.
+6. On the **Download Location** page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options:
 
    - **Download software updates from the Internet**: Select this setting to download the software updates from the location on the Internet. This is the default setting.
-   - **Download software updates from a location on the local network**: Select this setting to download software updates from a local folder or shared network folder. Use this setting when the computer running the wizard does not have Internet access. 
-   
-     >[!NOTE]
-     >When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard.
+   - **Download software updates from a location on the local network**: Select this setting to download software updates from a local folder or shared network folder. Use this setting when the computer running the wizard does not have Internet access.
 
-   Click **Next**. 
-7. On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then click **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page. 
-8. On the **Summary** page, verify the settings that you selected in the wizard, and then click Next to download the software updates. 
-9. On the **Completion** page, verify that the software updates were successfully downloaded, and then click Close. 
+     > [!NOTE]
+     > When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard.
+
+   Click **Next**.
+7. On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then click **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page.
+8. On the **Summary** page, verify the settings that you selected in the wizard, and then click Next to download the software updates.
+9. On the **Completion** page, verify that the software updates were successfully downloaded, and then click Close.
 
 #### To monitor content status
-1. To monitor the content status for the feature updates, click **Monitoring** in the Configuration Manager console. 
-2. In the Monitoring workspace, expand **Distribution Status**, and then click **Content Status**. 
-3. Select the feature update package that you previously identified to download the feature updates. 
+1. To monitor the content status for the feature updates, click **Monitoring** in the Configuration Manager console.
+2. In the Monitoring workspace, expand **Distribution Status**, and then click **Content Status**.
+3. Select the feature update package that you previously identified to download the feature updates.
 4. On the **Home** tab, in the Content group, click **View Status**.
 
-### Step 3: Deploy the feature update(s) 
-After you determine which feature updates you intend to deploy, you can manually deploy the feature update(s). Use the following procedure to manually deploy the feature update(s). 
+### Step 3: Deploy the feature update(s)
+After you determine which feature updates you intend to deploy, you can manually deploy the feature update(s). Use the following procedure to manually deploy the feature update(s).
 
-1. In the Configuration Manager console, click **Software Library**. 
-2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. 
+1. In the Configuration Manager console, click **Software Library**.
+2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**.
 3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**.
 
-   The **Deploy Software Updates Wizard** opens. 
-4. On the General page, configure the following settings: 
-   - **Name**: Specify the name for the deployment. The deployment must have a unique name that describes the purpose of the deployment and differentiates it from other deployments in the Configuration Manager site. By default, Configuration Manager automatically provides a name for the deployment in the following format: **Microsoft Software Updates - \<date\>\<time\>** 
-   - **Description**: Specify a description for the deployment. The description provides an overview of the deployment and any other relevant information that helps to identify and differentiate the deployment among others in Configuration Manager site. The description field is optional, has a limit of 256 characters, and has a blank value by default. 
-   - **Software Update/Software Update Group**: Verify that the displayed software update group, or software update, is correct. 
-   - **Select Deployment Template**: Specify whether to apply a previously saved deployment template. You can configure a deployment template to contain multiple common software update deployment properties and then apply the template when you deploy subsequent software updates to ensure consistency across similar deployments and to save time. 
-   - **Collection**: Specify the collection for the deployment, as applicable. Members of the collection receive the feature updates that are defined in the deployment. 
-5. On the Deployment Settings page, configure the following settings: 
+   The **Deploy Software Updates Wizard** opens.
+4. On the General page, configure the following settings:
+   - **Name**: Specify the name for the deployment. The deployment must have a unique name that describes the purpose of the deployment and differentiates it from other deployments in the Configuration Manager site. By default, Configuration Manager automatically provides a name for the deployment in the following format: **Microsoft Software Updates - \<date\>\<time\>**
+   - **Description**: Specify a description for the deployment. The description provides an overview of the deployment and any other relevant information that helps to identify and differentiate the deployment among others in Configuration Manager site. The description field is optional, has a limit of 256 characters, and has a blank value by default.
+   - **Software Update/Software Update Group**: Verify that the displayed software update group, or software update, is correct.
+   - **Select Deployment Template**: Specify whether to apply a previously saved deployment template. You can configure a deployment template to contain multiple common software update deployment properties and then apply the template when you deploy subsequent software updates to ensure consistency across similar deployments and to save time.
+   - **Collection**: Specify the collection for the deployment, as applicable. Members of the collection receive the feature updates that are defined in the deployment.
+5. On the Deployment Settings page, configure the following settings:
 
-   - **Type of deployment**: Specify the deployment type for the software update deployment. Select **Required** to create a mandatory software update deployment in which the feature updates are automatically installed on clients before a configured installation deadline. 
-   
-     >[!IMPORTANT]
-     > After you create the software update deployment, you cannot later change the type of deployment. 
-   
-     >[!NOTE]
-     >A software update group deployed as Required will be downloaded in background and honor BITS settings, if configured.
+   - **Type of deployment**: Specify the deployment type for the software update deployment. Select **Required** to create a mandatory software update deployment in which the feature updates are automatically installed on clients before a configured installation deadline.
 
-   - **Use Wake-on-LAN to wake up clients for required deployments**: Specify whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that do not require any software updates in the deployment are not started. By default, this setting is not enabled and is available only when Type of deployment is set to Required. 
+     > [!IMPORTANT]
+     > After you create the software update deployment, you cannot later change the type of deployment.
 
-     >[!WARNING]
-     >Before you can use this option, computers and networks must be configured for Wake On LAN. 
+     > [!NOTE]
+     > A software update group deployed as Required will be downloaded in background and honor BITS settings, if configured.
 
-   - **Detail level**: Specify the level of detail for the state messages that are reported by client computers. 
+   - **Use Wake-on-LAN to wake up clients for required deployments**: Specify whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that do not require any software updates in the deployment are not started. By default, this setting is not enabled and is available only when Type of deployment is set to Required.
+
+     > [!WARNING]
+     > Before you can use this option, computers and networks must be configured for Wake On LAN.
+
+   - **Detail level**: Specify the level of detail for the state messages that are reported by client computers.
 6. On the Scheduling page, configure the following settings:
 
-   - **Schedule evaluation**: Specify whether the available time and installation deadline times are evaluated according to UTC or the local time of the computer running the Configuration Manager console. 
-   
-     >[!NOTE]
-     >When you select local time, and then select **As soon as possible** for the **Software available time** or **Installation deadline**, the current time on the computer running the Configuration Manager console is used to evaluate when updates are available or when they are installed on a client. If the client is in a different time zone, these actions will occur when the client's time reaches the evaluation time. 
+   - **Schedule evaluation**: Specify whether the available time and installation deadline times are evaluated according to UTC or the local time of the computer running the Configuration Manager console.
 
-   - **Software available time**: Select **As soon as possible** to specify when the software updates will be available to clients: 
-     - **As soon as possible**: Select this setting to make the software updates in the deployment available to clients as soon as possible. When the deployment is created, the client policy is updated, the clients are made aware of the deployment at their next client policy polling cycle, and then the software updates are available for installation. 
-   - **Installation deadline**: Select **Specific time** to specify the installation deadline for the software updates in the deployment. 
-   
-     >[!NOTE]
-     >You can configure the installation deadline setting only when **Type of deployment** is set to **Required** on the Deployment Settings page. 
+     > [!NOTE]
+     > When you select local time, and then select **As soon as possible** for the **Software available time** or **Installation deadline**, the current time on the computer running the Configuration Manager console is used to evaluate when updates are available or when they are installed on a client. If the client is in a different time zone, these actions will occur when the client's time reaches the evaluation time.
 
-   - **Specific time**: Select this setting to automatically install the software updates in the deployment at a specific date and time. Set the date and time value to correspond with your defined maintenance window for the target collection. Allow sufficient time for clients to download the content in advance of the deadline. Adjust accordingly if clients in your environment will need additional download time. E.g., slow or unreliable network links. 
+   - **Software available time**: Select **As soon as possible** to specify when the software updates will be available to clients:
+     - **As soon as possible**: Select this setting to make the software updates in the deployment available to clients as soon as possible. When the deployment is created, the client policy is updated, the clients are made aware of the deployment at their next client policy polling cycle, and then the software updates are available for installation.
+   - **Installation deadline**: Select **Specific time** to specify the installation deadline for the software updates in the deployment.
 
-   >[!NOTE]
-   >The actual installation deadline time is the specific time that you configure plus a random amount of time up to 2 hours. This reduces the potential impact of all client computers in the destination collection installing the software updates in the deployment at the same time. Configure the Computer Agent client setting, Disable deadline randomization to disable the installation randomization delay for the required software updates to allow a greater chance for the installation to start and complete within your defined maintenance window. For more information, see [Computer Agent](/sccm/core/clients/deploy/about-client-settings#computer-agent). 
-7. On the User Experience page, configure the following settings: 
-   - **User notifications**: Specify whether to display notification of the software updates in Software Center on the client computer at the configured **Software available time** and whether to display user notifications on the client computers. When **Type of deployment** is set to **Available** on the Deployment Settings page, you cannot select **Hide in Software Center and all notifications**. 
-   - **Deadline behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify the behavior that is to occur when the deadline is reached for the software update deployment. Specify whether to install the software updates in the deployment. Also specify whether to perform a system restart after software update installation regardless of a configured maintenance window. For more information about maintenance windows, see [How to use maintenance windows](/sccm/core/clients/manage/collections/use-maintenance-windows). 
-   - **Device restart behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify whether to suppress a system restart on servers and workstations after software updates are installed and a system restart is required to complete the installation. 
+     > [!NOTE]
+     > You can configure the installation deadline setting only when **Type of deployment** is set to **Required** on the Deployment Settings page.
 
-     >[!IMPORTANT]
-     >Suppressing system restarts can be useful in server environments or for cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation.
-   - **Write filter handling for Windows Embedded devices**: When you deploy software updates to Windows Embedded devices that are write filter enabled, you can specify to install the software update on the temporary overlay and either commit changes later or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device. 
+   - **Specific time**: Select this setting to automatically install the software updates in the deployment at a specific date and time. Set the date and time value to correspond with your defined maintenance window for the target collection. Allow sufficient time for clients to download the content in advance of the deadline. Adjust accordingly if clients in your environment will need additional download time. E.g., slow or unreliable network links.
 
-     >[!NOTE]
-     >When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window. 
-   - **Software updates deployment re-evaluation behavior upon restart**: Starting in Configuration Manager version 1606, select this setting to configure software updates deployments to have clients run a software updates compliance scan immediately after a client installs software updates and restarts. This enables the client to check for additional software updates that become applicable after the client restarts, and to then install them (and become compliant) during the same maintenance window. 
-8. On the Alerts page, configure how Configuration Manager and System Center Operations Manager will generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page. 
+   > [!NOTE]
+   > The actual installation deadline time is the specific time that you configure plus a random amount of time up to 2 hours. This reduces the potential impact of all client computers in the destination collection installing the software updates in the deployment at the same time. Configure the Computer Agent client setting, Disable deadline randomization to disable the installation randomization delay for the required software updates to allow a greater chance for the installation to start and complete within your defined maintenance window. For more information, see [Computer Agent](/sccm/core/clients/deploy/about-client-settings#computer-agent).
+7. On the User Experience page, configure the following settings:
+   - **User notifications**: Specify whether to display notification of the software updates in Software Center on the client computer at the configured **Software available time** and whether to display user notifications on the client computers. When **Type of deployment** is set to **Available** on the Deployment Settings page, you cannot select **Hide in Software Center and all notifications**.
+   - **Deadline behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify the behavior that is to occur when the deadline is reached for the software update deployment. Specify whether to install the software updates in the deployment. Also specify whether to perform a system restart after software update installation regardless of a configured maintenance window. For more information about maintenance windows, see [How to use maintenance windows](/sccm/core/clients/manage/collections/use-maintenance-windows).
+   - **Device restart behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify whether to suppress a system restart on servers and workstations after software updates are installed and a system restart is required to complete the installation.
 
-   >[!NOTE]
-   >You can review recent software updates alerts from the Software Updates node in the Software Library workspace. 
-9. On the Download Settings page, configure the following settings: 
-   - Specify whether the client will download and install the software updates when a client is connected to a slow network or is using a fallback content location. 
-   - Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates is not available on a preferred distribution point. 
-   - **Allow clients to share content with other clients on the same subnet**: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see [Fundamental concepts for content management](/sccm/core/plan-design/hierarchy/fundamental-concepts-for-content-management#branchcache). 
+     > [!IMPORTANT]
+     > Suppressing system restarts can be useful in server environments or for cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation.
+   - **Write filter handling for Windows Embedded devices**: When you deploy software updates to Windows Embedded devices that are write filter enabled, you can specify to install the software update on the temporary overlay and either commit changes later or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device.
+
+     > [!NOTE]
+     > When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window.
+   - **Software updates deployment re-evaluation behavior upon restart**: Starting in Configuration Manager version 1606, select this setting to configure software updates deployments to have clients run a software updates compliance scan immediately after a client installs software updates and restarts. This enables the client to check for additional software updates that become applicable after the client restarts, and to then install them (and become compliant) during the same maintenance window.
+8. On the Alerts page, configure how Configuration Manager and System Center Operations Manager will generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page.
+
+   > [!NOTE]
+   > You can review recent software updates alerts from the Software Updates node in the Software Library workspace.
+9. On the Download Settings page, configure the following settings:
+   - Specify whether the client will download and install the software updates when a client is connected to a slow network or is using a fallback content location.
+   - Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates is not available on a preferred distribution point.
+   - **Allow clients to share content with other clients on the same subnet**: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see [Fundamental concepts for content management](/sccm/core/plan-design/hierarchy/fundamental-concepts-for-content-management#branchcache).
    - **If software updates are not available on distribution point in current, neighbor or site groups, download content from Microsoft Updates**: Select this setting to have clients that are connected to the intranet download software updates from Microsoft Update if software updates are not available on distribution points. Internet-based clients can always go to Microsoft Update for software updates content.
-   - Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection. 
+   - Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection.
 
-     >[!NOTE]
-     >Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](/sccm/core/plan-design/hierarchy/content-source-location-scenarios). 
-10. On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting. 
-11. Click **Next** to deploy the feature update(s). 
+     > [!NOTE]
+     > Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](/sccm/core/plan-design/hierarchy/content-source-location-scenarios).
+10. On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting.
+11. Click **Next** to deploy the feature update(s).
 
 ### Step 4: Monitor the deployment status
+
 After you deploy the feature update(s), you can monitor the deployment status. Use the following procedure to monitor the deployment status:
 
-1. In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**. 
-2. Click the software update group or software update for which you want to monitor the deployment status. 
-3. On the **Home** tab, in the **Deployment** group, click **View Status**.
\ No newline at end of file
+1. In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**.
+2. Click the software update group or software update for which you want to monitor the deployment status.
+3. On the **Home** tab, in the **Deployment** group, click **View Status**.

From 917dc84ed59df98ec7f9ef2d9c42832197f2a73f Mon Sep 17 00:00:00 2001
From: Jaime Ondrusek <jaimeo@microsoft.com>
Date: Fri, 4 Jun 2021 10:05:39 -0700
Subject: [PATCH 12/23] Update feature-update-maintenance-window.md

---
 windows/deployment/update/feature-update-maintenance-window.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/feature-update-maintenance-window.md b/windows/deployment/update/feature-update-maintenance-window.md
index 723ec7bcfb..ceba1ac57a 100644
--- a/windows/deployment/update/feature-update-maintenance-window.md
+++ b/windows/deployment/update/feature-update-maintenance-window.md
@@ -122,7 +122,7 @@ There are potentially a thousand or more feature updates displayed in the Config
 
 4. Save the search for future use.
 
-### Step 2: Download the content for the feature update(s)
+### Step 2: Download the content for the feature updates
 Before you deploy the feature updates, you can download the content as a separate step. Do this so you can verify that the content is available on the distribution points before you deploy the feature updates. This will help you to avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment.
 
 1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**.

From d89e881eaa3057980b38d44501fe5675a63c7154 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Sat, 5 Jun 2021 00:39:14 +0530
Subject: [PATCH 13/23] removed link added new link

as per user report #9653 , so i removed error link and added new link.
Also i made some words are bold.
Removed spaces.
---
 .../update/feature-update-maintenance-window.md        | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/windows/deployment/update/feature-update-maintenance-window.md b/windows/deployment/update/feature-update-maintenance-window.md
index ceba1ac57a..3214cc878a 100644
--- a/windows/deployment/update/feature-update-maintenance-window.md
+++ b/windows/deployment/update/feature-update-maintenance-window.md
@@ -53,7 +53,7 @@ Use **Peer Cache** to help manage deployment of content to clients in remote loc
 
 If you're deploying **Feature update to Windows 10, version 1709** or later, by default, portions of setup are configured to run at a lower priority. This can result in a longer total install time for the feature update. When deploying within a maintenance window, we recommend that you override this default behavior to benefit from faster total install times. To override the default priority, create a file called SetupConfig.ini on each machine to be upgraded in the below location containing the single section noted. 
 
-%systemdrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini
+**%systemdrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini**
 
 ```
 [SetupConfig]
@@ -126,8 +126,7 @@ There are potentially a thousand or more feature updates displayed in the Config
 Before you deploy the feature updates, you can download the content as a separate step. Do this so you can verify that the content is available on the distribution points before you deploy the feature updates. This will help you to avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment.
 
 1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**.
-2. Choose the feature update(s) to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select Download.
-
+2. Choose the **feature update(s)** to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Download**,
    The **Download Software Updates Wizard** opens.
 3. On the **Deployment Package** page, configure the following settings:
    **Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings:
@@ -184,8 +183,7 @@ After you determine which feature updates you intend to deploy, you can manually
 
 1. In the Configuration Manager console, click **Software Library**.
 2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**.
-3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**.
-
+3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**,
    The **Deploy Software Updates Wizard** opens.
 4. On the General page, configure the following settings:
    - **Name**: Specify the name for the deployment. The deployment must have a unique name that describes the purpose of the deployment and differentiates it from other deployments in the Configuration Manager site. By default, Configuration Manager automatically provides a name for the deployment in the following format: **Microsoft Software Updates - \<date\>\<time\>**
@@ -251,7 +249,7 @@ After you determine which feature updates you intend to deploy, you can manually
    - Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection.
 
      > [!NOTE]
-     > Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](/sccm/core/plan-design/hierarchy/content-source-location-scenarios).
+     > Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content Source Priority](https://docs.microsoft.com/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#content-source-priority).
 10. On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting.
 11. Click **Next** to deploy the feature update(s).
 

From 4389d0ed64514c7b09a43947bda1d1c2bb11f9c2 Mon Sep 17 00:00:00 2001
From: Joe Davies <josephd@microsoft.com>
Date: Fri, 4 Jun 2021 12:44:56 -0700
Subject: [PATCH 14/23] Update ransomware-malware.md

---
 .../intelligence/ransomware-malware.md        | 79 ++++++++++++++++---
 1 file changed, 67 insertions(+), 12 deletions(-)

diff --git a/windows/security/threat-protection/intelligence/ransomware-malware.md b/windows/security/threat-protection/intelligence/ransomware-malware.md
index 4f7f59f8ff..00bd93579d 100644
--- a/windows/security/threat-protection/intelligence/ransomware-malware.md
+++ b/windows/security/threat-protection/intelligence/ransomware-malware.md
@@ -26,9 +26,9 @@ The trend towards increasingly sophisticated malware behavior, highlighted by th
 
 Most ransomware infections start with:
 
-* Email messages with attachments that try to install ransomware.
+- Email messages with attachments that try to install ransomware.
 
-* Websites hosting [exploit kits](exploits-malware.md) that attempt to use vulnerabilities in web browsers and other software to install ransomware.
+- Websites hosting [exploit kits](exploits-malware.md) that attempt to use vulnerabilities in web browsers and other software to install ransomware.
 
 Once ransomware infects a device, it starts encrypting files, folders, entire hard drive partitions using encryption algorithms like RSA or RC4.
 
@@ -38,11 +38,11 @@ Ransomware is one of the most lucrative revenue channels for cybercriminals, so
 
 Sophisticated ransomware like **Spora**, **WannaCrypt** (also known as WannaCry), and **Petya** (also known as NotPetya) spread to other computers via network shares or exploits.
 
-* Spora drops ransomware copies in network shares.
+- Spora drops ransomware copies in network shares.
 
-* WannaCrypt exploits the Server Message Block (SMB) vulnerability CVE-2017-0144 (also called EternalBlue) to infect other computers. 
+- WannaCrypt exploits the Server Message Block (SMB) vulnerability CVE-2017-0144 (also called EternalBlue) to infect other computers. 
 
-* A Petya variant exploits the same vulnerability, in addition to CVE-2017-0145 (also known as EternalRomance), and uses stolen credentials to move laterally across networks.
+- A Petya variant exploits the same vulnerability, in addition to CVE-2017-0145 (also known as EternalRomance), and uses stolen credentials to move laterally across networks.
 
 Older ransomware like **Reveton** (nicknamed "Police Trojan" or "Police ransomware") locks screens instead of encrypting files. They display a full screen image and then disable Task Manager. The files are safe, but they're effectively inaccessible. The image usually contains a message claiming to be from law enforcement that says the computer has been used in illegal cybercriminal activities and a fine needs to be paid.
 
@@ -52,16 +52,71 @@ Ransomware like **Cerber** and **Locky** search for and encrypt specific file ty
 
 ## How to protect against ransomware
 
- Organizations can be targeted specifically by attackers, or they can be caught in the wide net cast by cybercriminal operations. Large organizations are high value targets and attackers can demand bigger ransoms.
+Organizations can be targeted specifically by attackers, or they can be caught in the wide net cast by cybercriminal operations. Large organizations are high value targets because attackers can demand bigger ransoms.
 
-We recommend:
+To provide the best protection against ransomware attacks, Microsoft recommends that you:
 
-* Back up important files regularly. Use the 3-2-1 rule. Keep three backups of your data, on two different storage types, and at least one backup offsite.  
+1. Use an effective email filtering solution
 
-* Apply the latest updates to your operating systems and apps.
+   According to the [Microsoft Security Intelligence Report Volume 24 of 2018](https://clouddamcdnprodep.azureedge.net/gdc/gdc09FrGq/original), spam and phishing emails are still the most common delivery method for ransomware infections. To effectively stop ransomware at its entry point, you must adopt an email security service that ensures all email content and headers entering and leaving the organization are scanned for spam, viruses, and other advanced malware threats. 
 
-* Educate your employees so they can identify social engineering and spear-phishing attacks.
+   By adopting an enterprise-grade email protection solution, most cybersecurity threats against an organization will be blocked at ingress and egress.
 
-* [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). It can stop ransomware from encrypting files and holding the files for ransom.
+   **HOW:** Use [Exchange Online Protection (EOP)](/microsoft-365/security/office-365-security/exchange-online-protection-overview), the Microsoft 365 and Office 365 cloud-based filtering service that protects your organization' Exchange Online mailboxes against spam, malware, and other email threats. 
 
-For more general tips, see [prevent malware infection](prevent-malware-infection.md).
\ No newline at end of file
+2. Deploy regular hardware and software systems patching and effective vulnerability management
+
+   A vital defense against cybersecurity attacks is the application of security updates and patches as soon as the software vendors release them. 
+
+   A prominent example of this failure was the WannaCry ransomware events in 2017, one of the largest global cybersecurity attacks in the history of the internet, which used a leaked vulnerability in Windows networking Server Message Block (SMB) protocol, for which Microsoft had released a patch nearly two months before the first publicized incident. 
+
+   Regular patching and an effective vulnerability management program are important measures to defend against ransomware and other forms of malware.
+
+   **HOW:** Use [update channels](/microsoft-365/enterprise/deploy-update-channels-examples) for recommendations on updates for Windows 10 and Microsoft 365 Apps for Enterprise (Windows 10).
+
+3. Use up-to-date antivirus and an endpoint detection and response (EDR) solutions
+
+   While owning an antivirus solution alone does not ensure absolute protection against viruses and other advanced computer threats, it’s very important to ensure that your antivirus solutions are kept up-to-date with your software vendors. 
+
+   Attackers invest heavily in the creation of new viruses and exploits, while vendors are left playing catch-up by releasing daily updates to their antivirus database engines. 
+
+   EDR solutions collect and store large volumes of data from endpoints and provide real-time host-based, file-level monitoring and visibility to systems. The data sets and alerts generated by an EDR solution can help stop advanced threats and are often leveraged for responding to security incidents.
+
+4. Separate administrative and privileged credentials from standard credentials
+
+   Separate your system administrative accounts from your standard user accounts to ensure those administrative accounts are not useable across multiple systems. Separating these privileged accounts not only enforces proper access control but also ensures that a compromise of a single standard user account doesn’t lead to the compromise of your entire IT infrastructure. 
+
+   **HOW:** To effectively reduce your credential attack surface, use Microsoft support for [Azure Multi-Factor Authentication (MFA)](/azure/active-directory/authentication/concept-mfa-howitworks) to require stronger authentication for privileged accounts, [Azure Privileged Identity Management (PIM)](/azure/active-directory/privileged-identity-management/) for just-in-time use of privileged accounts, and [Privileged Access Management (PAM)](/microsoft-365/compliance/privileged-access-management-solution-overview) for just-in-time access to Microsoft 365 tasks that need elevated permissions.
+
+5. Implement effective application allow lists
+
+   It’s very important as part of a ransomware prevention strategy to restrict the applications that can run within an IT infrastructure. Application allow lists ensure only applications that have been tested and approved by an organization can run on the systems within the infrastructure. While this can be tedious and presents several IT administrative challenges, this strategy has been proven effective.
+
+   **HOW:** For Microsoft 365 apps, use [Azure AD Conditional Access](azure/active-directory/conditional-access/app-based-conditional-access) to require approved apps.
+
+6. Regularly back up critical systems and files
+
+   The ability to recover to a known good state is the most critical strategy of any information security incident plan, especially ransomware. Therefore, to ensure the success of this process, an organization must validate that all its critical systems, applications, and files are regularly backed up and that those backups are regularly tested to ensure they are recoverable. Ransomware is known to encrypt or destroy any file it comes across, and it can often make them unrecoverable; consequently, it’s of utmost importance that all impacted files can be easily recovered from a good backup stored at a secondary location not impacted by the ransomware attack.
+<!--
+
+- Back up important files regularly. Use the 3-2-1 rule. Keep three backups of your data, on two different storage types, and at least one backup offsite.  
+
+- Apply the latest updates to your operating systems and apps.
+
+- Educate your employees so they can identify social engineering and spear-phishing attacks.
+
+- [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). It can stop ransomware from encrypting files and holding the files for ransom.
+
+--> 
+
+For more general tips, see [prevent malware infection](prevent-malware-infection.md).
+
+## Human-operated ransomware
+
+Unlike auto-spreading ransomware like WannaCry or NotPetya, human-operated ransomware is the result of active and ongoing attacks that target an organization rather than a single device. Cybercriminals use their knowledge of common system and security misconfigurations and vulnerabilities to infiltrate the organization, navigate the enterprise network, adapt to the environment, and exploit its weaknesses as they go.
+
+Hallmarks of these human-operated ransomware attacks typically include credential theft and lateral movement and can result in deployment of ransomware payloads to high business impact resources that attackers choose. Once deployed, the attackers contact the organization with their ransom demands.
+
+The same primary prevention techniques described in this article should be implemented to prevent human-operated ransomware. For additional preventative measures against human-operated ransomware, see this [article](/security/compass/human-operated-ransomware).
+
+See [this blog post](https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/) from the Microsoft 365 Defender Threat Intelligence Team for more information and attack chain analysis of actual human-operated ransomware attacks.

From 1174cb4b333f2ebca7c124e6a51b379eac330ea7 Mon Sep 17 00:00:00 2001
From: Joe Davies <josephd@microsoft.com>
Date: Fri, 4 Jun 2021 13:02:07 -0700
Subject: [PATCH 15/23] Update ransomware-malware.md

---
 .../intelligence/ransomware-malware.md               | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/intelligence/ransomware-malware.md b/windows/security/threat-protection/intelligence/ransomware-malware.md
index 00bd93579d..2eee3a6421 100644
--- a/windows/security/threat-protection/intelligence/ransomware-malware.md
+++ b/windows/security/threat-protection/intelligence/ransomware-malware.md
@@ -66,7 +66,7 @@ To provide the best protection against ransomware attacks, Microsoft recommends
 
 2. Deploy regular hardware and software systems patching and effective vulnerability management
 
-   A vital defense against cybersecurity attacks is the application of security updates and patches as soon as the software vendors release them. 
+   A vital defense against cybersecurity attacks is the application of security updates and patches as soon as the software publishers release them. 
 
    A prominent example of this failure was the WannaCry ransomware events in 2017, one of the largest global cybersecurity attacks in the history of the internet, which used a leaked vulnerability in Windows networking Server Message Block (SMB) protocol, for which Microsoft had released a patch nearly two months before the first publicized incident. 
 
@@ -74,9 +74,9 @@ To provide the best protection against ransomware attacks, Microsoft recommends
 
    **HOW:** Use [update channels](/microsoft-365/enterprise/deploy-update-channels-examples) for recommendations on updates for Windows 10 and Microsoft 365 Apps for Enterprise (Windows 10).
 
-3. Use up-to-date antivirus and an endpoint detection and response (EDR) solutions
+3. Use up to date antivirus and an endpoint detection and response (EDR) solutions
 
-   While owning an antivirus solution alone does not ensure absolute protection against viruses and other advanced computer threats, it’s very important to ensure that your antivirus solutions are kept up-to-date with your software vendors. 
+   While owning an antivirus solution alone does not ensure absolute protection against viruses and other advanced computer threats, ensure that your antivirus solutions are kept up to date with your software publishers. 
 
    Attackers invest heavily in the creation of new viruses and exploits, while vendors are left playing catch-up by releasing daily updates to their antivirus database engines. 
 
@@ -88,11 +88,11 @@ To provide the best protection against ransomware attacks, Microsoft recommends
 
    **HOW:** To effectively reduce your credential attack surface, use Microsoft support for [Azure Multi-Factor Authentication (MFA)](/azure/active-directory/authentication/concept-mfa-howitworks) to require stronger authentication for privileged accounts, [Azure Privileged Identity Management (PIM)](/azure/active-directory/privileged-identity-management/) for just-in-time use of privileged accounts, and [Privileged Access Management (PAM)](/microsoft-365/compliance/privileged-access-management-solution-overview) for just-in-time access to Microsoft 365 tasks that need elevated permissions.
 
-5. Implement effective application allow lists
+5. Implement effective application allowlists
 
-   It’s very important as part of a ransomware prevention strategy to restrict the applications that can run within an IT infrastructure. Application allow lists ensure only applications that have been tested and approved by an organization can run on the systems within the infrastructure. While this can be tedious and presents several IT administrative challenges, this strategy has been proven effective.
+   You need to restrict the applications that can run within an IT infrastructure. Application allowlists ensure only applications that have been tested and approved by an organization can run on the systems within the infrastructure. While this can be tedious and presents several IT administrative challenges, this strategy has been proven effective.
 
-   **HOW:** For Microsoft 365 apps, use [Azure AD Conditional Access](azure/active-directory/conditional-access/app-based-conditional-access) to require approved apps.
+   **HOW:** For Microsoft 365 apps, use [Azure AD Conditional Access](/azure/active-directory/conditional-access/app-based-conditional-access) to require approved apps.
 
 6. Regularly back up critical systems and files
 

From 9f96ebfac501647c03b74cfc94a93bac1c7032bd Mon Sep 17 00:00:00 2001
From: Joe Davies <josephd@microsoft.com>
Date: Fri, 4 Jun 2021 15:57:28 -0700
Subject: [PATCH 16/23] Update ransomware-malware.md

---
 .../threat-protection/intelligence/ransomware-malware.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/intelligence/ransomware-malware.md b/windows/security/threat-protection/intelligence/ransomware-malware.md
index 2eee3a6421..f09ebe1af1 100644
--- a/windows/security/threat-protection/intelligence/ransomware-malware.md
+++ b/windows/security/threat-protection/intelligence/ransomware-malware.md
@@ -62,7 +62,7 @@ To provide the best protection against ransomware attacks, Microsoft recommends
 
    By adopting an enterprise-grade email protection solution, most cybersecurity threats against an organization will be blocked at ingress and egress.
 
-   **HOW:** Use [Exchange Online Protection (EOP)](/microsoft-365/security/office-365-security/exchange-online-protection-overview), the Microsoft 365 and Office 365 cloud-based filtering service that protects your organization' Exchange Online mailboxes against spam, malware, and other email threats. 
+   **HOW:** Use [Exchange Online Protection (EOP)](/microsoft-365/security/office-365-security/exchange-online-protection-overview), the Microsoft 365 and Office 365 cloud-based filtering service that protects your organization's Exchange Online mailboxes against spam, malware, and other email threats. 
 
 2. Deploy regular hardware and software systems patching and effective vulnerability management
 

From d55e19b1fb18b23c3fc84817a9e0b98eebe68456 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Sat, 5 Jun 2021 12:01:29 +0530
Subject: [PATCH 17/23] Update
 windows/deployment/update/feature-update-maintenance-window.md

accepted

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/feature-update-maintenance-window.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/feature-update-maintenance-window.md b/windows/deployment/update/feature-update-maintenance-window.md
index 3214cc878a..a045a86cc0 100644
--- a/windows/deployment/update/feature-update-maintenance-window.md
+++ b/windows/deployment/update/feature-update-maintenance-window.md
@@ -126,7 +126,7 @@ There are potentially a thousand or more feature updates displayed in the Config
 Before you deploy the feature updates, you can download the content as a separate step. Do this so you can verify that the content is available on the distribution points before you deploy the feature updates. This will help you to avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment.
 
 1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**.
-2. Choose the **feature update(s)** to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Download**,
+2. Choose the **feature update(s)** to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Download**.
    The **Download Software Updates Wizard** opens.
 3. On the **Deployment Package** page, configure the following settings:
    **Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings:

From aab9c1f49a47a4ec695871db8436ed75194e6de6 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Sat, 5 Jun 2021 12:09:52 +0530
Subject: [PATCH 18/23] Update
 windows/deployment/update/feature-update-maintenance-window.md

accepted

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/feature-update-maintenance-window.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/deployment/update/feature-update-maintenance-window.md b/windows/deployment/update/feature-update-maintenance-window.md
index a045a86cc0..b1ee4d2dd8 100644
--- a/windows/deployment/update/feature-update-maintenance-window.md
+++ b/windows/deployment/update/feature-update-maintenance-window.md
@@ -127,6 +127,7 @@ Before you deploy the feature updates, you can download the content as a separat
 
 1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**.
 2. Choose the **feature update(s)** to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Download**.
+
    The **Download Software Updates Wizard** opens.
 3. On the **Deployment Package** page, configure the following settings:
    **Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings:

From 4976757337aa37e7c23e5e7cf7a304086585426f Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Sat, 5 Jun 2021 12:10:06 +0530
Subject: [PATCH 19/23] Update
 windows/deployment/update/feature-update-maintenance-window.md

accepted

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/feature-update-maintenance-window.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/deployment/update/feature-update-maintenance-window.md b/windows/deployment/update/feature-update-maintenance-window.md
index b1ee4d2dd8..630c2b6867 100644
--- a/windows/deployment/update/feature-update-maintenance-window.md
+++ b/windows/deployment/update/feature-update-maintenance-window.md
@@ -185,6 +185,7 @@ After you determine which feature updates you intend to deploy, you can manually
 1. In the Configuration Manager console, click **Software Library**.
 2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**.
 3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**,
+
    The **Deploy Software Updates Wizard** opens.
 4. On the General page, configure the following settings:
    - **Name**: Specify the name for the deployment. The deployment must have a unique name that describes the purpose of the deployment and differentiates it from other deployments in the Configuration Manager site. By default, Configuration Manager automatically provides a name for the deployment in the following format: **Microsoft Software Updates - \<date\>\<time\>**

From 7687ee2034c302e019134cbd28184475802b256c Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Sat, 5 Jun 2021 12:10:39 +0530
Subject: [PATCH 20/23] Update
 windows/deployment/update/feature-update-maintenance-window.md

accepted

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/feature-update-maintenance-window.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/feature-update-maintenance-window.md b/windows/deployment/update/feature-update-maintenance-window.md
index 630c2b6867..6f359c369a 100644
--- a/windows/deployment/update/feature-update-maintenance-window.md
+++ b/windows/deployment/update/feature-update-maintenance-window.md
@@ -251,7 +251,7 @@ After you determine which feature updates you intend to deploy, you can manually
    - Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection.
 
      > [!NOTE]
-     > Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content Source Priority](https://docs.microsoft.com/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#content-source-priority).
+     > Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source priority](/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#content-source-priority).
 10. On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting.
 11. Click **Next** to deploy the feature update(s).
 

From cfb6ec4f44efa773f610febb8bafbcbf18cdd1db Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Sat, 5 Jun 2021 12:11:02 +0530
Subject: [PATCH 21/23] Update
 windows/deployment/update/feature-update-maintenance-window.md

accepted

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/feature-update-maintenance-window.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/feature-update-maintenance-window.md b/windows/deployment/update/feature-update-maintenance-window.md
index 6f359c369a..771a7648f8 100644
--- a/windows/deployment/update/feature-update-maintenance-window.md
+++ b/windows/deployment/update/feature-update-maintenance-window.md
@@ -184,7 +184,7 @@ After you determine which feature updates you intend to deploy, you can manually
 
 1. In the Configuration Manager console, click **Software Library**.
 2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**.
-3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**,
+3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**.
 
    The **Deploy Software Updates Wizard** opens.
 4. On the General page, configure the following settings:

From 4551a1a6c5824a305885e0821bbaf3f6515c82ee Mon Sep 17 00:00:00 2001
From: Joe Davies <josephd@microsoft.com>
Date: Mon, 7 Jun 2021 07:35:30 -0700
Subject: [PATCH 22/23] Update ransomware-malware.md

---
 .../intelligence/ransomware-malware.md        | 47 +------------------
 1 file changed, 1 insertion(+), 46 deletions(-)

diff --git a/windows/security/threat-protection/intelligence/ransomware-malware.md b/windows/security/threat-protection/intelligence/ransomware-malware.md
index f09ebe1af1..5a04348f87 100644
--- a/windows/security/threat-protection/intelligence/ransomware-malware.md
+++ b/windows/security/threat-protection/intelligence/ransomware-malware.md
@@ -56,58 +56,13 @@ Organizations can be targeted specifically by attackers, or they can be caught i
 
 To provide the best protection against ransomware attacks, Microsoft recommends that you:
 
-1. Use an effective email filtering solution
-
-   According to the [Microsoft Security Intelligence Report Volume 24 of 2018](https://clouddamcdnprodep.azureedge.net/gdc/gdc09FrGq/original), spam and phishing emails are still the most common delivery method for ransomware infections. To effectively stop ransomware at its entry point, you must adopt an email security service that ensures all email content and headers entering and leaving the organization are scanned for spam, viruses, and other advanced malware threats. 
-
-   By adopting an enterprise-grade email protection solution, most cybersecurity threats against an organization will be blocked at ingress and egress.
-
-   **HOW:** Use [Exchange Online Protection (EOP)](/microsoft-365/security/office-365-security/exchange-online-protection-overview), the Microsoft 365 and Office 365 cloud-based filtering service that protects your organization's Exchange Online mailboxes against spam, malware, and other email threats. 
-
-2. Deploy regular hardware and software systems patching and effective vulnerability management
-
-   A vital defense against cybersecurity attacks is the application of security updates and patches as soon as the software publishers release them. 
-
-   A prominent example of this failure was the WannaCry ransomware events in 2017, one of the largest global cybersecurity attacks in the history of the internet, which used a leaked vulnerability in Windows networking Server Message Block (SMB) protocol, for which Microsoft had released a patch nearly two months before the first publicized incident. 
-
-   Regular patching and an effective vulnerability management program are important measures to defend against ransomware and other forms of malware.
-
-   **HOW:** Use [update channels](/microsoft-365/enterprise/deploy-update-channels-examples) for recommendations on updates for Windows 10 and Microsoft 365 Apps for Enterprise (Windows 10).
-
-3. Use up to date antivirus and an endpoint detection and response (EDR) solutions
-
-   While owning an antivirus solution alone does not ensure absolute protection against viruses and other advanced computer threats, ensure that your antivirus solutions are kept up to date with your software publishers. 
-
-   Attackers invest heavily in the creation of new viruses and exploits, while vendors are left playing catch-up by releasing daily updates to their antivirus database engines. 
-
-   EDR solutions collect and store large volumes of data from endpoints and provide real-time host-based, file-level monitoring and visibility to systems. The data sets and alerts generated by an EDR solution can help stop advanced threats and are often leveraged for responding to security incidents.
-
-4. Separate administrative and privileged credentials from standard credentials
-
-   Separate your system administrative accounts from your standard user accounts to ensure those administrative accounts are not useable across multiple systems. Separating these privileged accounts not only enforces proper access control but also ensures that a compromise of a single standard user account doesn’t lead to the compromise of your entire IT infrastructure. 
-
-   **HOW:** To effectively reduce your credential attack surface, use Microsoft support for [Azure Multi-Factor Authentication (MFA)](/azure/active-directory/authentication/concept-mfa-howitworks) to require stronger authentication for privileged accounts, [Azure Privileged Identity Management (PIM)](/azure/active-directory/privileged-identity-management/) for just-in-time use of privileged accounts, and [Privileged Access Management (PAM)](/microsoft-365/compliance/privileged-access-management-solution-overview) for just-in-time access to Microsoft 365 tasks that need elevated permissions.
-
-5. Implement effective application allowlists
-
-   You need to restrict the applications that can run within an IT infrastructure. Application allowlists ensure only applications that have been tested and approved by an organization can run on the systems within the infrastructure. While this can be tedious and presents several IT administrative challenges, this strategy has been proven effective.
-
-   **HOW:** For Microsoft 365 apps, use [Azure AD Conditional Access](/azure/active-directory/conditional-access/app-based-conditional-access) to require approved apps.
-
-6. Regularly back up critical systems and files
-
-   The ability to recover to a known good state is the most critical strategy of any information security incident plan, especially ransomware. Therefore, to ensure the success of this process, an organization must validate that all its critical systems, applications, and files are regularly backed up and that those backups are regularly tested to ensure they are recoverable. Ransomware is known to encrypt or destroy any file it comes across, and it can often make them unrecoverable; consequently, it’s of utmost importance that all impacted files can be easily recovered from a good backup stored at a secondary location not impacted by the ransomware attack.
-<!--
-
 - Back up important files regularly. Use the 3-2-1 rule. Keep three backups of your data, on two different storage types, and at least one backup offsite.  
 
 - Apply the latest updates to your operating systems and apps.
 
 - Educate your employees so they can identify social engineering and spear-phishing attacks.
 
-- [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). It can stop ransomware from encrypting files and holding the files for ransom.
-
---> 
+- [Implement controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). It can stop ransomware from encrypting files and holding the files for ransom.
 
 For more general tips, see [prevent malware infection](prevent-malware-infection.md).
 

From c18073c830e580029fdf78314f953f82a6753e31 Mon Sep 17 00:00:00 2001
From: Charles Inglis <32555877+cinglis-msft@users.noreply.github.com>
Date: Mon, 7 Jun 2021 14:44:15 -0400
Subject: [PATCH 23/23] corrected OMA-URI for Commercial ID

@jaimeo
---
 .../deployment/update/update-compliance-configuration-mem.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md
index c4ce3579f9..01de3567bf 100644
--- a/windows/deployment/update/update-compliance-configuration-mem.md
+++ b/windows/deployment/update/update-compliance-configuration-mem.md
@@ -40,7 +40,7 @@ Take the following steps to create a configuration profile that will set require
     2. Add a setting for **Commercial ID** ) with the following values:
         - **Name**: Commercial ID
         - **Description**: Sets the Commercial ID that corresponds to the Update Compliance Log Analytics workspace.
-        - **OMA-URI**: `./Vendor/MSFT/DMClient/Provider/MS DM Server/CommercialID`
+        - **OMA-URI**: `./Vendor/MSFT/DMClient/Provider/ProviderID/CommercialID`
         - **Data type**: String
         - **Value**: *Set this to your Commercial ID*
     2. Add a setting configuring the **Windows Diagnostic Data level** for devices: