Merge branch 'main' into sheshachary-5714481

.openpublishing.redirection.json

@@ -19447,7 +19447,7 @@
     },
     {
       "source_path": "windows/security/threat-protection/intelligence/supply-chain-malware.md",
-      "redirect_url": "/microsoft-365/security/intelligence/supply-chain-malware.md",
+      "redirect_url": "/microsoft-365/security/intelligence/supply-chain-malware",
       "redirect_document_id": false  
     },
     {
@@ -19494,6 +19494,21 @@
      "source_path": "windows/deployment/update/waas-microsoft-connected-cache.md",
      "redirect_url": "/windows/deployment/do/waas-microsoft-connected-cache",
      "redirect_document_id": false
-    }
+    },
+    { 
+     "source_path": "windows/education/itadmins.yml",
+     "redirect_url": "/education/",
+     "redirect_document_id": true
+    },
+    { 
+     "source_path": "windows/education/partners.yml",
+     "redirect_url": "/education/",
+     "redirect_document_id": true
+    },
+    { 
+     "source_path": "windows/education/developers.yml",
+     "redirect_url": "/education/",
+     "redirect_document_id": true
+    }    
   ]
 }

education/developers.yml

@@ -1,33 +0,0 @@
-### YamlMime:Hub
-
-title: Microsoft 365 Education Documentation for developers
-summary: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here.
-
-metadata:
-  title: Microsoft 365 Education Documentation for developers
-  description: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here.
-  ms.service: help
-  ms.topic: hub-page
-  author: LaurenMoynihan
-  ms.author: v-lamoyn
-  ms.date: 10/24/2019
-
-additionalContent:
-  sections:
-    - items:
-        # Card
-        - title: UWP apps for education
-          summary: Learn how to write universal apps for education.
-          url: /windows/uwp/apps-for-education/
-        # Card
-        - title: Take a test API
-          summary: Learn how web applications can use the API to provide a locked down experience for taking tests.
-          url: /windows/uwp/apps-for-education/take-a-test-api
-        # Card
-        - title: Office Education Dev center
-          summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app
-          url: https://developer.microsoft.com/office/edu
-        # Card
-        - title: Data Streamer
-          summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application.
-          url: /microsoft-365/education/data-streamer

education/index.yml

@@ -2,6 +2,8 @@
 
 title: Microsoft 365 Education Documentation
 summary: Microsoft 365 Education empowers educators to unlock creativity, promote teamwork, and provide a simple and safe experience in a single, affordable solution built for education.
+# brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-apps | power-automate | power-bi | power-platform | power-virtual-agents | sql | sql-server | vs | visual-studio | windows | xamarin
+brand: m365
 
 metadata:
   title: Microsoft 365 Education Documentation
@@ -13,23 +15,112 @@ metadata:
   ms.date: 10/24/2019
 
 productDirectory:
+  title: For IT admins
+  summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments.
   items:
     # Card    
-    - title: IT Admins
-      # imageSrc should be square in ratio with no whitespace
-      imageSrc: ./images/EDUAdmins.svg
-      links:
-        - url: itadmins.yml
-          text: Get started with deploying and managing a full cloud IT solution for your school.
+    - title: Phase 1 - Cloud deployment
+      imageSrc: ./images/EDU-Deploy.svg
+      summary: Create your Microsoft 365 tenant, secure and configure your environment, sync your active directry and SIS, and license users.
+      url: /microsoft-365/education/deploy/create-your-office-365-tenant
     # Card
-    - title: Developers
-      imageSrc: ./images/EDUDevelopers.svg
-      links:
-        - url: developers.yml
-          text: Looking for information about developing solutions on Microsoft Education products? Start here. 
+    - title: Phase 2 - Device management
+      imageSrc: ./images/EDU-Device-Mgmt.svg
+      summary: Get started with Windows for Education, set up and enroll devices in Intune.
+      url: /microsoft-365/education/deploy/set-up-windows-10-education-devices
     # Card    
-    - title: Partners
-      imageSrc: ./images/EDUPartners.svg
+    - title: Phase 3 - Apps management
+      imageSrc: ./images/EDU-Apps-Mgmt.svg
+      summary: Configure admin settings, set up Teams for Education, install apps and install Minecraft.
+      url: /microsoft-365/education/deploy/configure-admin-settings
+    # Card    
+    - title: Phase 4 - Complete your deployment
+      # imageSrc should be square in ratio with no whitespace
+      imageSrc: ./images/EDU-Tasks.svg
+      summary: Configure settings for Exchange and SharePoint.
+      url: /microsoft-365/education/deploy/deploy-exchange-online
+    # Card
+    - title: Security & compliance
+      imageSrc: ./images/EDU-Lockbox.svg
       links:
-        - url: partners.yml
-          text: Looking for resources available to Microsoft Education partners? Start here.
+        - url: /azure/active-directory/fundamentals/active-directory-deployment-checklist-p2
+          text: AAD feature deployment guide
+        - url: https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Azure-Information-Protection-Deployment-Acceleration-Guide/ba-p/334423
+          text: Azure information protection deployment acceleration guide
+        - url: /cloud-app-security/getting-started-with-cloud-app-security
+          text: Microsoft Defender for Cloud Apps
+        - url: /microsoft-365/compliance/create-test-tune-dlp-policy
+          text: Data loss prevention
+        - url: /microsoft-365/compliance/
+          text: Microsoft 365 Compliance
+        - url: https://social.technet.microsoft.com/wiki/contents/articles/35748.office-365-what-is-customer-lockbox-and-how-to-enable-it.aspx
+          text: Deploying Lockbox
+    # Card    
+    - title: Analytics & insights
+      imageSrc: ./images/EDU-Education.svg
+      links:
+        - url: /power-bi/service-admin-administering-power-bi-in-your-organization
+          text: Power BI for IT admins
+        - url: /dynamics365/#pivot=get-started
+          text: Dynamics 365
+    # Card    
+    - title: Find deployment help and other support resources
+      imageSrc: ./images/EDU-Teachers.svg
+      links:
+        - url: /microsoft-365/education/deploy/find-deployment-help
+          text: IT admin help
+        - url: https://social.technet.microsoft.com/forums/en-us/home
+          text: TechNet
+        - url: https://support.office.com/en-us/education
+          text: Education help center
+        - url: https://support.office.com/en-us/article/teacher-training-packs-7a9ee74a-8fe5-43d3-bc23-a55185896921
+          text: Teacher training packs
+    # Card    
+    - title: Check out our education journey
+      imageSrc: ./images/EDU-ITJourney.svg
+      links:
+        - url: https://edujourney.microsoft.com/k-12/
+          text: K-12
+        - url: https://edujourney.microsoft.com/hed/
+          text: Higher education
+
+additionalContent:
+  sections:
+    - title: For developers # < 60 chars (optional)
+      summary: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here. # < 160 chars (optional)
+    - items:
+        # Card
+        - title: UWP apps for education
+          summary: Learn how to write universal apps for education.
+          url: /windows/uwp/apps-for-education/
+        # Card
+        - title: Take a test API
+          summary: Learn how web applications can use the API to provide a locked down experience for taking tests.
+          url: /windows/uwp/apps-for-education/take-a-test-api
+        # Card
+        - title: Office Education Dev center
+          summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app
+          url: https://developer.microsoft.com/office/edu
+        # Card
+        - title: Data Streamer
+          summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application.
+          url: /microsoft-365/education/data-streamer
+    - title: For partners # < 60 chars (optional)
+      summary: Looking for resources available to Microsoft Education partners? Start here. # < 160 chars (optional)
+    - items:
+        # Card
+        - title: Microsoft Partner Network
+          summary: Discover the latest news and resources for Microsoft Education products, solutions, licensing and readiness.
+          url: https://partner.microsoft.com/solutions/education
+        # Card
+        - title: Authorized Education Partner (AEP) program
+          summary: Become authorized to purchase and resell academic priced offers and products to Qualified Educational Users (QEUs).
+          url: https://www.mepn.com/
+        # Card
+        - title: Authorized Education Partner Directory
+          summary: Search through the list of Authorized Education Partners worldwide who can deliver on customer licensing requirements, and provide solutions and services to current and future school needs.
+          url: https://www.mepn.com/MEPN/AEPSearch.aspx
+        # Card
+        - title: Education Partner community Yammer group
+          summary: Sign in with your Microsoft Partner account and join the Education Partner community private group on Yammer.
+          url: https://www.yammer.com/mepn/

education/itadmins.yml

@@ -1,120 +0,0 @@
-### YamlMime:Hub
-
-title: Microsoft 365 Education Documentation for IT admins
-summary: Microsoft 365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync.
-
-metadata:
-  title: Microsoft 365 Education Documentation for IT admins
-  description: M365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync.
-  ms.service: help
-  ms.topic: hub-page
-  author: LaurenMoynihan
-  ms.author: v-lamoyn
-  ms.date: 10/24/2019
-
-productDirectory:
-  summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments.
-  items:
-    # Card    
-    - title: Phase 1 - Cloud deployment
-      imageSrc: ./images/EDU-Deploy.svg
-      links:
-        - url: /microsoft-365/education/deploy/create-your-office-365-tenant
-          text: 1. Create your Office 365 tenant
-        - url: /microsoft-365/education/deploy/secure-and-configure-your-network
-          text: 2. Secure and configure your network
-        - url: /microsoft-365/education/deploy/aad-connect-and-adfs
-          text: 3. Sync your active directory
-        - url: /microsoft-365/education/deploy/school-data-sync
-          text: 4. Sync you SIS using School Data Sync
-        - url: /microsoft-365/education/deploy/license-users
-          text: 5. License users
-    # Card
-    - title: Phase 2 - Device management
-      imageSrc: ./images/EDU-Device-Mgmt.svg
-      links:
-        - url: ./windows/index.md
-          text: 1. Get started with Windows 10 for Education
-        - url: /microsoft-365/education/deploy/set-up-windows-10-education-devices
-          text: 2. Set up Windows 10 devices
-        - url: /microsoft-365/education/deploy/intune-for-education
-          text: 3. Get started with Intune for Education
-        - url: /microsoft-365/education/deploy/use-intune-for-education
-          text: 4. Use Intune to manage groups, apps, and settings
-        - url: /intune/enrollment/enrollment-autopilot
-          text: 5. Enroll devices using Windows Autopilot
-    # Card    
-    - title: Phase 3 - Apps management
-      imageSrc: ./images/EDU-Apps-Mgmt.svg
-      links:
-        - url: /microsoft-365/education/deploy/configure-admin-settings
-          text: 1. Configure admin settings
-        - url: /microsoft-365/education/deploy/set-up-teams-for-education
-          text: 2. Set up Teams for Education
-        - url: /microsoft-365/education/deploy/deploy-office-365
-          text: 3. Set up Office 365
-        - url: /microsoft-365/education/deploy/microsoft-store-for-education
-          text: 4. Install apps from Microsoft Store for Education
-        - url: /microsoft-365/education/deploy/minecraft-for-education
-          text: 5. Install Minecraft - Education Edition
-    # Card    
-    - title: Complete your deployment
-      # imageSrc should be square in ratio with no whitespace
-      imageSrc: ./images/EDU-Tasks.svg
-      links:
-        - url: /microsoft-365/education/deploy/deploy-exchange-online
-          text: Deploy Exchange Online
-        - url: /microsoft-365/education/deploy/deploy-sharepoint-online-and-onedrive
-          text: Deploy SharePoint Online and OneDrive
-        - url: /microsoft-365/education/deploy/deploy-exchange-server-hybrid
-          text: Deploy Exchange Server hybrid
-        - url: /microsoft-365/education/deploy/deploy-sharepoint-server-hybrid
-          text: Deploy SharePoint Server Hybrid
-    # Card
-    - title: Security & compliance
-      imageSrc: ./images/EDU-Lockbox.svg
-      links:
-        - url: /azure/active-directory/fundamentals/active-directory-deployment-checklist-p2
-          text: AAD feature deployment guide
-        - url: https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Azure-Information-Protection-Deployment-Acceleration-Guide/ba-p/334423
-          text: Azure information protection deployment acceleration guide
-        - url: /cloud-app-security/getting-started-with-cloud-app-security
-          text: Microsoft Defender for Cloud Apps
-        - url: /microsoft-365/compliance/create-test-tune-dlp-policy
-          text: Office 365 data loss prevention
-        - url: /microsoft-365/compliance/
-          text: Office 365 advanced compliance
-        - url: https://social.technet.microsoft.com/wiki/contents/articles/35748.office-365-what-is-customer-lockbox-and-how-to-enable-it.aspx
-          text: Deploying Lockbox
-    # Card    
-    - title: Analytics & insights
-      imageSrc: ./images/EDU-Education.svg
-      links:
-        - url: /power-bi/service-admin-administering-power-bi-in-your-organization
-          text: Power BI for IT admins
-        - url: /dynamics365/#pivot=get-started
-          text: Dynamics 365
-    # Card    
-    - title: Find deployment help
-      imageSrc: ./images/EDU-FindHelp.svg
-      links:
-        - url: /microsoft-365/education/deploy/find-deployment-help
-          text: IT admin help
-        - url: https://social.technet.microsoft.com/forums/en-us/home
-          text: TechNet
-    # Card    
-    - title: Check out our education journey
-      imageSrc: ./images/EDU-ITJourney.svg
-      links:
-        - url: https://edujourney.microsoft.com/k-12/
-          text: K-12
-        - url: https://edujourney.microsoft.com/hed/
-          text: Higher education
-    # Card    
-    - title: Additional support resources
-      imageSrc: ./images/EDU-Teachers.svg
-      links:
-        - url: https://support.office.com/en-us/education
-          text: Education help center
-        - url: https://support.office.com/en-us/article/teacher-training-packs-7a9ee74a-8fe5-43d3-bc23-a55185896921
-          text: Teacher training packs

education/partners.yml

@@ -1,33 +0,0 @@
-### YamlMime:Hub
-
-title: Microsoft 365 Education Documentation for partners
-summary: Looking for resources available to Microsoft Education partners? Start here.
-
-metadata:
-  title: Microsoft 365 Education Documentation for partners
-  description: Looking for resources available to Microsoft Education partners? Start here.
-  ms.service: help
-  ms.topic: hub-page
-  author: LaurenMoynihan
-  ms.author: v-lamoyn
-  ms.date: 10/24/2019
-
-additionalContent:
-  sections:
-    - items:
-        # Card
-        - title: Microsoft Partner Network
-          summary: Discover the latest news and resources for Microsoft Education products, solutions, licensing and readiness.
-          url: https://partner.microsoft.com/solutions/education
-        # Card
-        - title: Authorized Education Partner (AEP) program
-          summary: Become authorized to purchase and resell academic priced offers and products to Qualified Educational Users (QEUs).
-          url: https://www.mepn.com/
-        # Card
-        - title: Authorized Education Partner Directory
-          summary: Search through the list of Authorized Education Partners worldwide who can deliver on customer licensing requirements, and provide solutions and services to current and future school needs.
-          url: https://www.mepn.com/MEPN/AEPSearch.aspx
-        # Card
-        - title: Education Partner community Yammer group
-          summary: Sign in with your Microsoft Partner account and join the Education Partner community private group on Yammer.
-          url: https://www.yammer.com/mepn/

store-for-business/billing-understand-your-invoice-msfb.md

@@ -110,10 +110,10 @@ At the bottom of the invoice, there are instructions for paying your bill. You c
 If you have third-party services in your bill, the name and address of each publisher is listed at the bottom of your invoice.
 
 ## Next steps
-If there are Azure charges on your invoice that you would like more details on, see [Understand the Azure charges on your Microsoft Customer Agreement invoice](/azure/billing/billing-understand-your-invoice-mca).
+If there are Azure charges on your invoice that you would like more details on, see [Understand the Azure charges on your Microsoft Customer Agreement invoice](/azure/cost-management-billing/understand/download-azure-invoice#invoices-for-mca-and-mpa-billing-accounts).
 
 ## Need help? Contact us.
 
 If you have questions or need help with your Azure charges, [create a support request with Azure support](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest).
 
-If you have questions or need help with your invoice in Microsoft Store for Business, [create a support request with Store for Business support](https://businessstore.microsoft.com/manage/support/summary).
+If you have questions or need help with your invoice in Microsoft Store for Business, [create a support request with Store for Business support](https://businessstore.microsoft.com/manage/support/summary).

windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md

@@ -120,7 +120,7 @@ The XML file included in the Office Deployment Tool specifies the product detail
       |--------------|----------------------------|----------------|
       | Add element  | Specifies which products and languages the package will include.     | N/A     |
       | **OfficeClientEdition** (attribute of **Add** element) | Specifies whether Office 2016 32-bit or 64-bit edition will be used. **OfficeClientEdition**  must be set to a valid value for the operation to succeed.     | `OfficeClientEdition="32"`<br>`OfficeClientEdition="64"`  |
-      | Product element   | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications.<br>For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](/office365/troubleshoot/installation).   | `Product ID ="O365ProPlusRetail"`<br>`Product ID ="VisioProRetail"`<br>`Product ID ="ProjectProRetail"` |
+      | Product element   | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications.<br>For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](/office365/troubleshoot/installation/product-ids-supported-office-deployment-click-to-run).   | `Product ID ="O365ProPlusRetail"`<br>`Product ID ="VisioProRetail"`<br>`Product ID ="ProjectProRetail"` |
       | Language element     | Specifies which language the applications support.    | `Language ID="en-us"`   |
       | Version (attribute of **Add** element) | Optional. Specifies which build the package will use.<br>Defaults to latest advertised build (as defined in v32.CAB at the Office source).   | `16.1.2.3`    |
       | SourcePath (attribute of **Add** element)   | Specifies the location the applications will be saved to.    | `Sourcepath = "\\Server\Office2016"`     |

windows/client-management/administrative-tools-in-windows-10.md

@@ -1,64 +1,76 @@
 ---
-title: Administrative Tools in Windows 
-description: Administrative Tools is a folder in Control Panel that contains tools for system administrators and advanced users.
-ms.assetid: FDC63933-C94C-43CB-8373-629795926DC8
-ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+title: Windows Tools/Administrative Tools
+description: The folders for Windows Tools and Administrative Tools are folders in the Control Panel that contain tools for system administrators and advanced users.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: aczechowski
+ms.author: aaroncz
+manager: dougeby
 ms.localizationpriority: medium
-ms.date: 09/20/2021
+ms.date: 03/28/2022
 ms.topic: article
 ms.collection: highpri
 ---
 
-# Administrative Tools in Windows
-
+# Windows Tools/Administrative Tools
 
 **Applies to**
--  Windows 10
--  Windows 11
 
+- Windows 11
+- Windows 10
 
-Administrative Tools is a folder in Control Panel that contains tools for system administrators and advanced users. 
+**Windows Tools** is a folder in the Windows 11 Control Panel. **Administrative Tools** is a folder in the Windows 10 Control Panel. These folders contain tools for system administrators and advanced users.
 
-![Screenshot of Control Panel.](images/admin-tools.png)
+## Windows Tools folder (Windows 11)
 
-The tools in the folder might vary depending on which edition of Windows you are using. 
+The following graphic shows the **Windows Tools** folder in Windows 11:
 
-![Screenshot of folder of admin tools.](images/admin-tools-folder.png)
+:::image type="content" source="media/win11-control-panel-windows-tools.png" alt-text="Screenshot of the Control Panel in Windows 11, highlighting the Administrative Tools folder." lightbox="media/win11-control-panel-windows-tools.png":::
 
-These tools were included in previous versions of Windows. The associated documentation for each tool should help you use these tools in Windows. The following list provides links to documentation for each tool. The tools are located within the folder C:\Windows\System32\ or its subfolders.
+The tools in the folder might vary depending on which edition of Windows you use.
 
- 
+:::image type="content" source="media/win11-windows-tools.png" alt-text="Screenshot of the contents of the Windows Tools folder in Windows 11." lightbox="media/win11-windows-tools.png":::
 
--   [Component Services]( https://go.microsoft.com/fwlink/p/?LinkId=708489)
--   [Computer Management](https://support.microsoft.com/kb/308423)
--   [Defragment and Optimize Drives](https://go.microsoft.com/fwlink/p/?LinkId=708488)
--   [Disk Cleanup](https://go.microsoft.com/fwlink/p/?LinkID=698648)
--   [Event Viewer](/previous-versions/windows/it-pro/windows-2000-server/cc938674(v=technet.10))
--   [iSCSI Initiator](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee338476(v=ws.10))
--   [Local Security Policy](/previous-versions/tn-archive/dd277395(v=technet.10))
--   [ODBC Data Sources]( https://go.microsoft.com/fwlink/p/?LinkId=708494)
--   [Performance Monitor](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc749115(v=ws.11))
--   [Print Management](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731857(v=ws.11))
--   [Recovery Drive](https://support.microsoft.com/help/4026852/windows-create-a-recovery-drive)
--   [Registry Editor](/windows/win32/sysinfo/registry)
--   [Resource Monitor](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd883276(v=ws.10))
--   [Services](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc772408(v=ws.11))
--   [System Configuration](https://go.microsoft.com/fwlink/p/?LinkId=708499)
--   [System Information]( https://go.microsoft.com/fwlink/p/?LinkId=708500)
--   [Task Scheduler](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc766428(v=ws.11))
--   [Windows Firewall with Advanced Security](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754274(v=ws.11))
--   [Windows Memory Diagnostic]( https://go.microsoft.com/fwlink/p/?LinkId=708507)
+## Administrative Tools folder (Windows 10)
+
+The following graphic shows the **Administrative Tools** folder in Windows 10:
+
+![Screenshot of the Control Panel in Windows 10, highlighting the Administrative Tools folder.](images/admin-tools.png)
+
+The tools in the folder might vary depending on which edition of Windows you use.
+
+![Screenshot of the contents of the Administrative Tools folder in Windows 10.](images/admin-tools-folder.png)
+
+## Tools
+
+The tools are located in the folder `C:\Windows\System32\` or its subfolders.
+
+These tools were included in previous versions of Windows. The associated documentation for each tool can help you use them. The following list provides links to documentation for each tool.
+
+- [Component Services](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731901(v=ws.11))
+- [Computer Management](https://support.microsoft.com/topic/how-to-use-computer-management-in-windows-xp-d5872f93-4498-f4dd-3a34-36d6f569924f)
+- [Defragment and Optimize Drives](https://support.microsoft.com/windows/ways-to-improve-your-computer-s-performance-c6018c78-0edd-a71a-7040-02267d68ea90)
+- [Disk Cleanup](https://support.microsoft.com/windows/disk-cleanup-in-windows-8a96ff42-5751-39ad-23d6-434b4d5b9a68)
+- [Event Viewer](/previous-versions/windows/it-pro/windows-2000-server/cc938674(v=technet.10))
+- [iSCSI Initiator](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee338476(v=ws.10))
+- [Local Security Policy](/previous-versions/tn-archive/dd277395(v=technet.10))
+- [ODBC Data Sources](/sql/odbc/admin/odbc-data-source-administrator)
+- [Performance Monitor](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc749115(v=ws.11))
+- [Print Management](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731857(v=ws.11))
+- [Recovery Drive](https://support.microsoft.com/windows/create-a-recovery-drive-abb4691b-5324-6d4a-8766-73fab304c246)
+- [Registry Editor](/windows/win32/sysinfo/registry)
+- [Resource Monitor](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd883276(v=ws.10))
+- [Services](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc772408(v=ws.11))
+- [System Configuration](/troubleshoot/windows-client/performance/system-configuration-utility-troubleshoot-configuration-errors)
+- [System Information](/previous-versions/windows/it-pro/windows-2000-server/cc957818(v=technet.10))
+- [Task Scheduler](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc766428(v=ws.11))
+- [Windows Firewall with Advanced Security](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754274(v=ws.11))
+- [Windows Memory Diagnostic](/previous-versions/technet-magazine/cc745953(v=msdn.10))
 
 > [!TIP]
-> If the content that is linked to a tool in the following list doesn't provide the information you need to use that tool, send us a comment by using the **Was this page helpful?** feature on this **Administrative Tools in Windows 10** page. Details about the information you want for a tool will help us plan future content. 
+> If the linked content in this list doesn't provide the information you need to use that tool, send feedback with the **This page** link in the **Feedback** section at the bottom of this article.
 
 ## Related topics
 
-[Diagnostic Data Viewer](/windows/privacy/diagnostic-data-viewer-overview)
-
+[Diagnostic data viewer](/windows/privacy/diagnostic-data-viewer-overview)

windows/client-management/advanced-troubleshooting-boot-problems.md

@@ -15,6 +15,8 @@ ms.collection: highpri
 
 # Advanced troubleshooting for Windows boot problems
 
+<p class="alert is-flex is-primary"><span class="has-padding-left-medium has-padding-top-extra-small"><a class="button is-primary" href="https://vsa.services.microsoft.com/v1.0/?partnerId=7d74cf73-5217-4008-833f-87a1a278f2cb&flowId=DMC&initialQuery=boot" target='_blank'><b>Try our Virtual Agent</b></a></span><span class="has-padding-small"> - It can help you quickly identify and fix common Windows boot issues</span>
+
 > [!NOTE]
 > This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/help/12415).
 

windows/client-management/index.yml

@@ -16,7 +16,7 @@ metadata:
   author: aczechowski
   ms.author: aaroncz
   manager: dougeby
-  ms.date: 08/05/2021 #Required; mm/dd/yyyy format.
+  ms.date: 03/28/2022 #Required; mm/dd/yyyy format.
   localization_priority: medium
     
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@@ -29,7 +29,7 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-          - text: Administrative Tools in Windows 10
+          - text: Windows Tools/Administrative Tools
             url: administrative-tools-in-windows-10.md
           - text: Create mandatory user profiles
             url: mandatory-user-profile.md

windows/client-management/mdm/policy-csp-storage.md

@@ -7,7 +7,7 @@ ms.prod: w10
 ms.technology: windows
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 09/27/2019
+ms.date: 03/25/2022
 ms.reviewer: 
 manager: dansimp
 ---
@@ -128,6 +128,8 @@ The following list shows the supported values:
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 
+Note: Versions prior to version 1903 do not support group policy.
+
 <!--/SupportedSKUs-->
 <hr/>
 
@@ -183,6 +185,8 @@ ADMX Info:
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 
+Note: Versions prior to version 1903 do not support group policy.
+
 <!--/SupportedSKUs-->
 <hr/>
 
@@ -241,6 +245,8 @@ ADMX Info:
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 
+Note: Versions prior to version 1903 do not support group policy.
+
 <!--/SupportedSKUs-->
 <hr/>
 
@@ -299,6 +305,8 @@ ADMX Info:
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 
+Note: Versions prior to version 1903 do not support group policy.
+
 <!--/SupportedSKUs-->
 <hr/>
 
@@ -357,6 +365,8 @@ ADMX Info:
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 
+Note: Versions prior to version 1903 do not support group policy.
+
 <!--/SupportedSKUs-->
 <hr/>
 
@@ -421,6 +431,8 @@ ADMX Info:
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 
+Note: Versions prior to version 1903 do not support group policy.
+
 <!--/SupportedSKUs-->
 <hr/>
 

windows/client-management/mdm/vpnv2-csp.md

@@ -771,7 +771,9 @@ Reserved for future use.
 Reserved for future use.
 
 <a href="" id="vpnv2-profilename-nativeprofile-cryptographysuite"></a>**VPNv2/**<em>ProfileName</em>**/NativeProfile/CryptographySuite**  
-Added in Windows 10, version 1607. Properties of IPSec tunnels.
+Added in Windows 10, version 1607. Properties of IPSec tunnels. 
+
+[!NOTE] If you specify any of the properties under CryptographySuite, you must specify all of them. It's not valid to specify just some of the properties.
 
 <a href="" id="vpnv2-profilename-nativeprofile-cryptographysuite-authenticationtransformconstants"></a>**VPNv2/**<em>ProfileName</em>**/NativeProfile/CryptographySuite/AuthenticationTransformConstants**  
 Added in Windows 10, version 1607.

windows/client-management/toc.yml

@@ -4,7 +4,7 @@ items:
   items: 
     - name: Client management tools and settings
       items:
-        - name: Administrative Tools in Windows 10
+        - name: Windows Tools/Administrative Tools
           href: administrative-tools-in-windows-10.md
         - name: Use Quick Assist to help users
           href: quick-assist.md

windows/configuration/provisioning-packages/provisioning-packages.md

@@ -79,7 +79,7 @@ The following table describes settings that you can configure using the wizards
 | Set up device | Assign device name, enter product key to upgrade Windows, configure shared used, remove pre-installed software | ✔️ | ✔️ | ✔️ |
 | Set up network | Connect to a Wi-Fi network | ✔️ | ✔️ | ✔️ |
 | Account management | Enroll device in Active Directory, enroll device in Azure Active Directory, or create a local administrator account | ✔️ | ✔️ | ✔️ |
-| Bulk Enrollment in Azure AD | Enroll device in Azure Active Directory</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup). | ❌ | ❌ | ❌ |
+| Bulk Enrollment in Azure AD | Enroll device in Azure Active Directory using Bulk Token</br></br> [Set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Azure AD enrollment,. | ✔️ | ✔️ | ✔️ |
 | Add applications | Install applications using the provisioning package.  | ✔️ | ✔️ | ❌ |
 | Add certificates | Include a certificate file in the provisioning package. | ✔️ | ✔️ | ✔️ |
 | Configure kiosk account and app | Create local account to run the kiosk mode app, specify the app to run in kiosk mode | ❌ | ✔️ | ❌ |

windows/deployment/update/windows-update-troubleshooting.md

@@ -20,6 +20,8 @@ ms.collection: highpri
 -   Windows 10
 -   Windows 11
 
+<p class="alert is-flex is-primary"><span class="has-padding-left-medium has-padding-top-extra-small"><a class="button is-primary" href="https://vsa.services.microsoft.com/v1.0/?partnerId=7d74cf73-5217-4008-833f-87a1a278f2cb&flowId=DMC&initialQuery=wu" target='_blank'><b>Try our Virtual Agent</b></a></span><span class="has-padding-small"> - It can help you quickly identify and fix common Windows Update issues</span>
+
 If you run into problems when using Windows Update, start with the following steps: 
  
 1. Run the built-in Windows Update troubleshooter to fix common issues. Navigate to **Settings > Update & Security > Troubleshoot > Windows Update**. 

windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

@@ -1,5 +1,5 @@
 ---
-title: Manage connections from Windows 10 and Windows 11 operating system components to Microsoft services
+title: Manage connections from Windows 10 and Windows 11 Server/Enterprise editions operating system components to Microsoft services
 description: Learn how to minimize connections from Windows to Microsoft services, and configure particular privacy settings related to these connections.
 ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9
 ms.reviewer:

windows/security/identity-protection/access-control/access-control.md

@@ -131,7 +131,7 @@ For more information about user rights, see [User Rights Assignment](/windows/de
 
 With administrator's rights, you can audit users' successful or failed access to objects. You can select which object access to audit by using the access control user interface, but first you must enable the audit policy by selecting **Audit object access** under **Local Policies** in **Local Security Settings**. You can then view these security-related events in the Security log in Event Viewer.
 
-For more information about auditing, see [Security Auditing Overview](/windows/device-security/auditing/security-auditing-overview).
+For more information about auditing, see [Security Auditing Overview](/windows/security/threat-protection/auditing/security-auditing-overview).
 
 ## See also
 

windows/security/identity-protection/hello-for-business/hello-deployment-issues.md

@@ -29,7 +29,7 @@ Applies to:
 - Windows 10, version 1803 and later
 - Windows 11
 
-PIN reset on Azure AD joined devices uses a flow called web sign-in to authenticate the user above lock. Web sign in only allows navigation to specific domains. If it attempts to navigate to a domain that is not allowed it will shows a page with the error message "We can't open that page right now".
+PIN reset on Azure AD joined devices uses a flow called web sign-in to authenticate the user above lock. Web sign in only allows navigation to specific domains. If it attempts to navigate to a domain that is not allowed it will show a page with the error message "We can't open that page right now".
 
 ### Identifying Azure AD joined PIN Reset Allowed Domains Issue
 
@@ -57,11 +57,11 @@ In Hybrid key trust deployments with domain controllers running certain builds o
 
 After the user provisions a Windows Hello for Business credential in a hybrid key trust environment, the key must sync from Azure AD to AD during an Azure AD Connect sync cycle. The user's public key will be written to the msDS-KeyCredentialLink attribute of the user object.
 
-Before the user's Windows Hello for Business key is synced, sign-in's with Windows Hello for Business will fail with the error message, *"That option is temporarily unavailable. For now, please use a different method to sign in."* After the sync is successful, the user should be able to login and unlock with their PIN or enrolled biometrics.
+Before the user's Windows Hello for Business key is synced, sign-in's with Windows Hello for Business will fail with the error message, *"That option is temporarily unavailable. For now, please use a different method to sign in."* After the sync is successful, the user should be able to log in and unlock with their PIN or enrolled biometrics.
 
 In environments impacted with this issue, after the first sign-in with Windows Hello for Business after provisioning is completed, the next sign-in attempt will fail. In environments where domain controllers are running a mix of builds, only some may be impacted by this issue and subsequent logon attempts may be sent different domain controllers. This may result in the sign-in failures appearing to be intermittent.
 
-After the initial logon attempt, the user's Windows Hello for Business public key is being deleted from the msDS-KeyCredentialLink attribute. This can be verified by querying a user's msDS-KeyCredentialLink attribute before and after sign-in. The msDS-KeyCredentialLink can be queried in AD using [Get-ADUser](/powershell/module/addsadministration/get-aduser) and specifying *msds-keycredentiallink* for the *-Properties* parameter.
+After the initial logon attempt, the user's Windows Hello for Business public key is being deleted from the msDS-KeyCredentialLink attribute. This can be verified by querying a user's msDS-KeyCredentialLink attribute before and after sign-in. The msDS-KeyCredentialLink can be queried in AD using [Get-ADUser](/powershell/module/activedirectory/get-aduser) and specifying *msds-keycredentiallink* for the *-Properties* parameter.
 
 ### Resolving User Public Key Deletion Issue
 

windows/security/information-protection/encrypted-hard-drive.md

@@ -21,6 +21,7 @@ ms.date: 04/02/2019
 - Windows Server 2022
 - Windows Server 2019
 - Windows Server 2016
+- Azure Stack HCI
 
 Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management.
 
@@ -32,8 +33,8 @@ Encrypted Hard Drives provide:
 
 -   **Better performance**: Encryption hardware, integrated into the drive controller, allows the drive to operate at full data rate with no performance degradation.
 -   **Strong security based in hardware**: Encryption is always "on" and the keys for encryption never leave the hard drive. User authentication is performed by the drive before it will unlock, independently of the operating system
--   **Ease of use**: Encryption is transparent to the user, and the user doesn't need to enable it. Encrypted Hard Drives are easily erased using on-board encryption key; there is no need to re-encrypt data on the drive.
--   **Lower cost of ownership**: There is no need for new infrastructure to manage encryption keys, since BitLocker leverages your existing infrastructure to store recovery information. Your device operates more efficiently because processor cycles do not need to be used for the encryption process.
+-   **Ease of use**: Encryption is transparent to the user, and the user doesn't need to enable it. Encrypted Hard Drives are easily erased using on-board encryption key; there's no need to re-encrypt data on the drive.
+-   **Lower cost of ownership**: There's no need for new infrastructure to manage encryption keys, since BitLocker leverages your existing infrastructure to store recovery information. Your device operates more efficiently because processor cycles don't need to be used for the encryption process.
 
 Encrypted Hard Drives are supported natively in the operating system through the following mechanisms:
 
@@ -77,13 +78,13 @@ Rapid encryption in BitLocker directly addresses the security needs of enterpris
 Configuration of Encrypted Hard Drives as startup drives is done using the same methods as standard hard drives. These methods include:
 
 -   **Deploy from media**: Configuration of Encrypted Hard Drives happens automatically through the installation process.
--   **Deploy from network**: This deployment method involves booting a Windows PE environment and using imaging tools to apply a Windows image from a network share. Using this method, the Enhanced Storage optional component needs to be included in the Windows PE image. You can enable this component using Server Manager, Windows PowerShell, or the DISM command line tool. If this component is not present, configuration of Encrypted Hard Drives will not work.
+-   **Deploy from network**: This deployment method involves booting a Windows PE environment and using imaging tools to apply a Windows image from a network share. Using this method, the Enhanced Storage optional component needs to be included in the Windows PE image. You can enable this component using Server Manager, Windows PowerShell, or the DISM command line tool. If this component isn't present, configuration of Encrypted Hard Drives won't work.
 -   **Deploy from server**: This deployment method involves PXE booting a client with Encrypted Hard Drives present. Configuration of Encrypted Hard Drives happens automatically in this environment when the Enhanced Storage component is added to the PXE boot image. During deployment, the [TCGSecurityActivationDisabled](/windows-hardware/customize/desktop/unattend/microsoft-windows-enhancedstorage-adm-tcgsecurityactivationdisabled) setting in unattend.xml controls the encryption behavior of Encrypted Hard Drives.
--   **Disk Duplication**: This deployment method involves use of a previously configured device and disk duplication tools to apply a Windows image to an Encrypted Hard Drive. Disks must be partitioned using at least Windows 8 or Windows Server 2012 for this configuration to work. Images made using disk duplicators will not work.
+-   **Disk Duplication**: This deployment method involves use of a previously configured device and disk duplication tools to apply a Windows image to an Encrypted Hard Drive. Disks must be partitioned using at least Windows 8 or Windows Server 2012 for this configuration to work. Images made using disk duplicators won't work.
 
 ## Configuring hardware-based encryption with Group Policy
 
-There are three related Group Policy settings that help you manage how BitLocker uses hardware-based encryption and which encryption algorithms to use. If these settings are not configured or disabled on systems that are equipped with encrypted drives, BitLocker uses software-based encryption: 
+There are three related Group Policy settings that help you manage how BitLocker uses hardware-based encryption and which encryption algorithms to use. If these settings aren't configured or disabled on systems that are equipped with encrypted drives, BitLocker uses software-based encryption: 
 
 - [Configure use of hardware-based encryption for fixed data drives](bitlocker/bitlocker-group-policy-settings.md#bkmk-hdefxd)  
 - [Configure use of hardware-based encryption for removable data drives](bitlocker/bitlocker-group-policy-settings.md#configure-use-of-hardware-based-encryption-for-removable-data-drives)
@@ -93,14 +94,14 @@ There are three related Group Policy settings that help you manage how BitLocker
 
 Encrypted Hard Drives utilize two encryption keys on the device to control the locking and unlocking of data on the drive. These are the Data Encryption Key (DEK) and the Authentication Key (AK).
 
-The Data Encryption Key is the key used to encrypt all of the data on the drive. The drive generates the DEK and it never leaves the device. It is stored in an encrypted format at a random location on the drive. If the DEK is changed or erased, data encrypted using the DEK is irrecoverable.
+The Data Encryption Key is the key used to encrypt all of the data on the drive. The drive generates the DEK and it never leaves the device. It's stored in an encrypted format at a random location on the drive. If the DEK is changed or erased, data encrypted using the DEK is irrecoverable.
 
 The Authentication Key is the key used to unlock data on the drive. A hash of the key is stored on drive and requires confirmation to decrypt the DEK.
 
 When a computer with an Encrypted Hard Drive is in a powered off state, the drive locks automatically. As a computer powers on, the device remains in a locked state and is only unlocked after the Authentication Key decrypts the Data Encryption Key. Once the Authentication Key decrypts the Data
 Encryption Key, read-write operations can take place on the device.
 
-When writing data to the drive, it passes through an encryption engine before the write operation completes. Likewise, reading data from the drive requires the encryption engine to decrypt the data before passing that data back to the user. In the event that the DEK needs to be changed or erased, the data on the drive does not need to be re-encrypted. A new Authentication Key needs to be created and it will re-encrypt the DEK. Once completed, the DEK can now be unlocked using the new AK and read-writes to the volume can continue.
+When writing data to the drive, it passes through an encryption engine before the write operation completes. Likewise, reading data from the drive requires the encryption engine to decrypt the data before passing that data back to the user. In the event that the DEK needs to be changed or erased, the data on the drive doesn't need to be re-encrypted. A new Authentication Key needs to be created and it will re-encrypt the DEK. Once completed, the DEK can now be unlocked using the new AK and read-writes to the volume can continue.
 
 ## Re-configuring Encrypted Hard Drives
 

windows/security/information-protection/tpm/trusted-platform-module-overview.md

@@ -16,6 +16,7 @@ ms.collection:
   - M365-security-compliance
   - highpri
 ms.topic: conceptual
+adobe-target: true
 ---
 
 # Trusted Platform Module Technology Overview

windows/security/threat-protection/auditing/event-4741.md

@@ -16,8 +16,7 @@ ms.technology: windows-sec
 
 # 4741(S): A computer account was created.
 
-
-<img src="images/event-4741.png" alt="Event 4741 illustration" width="449" height="837" hspace="10" align="left" />
+![Event 4741 illustration](images/event-4741.png)
 
 ***Subcategory:***&nbsp;[Audit Computer Account Management](audit-computer-account-management.md)
 

windows/security/threat-protection/security-policy-settings/minimum-password-length.md

@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 03/30/2022
 ms.technology: windows-sec
 ---
 
@@ -36,7 +36,7 @@ The **Minimum password length** policy setting determines the least number of ch
 
 ### Best practices
 
-Set Minimum password length to at least a value of 8. If the number of characters is set to 0, no password is required. In most environments, an eight-character password is recommended because it's long enough to provide adequate security and still short enough for users to easily remember. A minimum password length greater than 14 isn't supported at this time. This value will help provide adequate defense against a brute force attack. Adding complexity requirements will help reduce the possibility of a dictionary attack. For more info, see [Password must meet complexity requirements](password-must-meet-complexity-requirements.md).
+Set Minimum password length to at least a value of 14. If the number of characters is set to 0, no password is required. In most environments, an eight-character password is recommended because it's long enough to provide adequate security and still short enough for users to easily remember. A minimum password length greater than 14 isn't supported at this time. This value will help provide adequate defense against a brute force attack. Adding complexity requirements will help reduce the possibility of a dictionary attack. For more info, see [Password must meet complexity requirements](password-must-meet-complexity-requirements.md).
 
 Permitting short passwords reduces security because short passwords can be easily broken with tools that do dictionary or brute force attacks against the passwords. Requiring very long passwords can result in mistyped passwords that might cause account lockouts and might increase the volume of Help Desk calls.
 

windows/security/threat-protection/windows-defender-application-control/TOC.yml

@@ -104,10 +104,10 @@
     - name: Windows Defender Application Control operational guide
       href: windows-defender-application-control-operational-guide.md
       items: 
-        - name: Understanding Application Control event IDs
-          href: event-id-explanations.md
         - name: Understanding Application Control event tags
           href: event-tag-explanations.md
+        - name: Understanding Application Control event IDs
+          href: event-id-explanations.md
         - name: Query WDAC events with Advanced hunting
           href: querying-application-control-events-centrally-using-advanced-hunting.md
         - name: Known Issues

windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md

@@ -87,7 +87,29 @@ reg add hklm\system\currentcontrolset\control\ci -v TestFlags -t REG_DWORD -d 0x
 
 ## Event ID 3099 Options
 
-The WDAC policy rule-option values can be derived from the "Options" field in the Details section of the Code integrity 3099 event. To parse the values, first convert the hex value to binary. Next, use the bit addresses and their values from the table below to determine the state of each [policy rule-option](/select-types-of-rules-to-create#table-1-windows-defender-application-control-policy---rule-options).
+The WDAC policy rule-option values can be derived from the "Options" field in the Details section of the Code integrity 3099 event. To parse the values, first convert the hex value to binary. To derive and parse these values, follow the below workflow.
+
+- Access Event Viewer.
+- Access the Code integrity 3099 event.
+- Access the details pane.
+- Identify the hex code listed in the “Options” field.
+- Convert the hex code to binary
+
+:::image type="content" source="images/event-3099-options.png" alt-text="Event 3099 Policy Rule Options":::
+
+For a simple solution for converting hex to binary, follow these steps.
+- Open the Calculator app
+- Click on the menu icon :::image type="content" source="images/calculator-menu-icon.png" alt-text="calculator menu icon example":::
+- Click Programmer mode
+- Click HEX  :::image type="content" source="images/hex-icon.png" alt-text="HEX icon example":::
+- Enter your hex code
+- Click Bit Toggling Keyboard :::image type="content" source="images/bit-toggling-keyboard-icon.png" alt-text="Bit Toggling Keyboard icon example":::
+
+:::image type="content" source="images/calculator-with-hex-in-binary.png" alt-text="An example of the calculator app in programmer mode, with a hex code converted into binary":::
+
+This view will provide the hex code in binary form, with each bit address shown separately.  The bit addresses start at 0 in the bottom right.  Each bit address correlates to a specific event policy-rule option.  If the bit address holds a value of 1, the setting is in the policy.
+
+Next, use the bit addresses and their values from the table below to determine the state of each [policy rule-option](/select-types-of-rules-to-create#table-1-windows-defender-application-control-policy---rule-options). For example, if the bit address of 16 holds a value of 1, then the “Enabled:Audit Mode (Default)” is in the policy meaning the policy is in audit mode.
 
 | Bit Address | Policy Rule Option |
 |-------|------|

windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md

@@ -14,7 +14,6 @@ author: jgeurten
 ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
-ms.date: 
 ---
 
 # Microsoft recommended driver block rules
@@ -46,7 +45,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
 <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
-  <VersionEx>10.0.25070.0</VersionEx>
+  <VersionEx>10.0.25090.0</VersionEx>
   <PolicyTypeID>{D2BDA982-CCF6-4344-AC5B-0B44427B6816}</PolicyTypeID>
   <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
   <Rules>
@@ -389,7 +388,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Deny ID="ID_DENY_RETLIFTEN_SHA256_70" FriendlyName="b.sys Hash Sha256" Hash="84DF20B1D9D87E305C92E5FFAE21B10B325609D59D835A954DBD8750EF5DABF4"/>
     <Deny ID="ID_DENY_RETLIFTEN_SHA256_71" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102"/>
     <Deny ID="ID_DENY_RETLIFTEN_SHA256_72" FriendlyName="d3.sys Hash Sha256" Hash="36875562E747136313EC5DB58174E5FAB870997A054CA8D3987D181599C7DB6A"/>
-    <Deny ID="ID_DENY_PROCESSHACKER" FriendlyName="kprocesshacker.sys FileRule" FileName="kprocesshacker.sys" />
+    <Deny ID="ID_DENY_PROCESSHACKER" FriendlyName="kprocesshacker.sys FileRule" FileName="kprocesshacker.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.65535.65535" />
     <Deny ID="ID_DENY_AMP" FriendlyName="System Mechanic CVE-2018-5701" FileName="amp.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="5.4.11.1" />
     <Deny ID="ID_DENY_ASMMAP" FriendlyName="Asus Memory Mapping Driver" FileName="asmmap.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <Deny ID="ID_DENY_ASMMAP_64" FriendlyName="Asus Memory Mapping Driver" FileName="asmmap64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
@@ -422,6 +421,8 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <FileAttrib ID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" FriendlyName="" FileName="rtkiow8x64.sys" MinimumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" FriendlyName="" FileName="rtkiow10x64.sys" MinimumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_RWDRV_DRIVER" FriendlyName="" FileName="RwDrv.sys" MinimumFileVersion="65535.65535.65535.65535" />
+	<FileAttrib ID="ID_FILEATTRIB_SANDBOX_1" FriendlyName="Agnitum sandbox FileAttribute" FileName="sandbox.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_SANDBOX_2" FriendlyName="Agnitum SandBox FileAttribute" FileName="SandBox.sys"  MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_SANDRA" FriendlyName="" FileName="SANDRA" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.12.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_SANDRA_DRIVER" FriendlyName="" FileName="sandra.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.12.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_SEGWINDRVX64" FriendlyName="segwindrvx64.sys FileAttribute" FileName="segwindrvx64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="100.0.7.2" />
@@ -700,6 +701,26 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
       <CertRoot Type="TBS" Value="13BAA039635F1C5292A8C2F36AAE7E1D25C025202E9092F5B0F53F5F752DFA9C71B3D1B8D9A6358FCEE6EC75622FABF9" />
       <CertPublisher Value="Advanced Micro Devices Inc." />
       <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
+    </Signer>
+	<Signer ID="ID_SIGNER_AGNITUM_2004" Name="VeriSign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
+      <CertPublisher Value="Agnitum Ltd." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDBOX_2" />
+    </Signer>
+	<Signer ID="ID_SIGNER_AGNITUM_2009" Name="VeriSign Class 3 Code Signing 2009-2 CA">
+      <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
+      <CertPublisher Value="Agnitum Ltd." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDBOX_1" />
+    </Signer>
+    <Signer ID="ID_SIGNER_AGNITUM_2010" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Agnitum Ltd." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDBOX_1" />
+    </Signer>
+    <Signer ID="ID_SIGNER_AGNITUM_2010_1" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4678C6E4A8787A8E6ED2BCE8792B122F6C08AFD8" />
+      <CertPublisher Value="Agnitum Ltd." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDBOX_1" />
     </Signer>
     <Signer ID="ID_SIGNER_GEOTRUST_SRL_2009" Name="HT Srl Digital ID Class 3 - Microsoft Software Validation v2">
       <CertRoot Type="TBS" Value="d70edfa009a76bd8250d74e9ee92eb9ead7d4cb3" />
@@ -721,12 +742,31 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     </Signer>
 	<Signer ID="ID_SIGNER_SAASAME" Name="SaaSaMe Ltd.">
       <CertRoot Type="TBS" Value="A86DE66D8198E4272859881476A6F9936034A482" />
+    </Signer>
+	<Signer ID="ID_SIGNER_NVIDIA_2007" Name="Leaked 2007 NVIDIA Corporation Verisign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="80854F578E2A3B5552EA839BA4F98DDFE94B2381" />
     </Signer>
 	<Signer ID="ID_SIGNER_NVIDIA_2011" Name="Leaked 2011 NVIDIA Corporation Verisign Class 3 Code Signing 2010 CA">
       <CertRoot Type="TBS" Value="15C37DBEBE6FCC77108E3D7AD982676D3D5E77F7" />
     </Signer>
 	<Signer ID="ID_SIGNER_NVIDIA_2015" Name="Leaked 2015 NVIDIA Corporation Verisign Class 3 Code Signing 2010 CA">
       <CertRoot Type="TBS" Value="F049A238763D4A90B148AB10A500F96EBF1DC436" />
+    </Signer>
+	<Signer ID="ID_SIGNER_HERMETICWIPER_1" Name="DigiCert Assured ID Code Signing CA-1">
+      <CertRoot Type="TBS" Value="47F4B9898631773231B32844EC0D49990AC4EB1E" />
+      <CertPublisher Value="CHENGDU YIWO Tech Development Co., Ltd." />
+    </Signer>
+    <Signer ID="ID_SIGNER_HERMETICWIPER_2" Name="Symantec Class 3 Extended Validation Code Signing CA - G2">
+      <CertRoot Type="TBS" Value="B3C925B4048C3F7C444D248A2B101186B57CBA39596EB5DCE0E17A4EE4B32F19" />
+      <CertPublisher Value="Chengdu Yiwo Tech Development Co., Ltd." />
+    </Signer>
+    <Signer ID="ID_SIGNER_HERMETICWIPER_3" Name="VeriSign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
+      <CertPublisher Value="CHENGDU YIWO Tech Development Co., Ltd." />
+    </Signer>
+    <Signer ID="ID_SIGNER_HERMETICWIPER_4" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="CHENGDU YIWO Tech Development Co., Ltd." />
     </Signer>
   </Signers>
   <!--Driver Signing Scenarios-->
@@ -734,6 +774,10 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DENIED_VULN_MAL_SIGNERS" FriendlyName="Signers of known vulnerable or malicious drivers">
       <ProductSigners>
         <DeniedSigners>
+		  <DeniedSigner SignerId="ID_SIGNER_AGNITUM_2004" />
+		  <DeniedSigner SignerId="ID_SIGNER_AGNITUM_2009" />
+		  <DeniedSigner SignerId="ID_SIGNER_AGNITUM_2010" />
+		  <DeniedSigner SignerId="ID_SIGNER_AGNITUM_2010_1" />
           <DeniedSigner SignerId="ID_SIGNER_AMDPP" />
           <DeniedSigner SignerId="ID_SIGNER_CAPCOM" />
           <DeniedSigner SignerId="ID_SIGNER_CHEAT_ENGINE" /> 
@@ -750,6 +794,10 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2010" />
           <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_TG_SOFT" />
           <DeniedSigner SignerId="ID_SIGNER_HANDAN" />
+		  <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_1" />
+		  <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_2" />
+		  <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_3" />
+		  <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_4" />
           <DeniedSigner SignerId="ID_SIGNER_HP" /> 
           <DeniedSigner SignerId="ID_SIGNER_INTEL_IQVW" />
           <DeniedSigner SignerId="ID_SIGNER_JEROMIN_CODY_ERIC" />
@@ -757,6 +805,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_KERNEL_SHA2" />
           <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_USER" />
           <DeniedSigner SignerId="ID_SIGNER_NANJING" />
+		  <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2007" />
 		  <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2011" />
 		  <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2015" />
           <DeniedSigner SignerId="ID_SIGNER_PHYSMEM" />
@@ -1143,7 +1192,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     </Setting>
     <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
       <Value>
-        <String>10.0.25070.0</String>
+        <String>10.0.25090.0</String>
       </Value>
     </Setting>
   </Settings>

windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md

@@ -141,6 +141,9 @@ You can also use the following macros when the exact volume may vary: `%OSDRIVE%
 > [!NOTE]
 > For others to better understand the WDAC policies that has been deployed, we recommend maintaining separate ALLOW and DENY policies on Windows 10, version 1903 and later.
 
+> [!NOTE]
+> There is currently a bug where MSIs cannot be allow listed in file path rules. MSIs must be allow listed using other rule types, for example, publisher rules or file attribute rules.
+
 ## More information about hashes
 
 ### Why does scan create four hash rules per XML file?

windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md

@@ -108,4 +108,4 @@ If you do not have a code signing certificate, see [Optional: Create a code sign
 9. Validate the signed file. When complete, the commands should output a signed policy file called {PolicyID}.cip to your desktop. You can deploy this file the same way you deploy an enforced or non-enforced policy. For information about how to deploy WDAC policies, see [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md).
 
 > [!NOTE]
-> The device with the signed policy must be rebooted one time with Secure Boot enabled for the UEFI lock to be set. 
+> The device with the signed policy must be rebooted one time with Secure Boot enabled for the UEFI lock to be set.