From 55aff11d116cf0e7a345a3fcd83ee57ca50e528a Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Wed, 5 Jan 2022 11:31:03 +0200
Subject: [PATCH 01/39] Update info

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10021
---
 .../identity-protection/hello-for-business/hello-faq.yml        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 66e88ee1a6..b033cf57b3 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -100,7 +100,7 @@ sections:
           
           [Windows Hello for Business forgotten PIN user experience](hello-videos.md#windows-hello-for-business-forgotten-pin-user-experience)
           
-          For on-premises deployments, devices must be well-connected to their on-premises network (domain controllers and/or certificate authority) to reset their PINs. Hybrid customers can on-board their Azure tenant to use the Windows Hello for Business PIN reset service to reset their PINs without access to their corporate network.
+          For on-premises deployments, devices must be well-connected to their on-premises network (domain controllers and/or certificate authority) to reset their PINs. Hybrid customers can on-board their Azure tenant to use the Windows Hello for Business PIN reset service to reset their PINs. Non-destructive PIN reset works without access to corporate network. Destructive PIN reset requires access to corporate network. More details about destructive and non-destructive PIN reset can be found [here](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset).
           
       - question: What URLs do I need to allow for a hybrid deployment?
         answer: |

From 6b861b7d7dc6855f8b2d91d185d1685760207799 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Thu, 6 Jan 2022 11:35:22 +0200
Subject: [PATCH 02/39] Update
 windows/security/identity-protection/hello-for-business/hello-faq.yml

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../identity-protection/hello-for-business/hello-faq.yml        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index b033cf57b3..b4dc152193 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -100,7 +100,7 @@ sections:
           
           [Windows Hello for Business forgotten PIN user experience](hello-videos.md#windows-hello-for-business-forgotten-pin-user-experience)
           
-          For on-premises deployments, devices must be well-connected to their on-premises network (domain controllers and/or certificate authority) to reset their PINs. Hybrid customers can on-board their Azure tenant to use the Windows Hello for Business PIN reset service to reset their PINs. Non-destructive PIN reset works without access to corporate network. Destructive PIN reset requires access to corporate network. More details about destructive and non-destructive PIN reset can be found [here](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset).
+          For on-premises deployments, devices must be well-connected to their on-premises network (domain controllers and/or certificate authority) to reset their PINs. Hybrid customers can onboard their Azure tenant to use the Windows Hello for Business PIN reset service to reset their PINs. Non-destructive PIN reset works without access to the corporate network. Destructive PIN reset requires access to the corporate network. For more details about destructive and non-destructive PIN reset, see [PIN reset](/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset).
           
       - question: What URLs do I need to allow for a hybrid deployment?
         answer: |

From 237bd91ea6d78183a706fc2bebfe7065f5db381a Mon Sep 17 00:00:00 2001
From: Adam Shapiro <45466550+adamoboe@users.noreply.github.com>
Date: Tue, 11 Jan 2022 18:28:29 -0800
Subject: [PATCH 03/39] Update virus-initiative-criteria.md

updated the list of third party test providers
---
 .../threat-protection/intelligence/virus-initiative-criteria.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
index 0441e00ed4..272227666c 100644
--- a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
+++ b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
@@ -45,9 +45,7 @@ Test Provider | Lab Test Type |	Minimum Level / Score
 AV-Comparatives | Real-World Protection Test </br> https://www.av-comparatives.org/testmethod/real-world-protection-tests/ |“Approved” rating from AV Comparatives
 AV-Test | Must pass tests for Windows. Certifications for Mac and Linux aren't accepted </br> https://www.av-test.org/en/about-the-institute/certification/ | Achieve "AV-TEST Certified" (for home users) or "AV-TEST Approved” (for corporate users)
 ICSA Labs |	Endpoint Anti-Malware Detection </br> https://www.icsalabs.com/technology-program/anti-virus/criteria |PASS/Certified
-NSS Labs | Advanced Endpoint Protection AEP 3.0, which covers automatic threat prevention and threat event reporting capabilities </br> https://www.nsslabs.com/tested-technologies/advanced-endpoint-protection/ |“Neutral” rating from NSS
 SKD Labs | Certification Requirements Product: Anti-virus or Antimalware </br> http://www.skdlabs.com/html/english/ </br> http://www.skdlabs.com/cert/ |SKD Labs Star Check Certification Requirements Pass >= 98.5% with On Demand, On Access and Total Detection tests 
-SE Labs | Protection A rating or Small Business EP A rating or Enterprise EP Protection A rating </br> https://selabs.uk/en/reports/consumers |Home or Enterprise “A” rating
 VB 100 |	VB100 Certification Test V1.1 </br> https://www.virusbulletin.com/testing/vb100/vb100-methodology/vb100-methodology-ver1-1/ | VB100 Certification
 West Coast Labs |	Checkmark Certified </br> http://www.checkmarkcertified.com/sme/  | “A” Rating on Product Security Performance
 

From 274c2c840d5793b8a806f4a606d91f072ef0563f Mon Sep 17 00:00:00 2001
From: Ben Watt <13239035+wattbt@users.noreply.github.com>
Date: Thu, 13 Jan 2022 12:27:22 +0000
Subject: [PATCH 04/39] Minor rewording for clarity

Some minor rewording to make it clearer about how to turn off Config Lock, what the last section before the FAQ is about, and to better explain why the Firmware protection image is there.
Also took the opportunity to improve the image descriptions.
---
 windows/client-management/mdm/config-lock.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/client-management/mdm/config-lock.md b/windows/client-management/mdm/config-lock.md
index f1bee95c6a..a13a98d8b4 100644
--- a/windows/client-management/mdm/config-lock.md
+++ b/windows/client-management/mdm/config-lock.md
@@ -48,31 +48,31 @@ The steps to turn on Config Lock using Microsoft Endpoint Manager (Microsoft Int
     - **Profile type**: Templates
     - **Template name**: Custom
 
-    :::image type="content" source="images/configlock-mem-createprofile.png" alt-text="create profile":::
+    :::image type="content" source="images/configlock-mem-createprofile.png" alt-text="In Configuration profiles, the Create a profile page is showing, with the Platform set to Windows 10 and later, and a Profile Type of Templates":::
 
 1. Name your profile.
 1. When you reach the Configuration Settings step, select “Add” and add the following information:
     - **OMA-URI**: ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/ConfigLock/Lock
     - **Data type**: Integer
     - **Value**: 1 </br>
-    To turn off Config Lock. Change value to 0.
+    To turn off Config Lock, change the value to 0.
 
-    :::image type="content" source="images/configlock-mem-editrow.png" alt-text="edit row":::
+    :::image type="content" source="images/configlock-mem-editrow.png" alt-text="In the Configuration settings step, the Edit Row page is shown with a Name of Config Lock, a Description of Turn on Config Lock and the OMA-URI set as above, along with a Data type of Integer set to a Value of 1":::
 
 1. Select the devices to turn on Config Lock. If you're using a test tenant, you can select “+ Add all devices”.
 1. You'll not need to set any applicability rules for test purposes.
 1. Review the Configuration and select “Create” if everything is correct.
 1. After the device syncs with the Microsoft Intune server, you can confirm if the Config Lock was successfully enabled.
 
-    :::image type="content" source="images/configlock-mem-dev.png" alt-text="status":::
+    :::image type="content" source="images/configlock-mem-dev.png" alt-text="The Profile assignment status dashboard when viewing the Config Lock device configuration profile, showing one device has succeeded in having this profile applied":::
 
-    :::image type="content" source="images/configlock-mem-devstatus.png" alt-text="device status":::
+    :::image type="content" source="images/configlock-mem-devstatus.png" alt-text="The Device Status for the Config Lock Device Configuration Profile, showing one device with a Deployment Status as Succeeded and two with Pending":::
 
-## Disabling
+## Configuring Secured-Core PC features
 
-Config Lock is designed to ensure that a Secured-Core PC isn't unintentionally misconfigured.  IT Admins retain the ability to change (enabled/disable) SCPC features via Group Policies and/or mobile device management (MDM) tools, such as Microsoft Intune.
+Config Lock is designed to ensure that a Secured-Core PC isn't unintentionally misconfigured.  IT Admins retain the ability to change (enable/disable) SCPC features (for example Firmware protection) via Group Policies and/or mobile device management (MDM) tools, such as Microsoft Intune.
 
-:::image type="content" source="images/configlock-mem-firmwareprotect.png" alt-text="firmware protect":::
+:::image type="content" source="images/configlock-mem-firmwareprotect.png" alt-text="The Defender Firmware protection setting, with a description of Windows Defender System Guard protects your device from compromised firmware. The setting is set to Off":::
  
 ## FAQ
 

From ebd201659caadd25441a93de831e4cd409cef608 Mon Sep 17 00:00:00 2001
From: Libby Brown <40281215+libbro2006@users.noreply.github.com>
Date: Thu, 10 Feb 2022 15:30:44 -0800
Subject: [PATCH 05/39] Update hello-faq.yml

Updating a very out of date question around shared devices & FIDO2 security keys.
---
 .../identity-protection/hello-for-business/hello-faq.yml        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 66e88ee1a6..bb118cd3af 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -48,7 +48,7 @@ sections:
           
       - question: How many users can enroll for Windows Hello for Business on a single Windows 10 computer?
         answer: |
-          The maximum number of supported enrollments on a single Windows 10 computer is 10. This lets 10 users each enroll their face and up to 10 fingerprints. While we support 10 enrollments, we will strongly encourage the use of Windows Hello security keys for the shared computer scenario when they become available.
+          The maximum number of supported enrollments on a single Windows 10 computer is 10. This lets 10 users each enroll their face and up to 10 fingerprints. For devices with more than 10 users, we strongly encourage the use of FIDO2 security keys.
 
       - question: How can a PIN be more secure than a password?
         answer: |

From 681af954b9224731feb9f8240f3a67af4395b385 Mon Sep 17 00:00:00 2001
From: Michael Mardahl <iphase@iphase.dk>
Date: Wed, 16 Feb 2022 11:51:52 +0100
Subject: [PATCH 06/39] Update hello-faq.yml

Added missing information about what happens when PIN policy is changed and that Intune can also be used besides just Configuration manager.
#ATCP
---
 .../identity-protection/hello-for-business/hello-faq.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 66e88ee1a6..c7a144f461 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -45,6 +45,10 @@ sections:
       - question: Can I deploy Windows Hello for Business by using Microsoft Endpoint Configuration Manager?
         answer: |
           Windows Hello for Business deployments using Configuration Manager should follow the hybrid deployment model that uses Active Directory Federation Services. Starting in Configuration Manager version 1910, certificate-based authentication with Windows Hello for Business settings isn't supported. Key-based authentication is still valid with Configuration Manager. For more information, see [Windows Hello for Business settings in Configuration Manager](/configmgr/protect/deploy-use/windows-hello-for-business-settings).
+
+      - question: Can I deploy Windows Hello for Business by using Microsoft Endpoint Manager Intune?
+        answer: |
+          Windows Hello for Business deployments using Intune allows for a great deal of flexibility in deployment. For more information, see [Integrate Windows Hello for Business with Microsoft Intune](/mem/intune/protect/windows-hello).
           
       - question: How many users can enroll for Windows Hello for Business on a single Windows 10 computer?
         answer: |
@@ -101,6 +105,11 @@ sections:
           [Windows Hello for Business forgotten PIN user experience](hello-videos.md#windows-hello-for-business-forgotten-pin-user-experience)
           
           For on-premises deployments, devices must be well-connected to their on-premises network (domain controllers and/or certificate authority) to reset their PINs. Hybrid customers can on-board their Azure tenant to use the Windows Hello for Business PIN reset service to reset their PINs without access to their corporate network.
+
+      - question: What happens when a PIN policy is changed?
+        answer: |
+          Once a new policy is applied to the users device, the user will be asked to change their PIN once they have typed in the current PIN.
+          If more than one policy is applied, the most restrictive setting will win.
           
       - question: What URLs do I need to allow for a hybrid deployment?
         answer: |

From 5e26ffe91c26a59bce5720f3e23f98da1ecde7c0 Mon Sep 17 00:00:00 2001
From: Michael Mardahl <iphase@iphase.dk>
Date: Thu, 17 Feb 2022 06:40:35 +0100
Subject: [PATCH 07/39] Update
 windows/security/identity-protection/hello-for-business/hello-faq.yml

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../identity-protection/hello-for-business/hello-faq.yml        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index c7a144f461..e565082227 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -48,7 +48,7 @@ sections:
 
       - question: Can I deploy Windows Hello for Business by using Microsoft Endpoint Manager Intune?
         answer: |
-          Windows Hello for Business deployments using Intune allows for a great deal of flexibility in deployment. For more information, see [Integrate Windows Hello for Business with Microsoft Intune](/mem/intune/protect/windows-hello).
+          Windows Hello for Business deployments using Intune allow for a great deal of flexibility in deployment. For more information, see [Integrate Windows Hello for Business with Microsoft Intune](/mem/intune/protect/windows-hello).
           
       - question: How many users can enroll for Windows Hello for Business on a single Windows 10 computer?
         answer: |

From bd9e9a4cad015ea225172a292880fed54fbf498a Mon Sep 17 00:00:00 2001
From: Michael Mardahl <iphase@iphase.dk>
Date: Thu, 17 Feb 2022 06:40:51 +0100
Subject: [PATCH 08/39] Update
 windows/security/identity-protection/hello-for-business/hello-faq.yml

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../identity-protection/hello-for-business/hello-faq.yml        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index e565082227..3b2ff6cf66 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -108,7 +108,7 @@ sections:
 
       - question: What happens when a PIN policy is changed?
         answer: |
-          Once a new policy is applied to the users device, the user will be asked to change their PIN once they have typed in the current PIN.
+          Once a new policy is applied to the user's device, the user will be asked to change their PIN once they have typed in the current PIN.
           If more than one policy is applied, the most restrictive setting will win.
           
       - question: What URLs do I need to allow for a hybrid deployment?

From 0b6731eb371f99e99a390ad368d0873baa0ee9de Mon Sep 17 00:00:00 2001
From: Michael Mardahl <iphase@iphase.dk>
Date: Thu, 17 Feb 2022 06:41:03 +0100
Subject: [PATCH 09/39] Update
 windows/security/identity-protection/hello-for-business/hello-faq.yml

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../identity-protection/hello-for-business/hello-faq.yml        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 3b2ff6cf66..f5dd866ec2 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -109,7 +109,7 @@ sections:
       - question: What happens when a PIN policy is changed?
         answer: |
           Once a new policy is applied to the user's device, the user will be asked to change their PIN once they have typed in the current PIN.
-          If more than one policy is applied, the most restrictive setting will win.
+          If more than one policy is applied, the most restrictive setting will apply.
           
       - question: What URLs do I need to allow for a hybrid deployment?
         answer: |

From 53d7af922b089922077c3bb4fae4c9c493501bde Mon Sep 17 00:00:00 2001
From: Simon Biber <simon@srkb.net>
Date: Thu, 3 Mar 2022 17:56:37 +1030
Subject: [PATCH 10/39] Complexity requirements reduce password strength

Long passwords with only alphanumeric characters are not easy to compromise. Short passwords are easy to compromise. Adding length is more important than adding complexity.

The article provides a number 218,340,105,584,896 different possibilities for a single password. That number is clearly based on the calculation (26 + 26 + 10)^8 = 218,340,105,584,896 on the basis the 8 characters may be any of 26 uppercase letters, 26 lowercase and 10 digits.

However, turning on complexity requirements will ensure that there are at least 3 categories of character, and eliminate some of those possibilities. It will eliminate cases where there were no digits, cases where there are no uppercase letters, and cases where there are no lowercase letters.

|---|---|
|eight characters of any uppercase, lowercase *or* digits|218,340,105,584,896|
| | ... minus ... |
|eight characters of uppercase or lowercase with no digits|53,459,728,531,456|
| | ... minus ... |
|eight characters of lowercase or digits with no uppercase|2,821,109,907,456|
| | ... minus ... |
|eight characters of uppercase or digits with no lowercase|2,821,109,907,456|
| | ... equals ... |
|eight characters of uppercase, lowercase *and* digits|159,238,157,238,528|

Rather than enforcing complexity, administrators are better off increasing the minimum length. A minimum length of 11 instead of 8 would be sufficient to add so many more possibilities that even if users only used lowercase letters, there are more possibilities of 11 lowercase letters than there are of 8 complex characters:

8 complex characters = 62^8 = 218,340,105,584,896 possibilities

11 lowercase letters = 26^11 = 3,670,344,486,987,776 possibilities
---
 .../password-must-meet-complexity-requirements.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
index 7928508380..74efe115ae 100644
--- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
@@ -62,11 +62,11 @@ Additional settings that can be included in a custom Passfilt.dll are the use of
 > [!TIP]
 > For the latest best practices, see [Password Guidance](https://www.microsoft.com/research/publication/password-guidance).
 
-Set **Passwords must meet complexity requirements** to Enabled. This policy setting, combined with a minimum password length of 8, ensures that there are at least 218,340,105,584,896 different possibilities for a single password. This setting makes a brute force attack difficult, but still not impossible.
+Set **Passwords must meet complexity requirements** to Enabled. This policy setting, combined with a minimum password length of 8, ensures that there are at least 159,238,157,238,528 different possibilities for a single password. This setting makes a brute force attack difficult, but still not impossible.
 
 The use of ALT key character combinations may greatly enhance the complexity of a password. However, requiring all users in an organization to adhere to such stringent password requirements might result in unhappy users and an over-worked Help Desk. Consider implementing a requirement in your organization to use ALT characters in the range from 0128 through 0159 as part of all administrator passwords. (ALT characters outside of that range can represent standard alphanumeric characters that do not add more complexity to the password.)
 
-Passwords that contain only alphanumeric characters are easy to compromise by using publicly available tools. To prevent this, passwords should contain additional characters and meet complexity requirements.
+Short passwords that contain only alphanumeric characters are easy to compromise by using publicly available tools. To prevent this, passwords should contain additional characters and/or meet complexity requirements.
 
 ### Location
 

From 2f3fc592ff3a295a04165a87302413a740b9f2a7 Mon Sep 17 00:00:00 2001
From: Anthony Swierkosz <aswierkosz1@gmail.com>
Date: Sun, 6 Mar 2022 20:50:55 -0500
Subject: [PATCH 11/39] Fixes #10396, spelling and formatting for provisioning
 multivariant code

---
 .../provisioning-multivariant.md              | 232 +++++++++---------
 1 file changed, 116 insertions(+), 116 deletions(-)

diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md
index 028b44c522..d4e1cc8ad0 100644
--- a/windows/configuration/provisioning-packages/provisioning-multivariant.md
+++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md
@@ -121,30 +121,30 @@ Follow these steps to create a provisioning package with multivariant capabiliti
     The following example shows the contents of a sample customizations.xml file.
 
     ```XML
-   &lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt; 
-   <WindowsCustomizatons> 
-   <PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0"> 
-    <ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID> 
-    <Name>My Provisioning Package</Name> 
-    <Version>1.0</Version> 
-    <OwnerType>OEM</OwnerType> 
-    <Rank>50</Rank> 
-   </PackageConfig> 
-   <Settings xmlns="urn:schemas-microsoft-com:windows-provisioning"> 
-    <Customizations> 
-      <Common> 
-        <Policies> 
-          <AllowBrowser>0</AllowBrowser> 
-          <AllowCamera>0</AllowCamera> 
-          <AllowBluetooth>0</AllowBluetooth> 
-        </Policies> 
-        <HotSpot> 
-          <Enabled>0</Enabled> 
-        </HotSpot> 
-      </Common> 
-    </Customizations> 
-   </Settings> 
-   </WindowsCustomizatons> 
+   <?xml version="1.0" encoding="utf-8"?>
+   <WindowsCustomizations>
+     <PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0">
+       <ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID>
+       <Name>My Provisioning Package</Name>
+       <Version>1.0</Version>
+       <OwnerType>OEM</OwnerType>
+       <Rank>50</Rank>
+     </PackageConfig>
+     <Settings xmlns="urn:schemas-microsoft-com:windows-provisioning">
+       <Customizations>
+         <Common>
+           <Policies>
+             <AllowBrowser>0</AllowBrowser>
+             <AllowCamera>0</AllowCamera>
+             <AllowBluetooth>0</AllowBluetooth>
+           </Policies>
+           <HotSpot>
+             <Enabled>0</Enabled>
+           </HotSpot>
+         </Common>
+       </Customizations>
+     </Settings>
+   </WindowsCustomizations> 
     ```
 
 5. Edit the customizations.xml file to create a **Targets** section to describe the conditions that will handle your multivariant settings. 
@@ -152,48 +152,48 @@ Follow these steps to create a provisioning package with multivariant capabiliti
     The following example shows the customizations.xml, which has been modified to include several conditions including **ProcessorName**, **ProcessorType**, **MCC**, and **MNC**.
     
     ```XML
-    <?xml version="1.0" encoding="utf-8"?> 
-   <WindowsCustomizatons> 
-   <PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0"> 
-    <ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID> 
-    <Name>My Provisioning Package</Name> 
-    <Version>1.0</Version> 
-    <OwnerType>OEM</OwnerType> 
-    <Rank>50</Rank> 
-   </PackageConfig> 
-   <Settings xmlns="urn:schemas-microsoft-com:windows-provisioning"> 
-    <Customizations> 
-      <Common> 
-        <Policies> 
-          <AllowBrowser>0</AllowBrowser> 
-          <AllowCamera>0</AllowCamera> 
-          <AllowBluetooth>0</AllowBluetooth> 
-        </Policies> 
-        <HotSpot> 
-          <Enabled>0</Enabled> 
-        </HotSpot> 
-      </Common> 
-      <Targets> 
-        <Target Id="Unique target identifier for desktop"> 
-          <TargetState> 
-            <Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" /> 
-            <Condition Name="ProcessorType" Value="Pattern:.*(I|i)ntel.*" /> 
-          </TargetState> 
-          <TargetState> 
-            <Condition Name="ProcessorName" Value="Barton" /> 
-            <Condition Name="ProcessorType" Value="Athlon MP" /> 
-          </TargetState> 
-        </Target> 
-        <Target Id="Mobile target"> 
-          <TargetState> 
-            <Condition Name="MCC" Value="Range:310, 320" /> 
-            <Condition Name="MNC" Value="!Range:400, 550" /> 
-          </TargetState> 
-        </Target> 
-      </Targets> 
-    </Customizations> 
-   </Settings> 
-   </WindowsCustomizatons> 
+   <?xml version="1.0" encoding="utf-8"?>
+   <WindowsCustomizations>
+     <PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0">
+       <ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID>
+       <Name>My Provisioning Package</Name>
+       <Version>1.0</Version>
+       <OwnerType>OEM</OwnerType>
+       <Rank>50</Rank>
+     </PackageConfig>
+     <Settings xmlns="urn:schemas-microsoft-com:windows-provisioning">
+       <Customizations>
+         <Common>
+           <Policies>
+             <AllowBrowser>0</AllowBrowser>
+             <AllowCamera>0</AllowCamera>
+             <AllowBluetooth>0</AllowBluetooth>
+           </Policies>
+           <HotSpot>
+             <Enabled>0</Enabled>
+           </HotSpot>
+         </Common>
+         <Targets>
+           <Target Id="Unique target identifier for desktop">
+             <TargetState>
+               <Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" />
+               <Condition Name="ProcessorType" Value="Pattern:.*(I|i)ntel.*" />
+             </TargetState>
+             <TargetState>
+               <Condition Name="ProcessorName" Value="Barton" />
+               <Condition Name="ProcessorType" Value="Athlon MP" />
+             </TargetState>
+           </Target>
+           <Target Id="Mobile target">
+             <TargetState>
+               <Condition Name="MCC" Value="Range:310, 320" />
+               <Condition Name="MNC" Value="!Range:400, 550" />
+             </TargetState>
+           </Target>
+         </Targets>
+       </Customizations>
+     </Settings>
+   </WindowsCustomizations> 
     ```
 
 6. In the customizations.xml file, create a **Variant** section for the settings you need to customize. To do this:
@@ -212,56 +212,56 @@ Follow these steps to create a provisioning package with multivariant capabiliti
     The following example shows the customizations.xml updated to include a **Variant** section and the moved settings that will be applied if the conditions for the variant are met.
 
     ```XML
-   &lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt; 
-   <WindowsCustomizatons> 
-   <PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0">
-    <ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID> 
-    <Name>My Provisioning Package</Name> 
-    <Version>1.0</Version> 
-    <OwnerType>OEM</OwnerType> 
-    <Rank>50</Rank> 
-   </PackageConfig> 
-   <Settings xmlns="urn:schemas-microsoft-com:windows-provisioning"> 
-    <Customizations> 
-      <Common> 
-      </Common> 
-      <Targets> 
-        <Target Id="Unique target identifier for desktop"> 
-          <TargetState> 
-            <Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" /> 
-            <Condition Name="ProcessorType" Value="Pattern:.*(I|i)ntel.*" /> 
-          </TargetState> 
-          <TargetState> 
-            <Condition Name="ProcessorName" Value="Barton" /> 
-            <Condition Name="ProcessorType" Value="Athlon MP" /> 
-          </TargetState> 
-        </Target> 
-        <Target Id="Mobile target"> 
-          <TargetState> 
-            <Condition Name="MCC" Value="Range:310, 320" /> 
-            <Condition Name="MNC" Value="!Range:400, 550" /> 
-          </TargetState> 
-        </Target>
-      </Targets> 
-      <Variant> 
-        <TargetRefs> 
-          <TargetRef Id="Unique target identifier for desktop" /> 
-          <TargetRef Id="Mobile target" /> 
-        </TargetRefs> 
-        <Settings> 
-          <Policies> 
-            <AllowBrowser>1</AllowBrowser> 
-            <AllowCamera>1</AllowCamera> 
-            <AllowBluetooth>1</AllowBluetooth> 
-          </Policies> 
-          <HotSpot> 
-            <Enabled>1</Enabled> 
-          </HotSpot> 
-        </Settings> 
-      </Variant> 
-    </Customizations> 
-   </Settings> 
-   </WindowsCustomizatons> 
+   <?xml version="1.0" encoding="utf-8"?>
+   <WindowsCustomizations>
+     <PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0">
+       <ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID>
+       <Name>My Provisioning Package</Name>
+       <Version>1.0</Version>
+       <OwnerType>OEM</OwnerType>
+       <Rank>50</Rank>
+     </PackageConfig>
+     <Settings xmlns="urn:schemas-microsoft-com:windows-provisioning">
+       <Customizations>
+         <Common>
+         </Common>
+         <Targets>
+           <Target Id="Unique target identifier for desktop">
+             <TargetState>
+               <Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" />
+               <Condition Name="ProcessorType" Value="Pattern:.*(I|i)ntel.*" />
+             </TargetState>
+             <TargetState>
+               <Condition Name="ProcessorName" Value="Barton" />
+               <Condition Name="ProcessorType" Value="Athlon MP" />
+             </TargetState>
+           </Target>
+           <Target Id="Mobile target">
+             <TargetState>
+               <Condition Name="MCC" Value="Range:310, 320" />
+               <Condition Name="MNC" Value="!Range:400, 550" />
+             </TargetState>
+           </Target>
+         </Targets>
+         <Variant>
+           <TargetRefs>
+             <TargetRef Id="Unique target identifier for desktop" />
+             <TargetRef Id="Mobile target" />
+           </TargetRefs>
+           <Settings>
+             <Policies>
+               <AllowBrowser>1</AllowBrowser>
+               <AllowCamera>1</AllowCamera>
+               <AllowBluetooth>1</AllowBluetooth>
+             </Policies>
+             <HotSpot>
+               <Enabled>1</Enabled>
+             </HotSpot>
+           </Settings>
+         </Variant>
+       </Customizations>
+     </Settings>
+   </WindowsCustomizations> 
     ```
 
 7. Save the updated customizations.xml file and note the path to this updated file. You will need the path as one of the values for the next step.

From 12990a47d4f266f22774fa156917324c93389d04 Mon Sep 17 00:00:00 2001
From: valemieux <98555474+valemieux@users.noreply.github.com>
Date: Mon, 7 Mar 2022 08:39:02 -0800
Subject: [PATCH 12/39] Update Allow in FileRules - GH 10377

---
 .../microsoft-recommended-driver-block-rules.md                 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index cf94595896..ff3f04c809 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -64,6 +64,8 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
   <EKUs />
   <!--File Rules-->
   <FileRules>
+    <Allow ID="ID_ALLOW_ALL_1" FriendlyName="" FileName="*" />
+    <Allow ID="ID_ALLOW_ALL_2" FriendlyName="" FileName="*" />
     <Deny ID="ID_DENY_ASIO_32_SHA1" FriendlyName="ASIO32.sys Hash Sha1" Hash="D569D4BAB86E70EFBCDFDAC9D822139D6F477B7C" />
     <Deny ID="ID_DENY_ASIO_32_SHA256" FriendlyName="ASIO32.sys Hash Sha256" Hash="80599708CE61EC5D6DCFC5977208A2A0BE2252820A88D9BA260D8CDF5DC7FBE4" />
     <Deny ID="ID_DENY_ASIO_32_SHA1_PAGE" FriendlyName="ASIO32.sys Hash Page Sha1" Hash="80FA962BDFB76DFCB9E5D13EFC38BB3D392F2E77" />

From 8a1fccbc0bed06c201a6215903b7f4e43249ed1e Mon Sep 17 00:00:00 2001
From: valemieux <98555474+valemieux@users.noreply.github.com>
Date: Mon, 7 Mar 2022 11:57:20 -0800
Subject: [PATCH 13/39] valemieux Updating block list 38430645

---
 ...icrosoft-recommended-driver-block-rules.md | 437 +++++++++++++++---
 1 file changed, 369 insertions(+), 68 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index ff3f04c809..73be7294b3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -46,7 +46,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
 <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
-  <VersionEx>10.0.22493.0</VersionEx>
+  <VersionEx>10.0.25070.0</VersionEx>
   <PolicyTypeID>{D2BDA982-CCF6-4344-AC5B-0B44427B6816}</PolicyTypeID>
   <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
   <Rules>
@@ -110,10 +110,22 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Deny ID="ID_DENY_BANDAI_SHA256" FriendlyName="bandai.sys Hash Sha256" Hash="7FD788358585E0B863328475898BB4400ED8D478466D1B7F5CC0252671456CC8" />
     <Deny ID="ID_DENY_BANDAI_SHA1_PAGE" FriendlyName="bandai.sys Hash Page Sha1" Hash="EA360A9F23BB7CF67F08B88E6A185A699F0C5410" />
     <Deny ID="ID_DENY_BANDAI_SHA256_PAGE" FriendlyName="bandai.sys Hash Page Sha256" Hash="BB83738210650E09307CE869ACA9BFA251024D3C47B1006B94FCE2846313F56E" />
+	<Deny ID="ID_DENY_BS_RCIO64_SHA1" FriendlyName="BS_RCIO64 73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Sha1" Hash="4BFE9E5A5A25B7CDE6C81EBE31ED4ABEB5147FAF" />
+    <Deny ID="ID_DENY_BS_RCIO64_SHA256" FriendlyName="BS_RCIO64 73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Sha256" Hash="0381632CD236CD94FA9E64CCC958516AC50F9437F99092E231A607B1E6BE6CF8" />
+    <Deny ID="ID_DENY_BS_RCIO64_SHA1_PAGE" FriendlyName="BS_RCIO64 5651466512138240\73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Page Sha1" Hash="C28B640BECA5E2834D2A373F139869CC309F6631" />
+    <Deny ID="ID_DENY_BS_RCIO64_SHA256_PAGE" FriendlyName="BS_RCIO64 5651466512138240\73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Page Sha256" Hash="9378F7DFF94D9409D38FA1A125C52734D6BAEA90913FC3CEE2659FD36AB0DA29" />
     <Deny ID="ID_DENY_CAPCOM_SHA1" FriendlyName="capcom.sys Hash Sha1" Hash="1D1CAFC73C97C6BCD2331F8777D90FDCA57125A3" />
     <Deny ID="ID_DENY_CAPCOM_SHA256" FriendlyName="capcom.sys Hash Sha256" Hash="FAA08CB609A5B7BE6BFDB61F1E4A5E8ADF2F5A1D2492F262483DF7326934F5D4" />
     <Deny ID="ID_DENY_CAPCOM_SHA1_PAGE" FriendlyName="capcom.sys Hash Page Sha1" Hash="69006FBBD1B150FB9404867A5BCDC04FE0FC1BAD" />
     <Deny ID="ID_DENY_CAPCOM_SHA256_PAGE" FriendlyName="capcom.sys Hash Page Sha256" Hash="42589C7CE89941060465096C4661654B43E38C1F9D05D66239825E8FCCF52705" />
+    <Deny ID="ID_DENY_DBUTIL_32_SHA1" FriendlyName="32-bit dell dbutil.sys Hash Sha1" Hash="485C0B9710A196C7177B99EE95E5DDB35B26DDD1" />
+    <Deny ID="ID_DENY_DBUTIL_32_SHA256" FriendlyName="32-bit dell dbutil.sys Hash Sha256" Hash="96EE751F7C38731E97773E07E0F13F4DD361AF9AAA1D30B41652C2E6EFC3FB3E" />
+    <Deny ID="ID_DENY_DBUTIL_32_SHA1_PAGE" FriendlyName="32-bit dell dbutil.sys Hash Page Sha1" Hash="50E2BC41F0186FDCE970B80E2A2CB296353AF586" />
+    <Deny ID="ID_DENY_DBUTIL_32_SHA256_PAGE" FriendlyName="32-bit dell dbutil.sys Hash Page Sha256" Hash="862A262E7AF92599E6B10035B8A3C988078B92BA791A6230A85FD6D1ECEC88C7" />
+    <Deny ID="ID_DENY_DBUTIL_64_SHA1" FriendlyName="64-bit dell dbutil.sys Hash Sha1" Hash="E3C1DD569AA4758552566B0213EE4D1FE6382C4B" />
+    <Deny ID="ID_DENY_DBUTIL_64_SHA256" FriendlyName="64-bit dell dbutil.sys Hash Sha256" Hash="FE4270A61DBED978C28B2915FCC2826D011148DCB7533FA8BD072DDCE5944CEF" />
+    <Deny ID="ID_DENY_DBUTIL_64_SHA1_PAGE" FriendlyName="64-bit dell dbutil.sys Hash Page Sha1" Hash="E09B5E80805B8FE853EA27D8773E31BFF262E3F7" />
+    <Deny ID="ID_DENY_DBUTIL_64_SHA256_PAGE" FriendlyName="64-bit dell dbutil.sys Hash Page Sha256" Hash="7E2AD3D6D76F4FCD4583B865FFC12DE6C44FC16CBCBB81D480CB067F2A860422" />
     <Deny ID="ID_DENY_FIDDRV_SHA1" FriendlyName="fiddrv.sys Hash Sha1" Hash="8CC8974A05E81678E3D28ACFE434E7804ABD019C" />
     <Deny ID="ID_DENY_FIDDRV_SHA256" FriendlyName="fiddrv.sys Hash Sha256" Hash="97B976F7E7E5DF7AF0781BBBB33CB5F3F7A59EFDD07995253B31DE8123352A67" />
     <Deny ID="ID_DENY_FIDDRV_SHA1_PAGE" FriendlyName="fiddrv.sys Hash Page Sha1" Hash="282BB241BDA5C4C1B8EB9BF56D018896649CA0E1" />
@@ -147,7 +159,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Deny ID="ID_DENY_AMIFLDRV64_SHA256C" FriendlyName="amifldrv64.sys Hash Sha256" Hash="038F39558035292F1D794B7CF49F8E751E8633DAEC31454FE85CCCBEA83BA3FB" />
     <Deny ID="ID_DENY_AMIFLDRV64_SHA1_PAGE" FriendlyName="amifldrv64.sys Hash Page Sha1" Hash="C9CC3779ED67755220DBF9592EC2AC0E1DE363DC" />
     <Deny ID="ID_DENY_AMIFLDRV64_SHA256_PAGE" FriendlyName="amifldrv64.sys Hash Page Sha256" Hash="AA594D977312A944B14351C075634E7C59B42687928FBCDA8E2C4CEA46686DD9" />
-    <Deny ID="ID_DENY_ASUPIO64_SHA1F" FriendlyName="AsUpIO64.sys Hash Sha1" Hash="2A95F882DD9BAFCC57F144A2708A7EC67DD7844C" />
+    <Deny ID="ID_DENY_ASUPIO64_SHA1" FriendlyName="AsUpIO64.sys Hash Sha1" Hash="2A95F882DD9BAFCC57F144A2708A7EC67DD7844C" />
     <Deny ID="ID_DENY_ASUPIO64_SHA256" FriendlyName="AsUpIO64.sys Hash Sha256" Hash="7F75D91844B0C162EEB24D14BCF63B7F230E111DAA7B0A26EAA489EEB22D9057" />
     <Deny ID="ID_DENY_ASUPIO64_SHA1_PAGE" FriendlyName="AsUpIO64.sys Hash Page Sha1" Hash="316E7872A227F0EAD483D244805E9FF4D3569F6F" />
     <Deny ID="ID_DENY_ASUPIO64_SHA256_PAGE" FriendlyName="AsUpIO64.sys Hash Page Sha256" Hash="5958CBE6CF7170C4B66893777BDE66343F5536A98610BD188E10D47DB84BC04C" />
@@ -159,10 +171,60 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Deny ID="ID_DENY_BSHWMIO64_SHA256" FriendlyName="BS_HWMIo64.sys Hash Sha256" Hash="3DE51A3102DB7297D96B4DE5B60ACA5F3A07E8577BBBED7F755F1DE9A9C38E75" />
     <Deny ID="ID_DENY_BSHWMIO64_SHA1_PAGE" FriendlyName="BS_HWMIo64.sys Hash Page Sha1" Hash="FC5F231383FE72E298893010A9A3714B205C4110" />
     <Deny ID="ID_DENY_BSHWMIO64_SHA256_PAGE" FriendlyName="BS_HWMIo64.sys Hash Page Sha256" Hash="6AD3624CA1DC38ECEEC75234E50934B1BAD7C72621DC57DEAB09044D0135877D" />
-    <Deny ID="ID_DENY_MSIO64_SHA1" FriendlyName="MsIo64.sys Hash Sha1" Hash="7E732ACB7CFAD9BA043A9350CDEFF25D742BECB8" />
-    <Deny ID="ID_DENY_MSIO64_SHA256" FriendlyName="MsIo64.sys Hash Sha256" Hash="7018D515A6C781EA6097CA71D0F0603AD0D689F7EC99DB27FCACD492A9E86027" />
-    <Deny ID="ID_DENY_MSIO64_SHA1_PAGE" FriendlyName="MsIo64.sys Hash Page Sha1" Hash="CDE1A50E1DF7870F8E4AFD8631E45A847C714C0A" />
-    <Deny ID="ID_DENY_MSIO64_SHA256_PAGE" FriendlyName="MsIo64.sys Hash Page Sha256" Hash="05736AB8B48DF84D81CB2CC0FBDC9D3DA34C22DB67A3E71C6F4B6B3923740DD5" />
+    <Deny ID="ID_DENY_DIRECTIO_12" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="E8F7E20061F9CC20583DCAB3B16054D106B8AA83" />
+    <Deny ID="ID_DENY_DIRECTIO_13" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="B8BF3BD441EBC5814C5D39D053FDCB263E8E58476CBDEE4B1226903305F547B6" />
+    <Deny ID="ID_DENY_DIRECTIO_14" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="36875A862D1E762E6CC75595EF37EA7460A1E1DF" />
+    <Deny ID="ID_DENY_DIRECTIO_15" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="AC706D9ED906B5C879F6AD59FFB56FA6BC5E1395FE9ADF7C60F7EB94D044D018" />
+    <Deny ID="ID_DENY_DIRECTIO_16" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="DCDB7BF7E237B9BDA190F60E386A49A7C3494F8D" />
+    <Deny ID="ID_DENY_DIRECTIO_17" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="F34C667C0DA3CD813E60F11B67338723252BEB9BD43FC5E0C8C7265F263D2BD9" />
+    <Deny ID="ID_DENY_DIRECTIO_18" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="179601E33B5AE4E2EA13F34FD084B1FCBD56FBCE" />
+    <Deny ID="ID_DENY_DIRECTIO_19" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="C7B193F92A943AFBC0EB57B23B5BE5E66F66574051BF838B6735E13733DA1809" />
+    <Deny ID="ID_DENY_DIRECTIO_1A" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="8B86E08D610BCC9AB7B7750F036DBB568F733BE0" />
+    <Deny ID="ID_DENY_DIRECTIO_1B" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="841F965977F33D621D126412032C47DD6118251623C380E5572F7553B620B0E1" />
+    <Deny ID="ID_DENY_DIRECTIO_1C" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="6BD3AB2E730561F7D1385DCFEF81C1FA67398C8C" />
+    <Deny ID="ID_DENY_DIRECTIO_1D" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="D3ECCD41C75046CA9A72AF273C132AEDED1D6572A20D1A64ED08337204B9DA83" />
+    <Deny ID="ID_DENY_DIRECTIO_1E" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="02A7E085631ECFE031B76AFA883A266C850ED61B" />
+    <Deny ID="ID_DENY_DIRECTIO_1F" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="FB5E65AEC819C5A91EF0CE0FEC0A957826B5E1AC9BAC559A1B4201A3870462A3" />
+    <Deny ID="ID_DENY_DIRECTIO_20" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="C3596085C90D81C2C51A75558211AD44C853C358" />
+    <Deny ID="ID_DENY_DIRECTIO_21" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="D402FE9EED2C0A26AAF2CB2311019FFF7004965AA2D22702974203A50A52C9B0" />
+    <Deny ID="ID_DENY_DIRECTIO_22" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="66941573DAFD7259CBA113C0FA9EACCD347355FD" />
+    <Deny ID="ID_DENY_DIRECTIO_23" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="A520FF5C754A1FB62BA88399A313D0C0FB99145BA2D3D91DBF4282388B77FA84" />
+    <Deny ID="ID_DENY_DIRECTIO_24" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="588A9F349E520AA5AC5BD650B75345419B28AE85" />
+    <Deny ID="ID_DENY_DIRECTIO_25" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="2E7B3C52FE1541B51F814B82FCED59513DE249B6834B4B2C94ACD97CA889477C" />
+    <Deny ID="ID_DENY_DIRECTIO_26" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="8EC43D1DEF8BB20354AEBA49A9084BACD2C02817" />
+    <Deny ID="ID_DENY_DIRECTIO_27" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="AD44CFD9C6262A6FF36EE9D03E59BA4B0524EF87F6B980CE15ABB10A35D39F88" />
+    <Deny ID="ID_DENY_DIRECTIO_28" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="708EAD1221FB176AA9594F9E0AA7F783704FB962" />
+    <Deny ID="ID_DENY_DIRECTIO_29" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="80BFD0EAD1EA54219D6A1A454242CAA6C2397FA94AF1B4E10D269B670AFDA898" />
+    <Deny ID="ID_DENY_DIRECTIO_2A" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="F1BDD3236F43338A119D74ECA730F0D464DED973" />
+    <Deny ID="ID_DENY_DIRECTIO_2B" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="96A5B3CD7C1A6DDA5B6F402E6C35BA535270467F56ADDC7448DBE4AA78428411" />
+    <Deny ID="ID_DENY_DIRECTIO_2C" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="A14331F63EC907BF3E472F1E0CB8F19DE06EF4E4" />
+    <Deny ID="ID_DENY_DIRECTIO_2D" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="7F0A28CCF0AB76964D40E063F9D4B88193B77E4BADF66E8C8F87C97127885987" />
+    <Deny ID="ID_DENY_DIRECTIO_2E" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="FCA1EE04BE5D7752A1AD717A6AAC9C143C5C8BCD" />
+    <Deny ID="ID_DENY_DIRECTIO_2F" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="E219276A4068B1EEA5CE08F83A322845DCE4ECA89E05C71A0C2417065CE48813" />
+    <Deny ID="ID_DENY_DIRECTIO_30" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="0D1DC447860DC9B9B7FA278FF16120E14064517C" />
+    <Deny ID="ID_DENY_DIRECTIO_31" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="EBFBFA7C84036A4CF0114BBB0C8017B532F37D846589AEB0004BC8B1F5F4D230" />
+    <Deny ID="ID_DENY_DIRECTIO_32" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="EBF8C7DC8292950ACC260A0E473678AE3C56B210" />
+    <Deny ID="ID_DENY_DIRECTIO_33" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="43B7715E38449BF82AD0BB6B11D03DA42150C1EE23148C5F396CC4AB1001622D" />
+    <Deny ID="ID_DENY_DIRECTIO_34" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="05E20D0274A4FCC5368F25C62174003A555917E7" />
+    <Deny ID="ID_DENY_DIRECTIO_35" FriendlyName="PassMark DirectIo.sys Hash Page Sha256" Hash="70344F2494D6B7EE4C5716E886D912447CFFE9695D2286814DC3CE0361727BBA" />
+    <Deny ID="ID_DENY_DIRECTIO_36" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="706686F2A1EF4738A1856D01AB10EB730FC7B327" />
+    <Deny ID="ID_DENY_DIRECTIO_37" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="B74246C8CB77B0364B7CECE38BFF5F462EEC983C" />
+    <Deny ID="ID_DENY_DIRECTIO_38" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="B423CA58603513B5D3A9669736D5E13C353FD6F9" />
+    <Deny ID="ID_DENY_DIRECTIO_39" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="2FB5D7E6DB01C9090BBA92ABF580D38993E02CE9357E08FE1F224A9B18056E5A" />
+    <Deny ID="ID_DENY_DIRECTIO_3A" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="AE806CA05E141B71664D9C6F20CC2369EF26F996" />
+    <Deny ID="ID_DENY_DIRECTIO_3B" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="D0559503988DAA407FCC11E59079560CB456BB84" />
+    <Deny ID="ID_DENY_MSIO_SHA1_1" FriendlyName="MsIo.sys Hash Sha1" Hash="0CB0FD5BEA730E4EAAEC1426B0C15376CCAC6D83" />
+    <Deny ID="ID_DENY_MSIO_SHA256_1" FriendlyName="MsIo.sys Hash Sha256" Hash="0D0962DB9DC6879067270134801AD425C1F3E85B0DC39877C02AAA9C54ACA14E" />
+    <Deny ID="ID_DENY_MSIO_SHA1_PAGE_1" FriendlyName="MsIo.sys Hash Page Sha1" Hash="D4E21C205DE75CDE70CD73C52C646E1E5D333A35" />
+    <Deny ID="ID_DENY_MSIO_SHA256_PAGE_1" FriendlyName="MsIo.sys Hash Page Sha256" Hash="C1D2036235A489FDD8B3970C9EF01567443A87D17B0AD5C2A033D4C471D0ECDE" />
+    <Deny ID="ID_DENY_MSIO_SHA1_2" FriendlyName="MsIo.sys Hash Sha1" Hash="7E732ACB7CFAD9BA043A9350CDEFF25D742BECB8" />
+    <Deny ID="ID_DENY_MSIO_SHA256_2" FriendlyName="MsIo.sys Hash Sha256" Hash="7018D515A6C781EA6097CA71D0F0603AD0D689F7EC99DB27FCACD492A9E86027" />
+    <Deny ID="ID_DENY_MSIO_SHA1_PAGE_2" FriendlyName="MsIo.sys Hash Page Sha1" Hash="CDE1A50E1DF7870F8E4AFD8631E45A847C714C0A" />
+    <Deny ID="ID_DENY_MSIO_SHA256_PAGE_2" FriendlyName="MsIo.sys Hash Page Sha256" Hash="05736AB8B48DF84D81CB2CC0FBDC9D3DA34C22DB67A3E71C6F4B6B3923740DD5" />
+    <Deny ID="ID_DENY_MSIO_SHA1_3" FriendlyName="MsIo.sys Hash Sha1" Hash="07660D1867E20BE0212A96CBA6B5FE6BE7776EAF" />
+    <Deny ID="ID_DENY_MSIO_SHA256_3" FriendlyName="MsIo.sys Hash Sha256" Hash="BE0AF245444321E51F4DD8A90A19A0ABE05A060CBAD93701E23A02DF307957AE" />
+    <Deny ID="ID_DENY_MSIO_SHA1_4" FriendlyName="MsIo.sys Hash Sha1" Hash="B2CD3A63D04EAE427BEDE6C6FE8FACBA91ECECBF" />
+    <Deny ID="ID_DENY_MSIO_SHA256_4" FriendlyName="MsIo.sys Hash Sha256" Hash="D86D6732AC4D1CB41A2DCE40436B839C0DFDCEF9BA306CE5D0F97C0522ABFAC8" />
     <Deny ID="ID_DENY_PIDDRV_SHA1" FriendlyName="piddrv.sys Hash Sha1" Hash="877C6C36A155109888FE1F9797B93CB30B4957EF" />
     <Deny ID="ID_DENY_PIDDRV_SHA256" FriendlyName="piddrv.sys Hash Sha256" Hash="4E19D4CE649C28DD947424483796BEACE3656284FB0379D97DDDD320AA602BBC" />
     <Deny ID="ID_DENY_PIDDRV_SHA1_PAGE" FriendlyName="piddrv.sys Hash Page Sha1" Hash="A7D827A41B2C4B7638495CD1D77926F1BA902978" />
@@ -171,6 +233,10 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Deny ID="ID_DENY_PIDDRV64_SHA256" FriendlyName="piddrv64.sys Hash Sha256" Hash="B97F870C501714FA453CF18AE8A30C87D08FF1E6D784AFDBB0121AEA3DA2DC28" />
     <Deny ID="ID_DENY_PIDDRV64_SHA1_PAGE" FriendlyName="piddrv64.sys Hash Page Sha1" Hash="C978063E678233C5EFB8F002FEF000FD479CC632" />
     <Deny ID="ID_DENY_PIDDRV64_SHA256_PAGE" FriendlyName="piddrv64.sys Hash Page Sha256" Hash="1081CCD57FD35998634103AE1E736638D82351092ACD30FE75084EA6A08CA0F7" />
+    <Deny ID="ID_DENY_PHYMEMX64_SHA1" FriendlyName="phymemx64 Hash Sha1" Hash="3C9F40AC72B0202CB40627FDEB7298079187193A" />
+    <Deny ID="ID_DENY_PHYMEMX64_SHA256" FriendlyName="phymemx64 Hash Sha256" Hash="A6AE7364FD188C10D6B5A729A7FF58A3EB11E7FEB0D107D18F9133655C11FB66" />
+    <Deny ID="ID_DENY_PHYMEMX64_SHA1_PAGE" FriendlyName="phymemx64 Hash Page Sha1" Hash="6E7D8ABF7F81A2433F27B052B3952EFC4B9CC0B1" />
+    <Deny ID="ID_DENY_PHYMEMX64_SHA256_PAGE" FriendlyName="phymemx64 Hash Page Sha256" Hash="B7113B9A68E17428E2107B19BA099571AAFFC854B8FB9CBCEB79EF9E3FD1CC62" />
     <Deny ID="ID_DENY_SEMAV6MSR64_SHA1" FriendlyName="semav6msr64.sys Hash Sha1" Hash="E3DBE2AA03847DF621591A4CAD69A5609DE5C237" />
     <Deny ID="ID_DENY_SEMAV6MSR64_SHA256" FriendlyName="semav6msr64.sys Hash Sha256" Hash="EB71A8ECEF692E74AE356E8CB734029B233185EE5C2CCB6CC87CC6B36BEA65CF" />
     <Deny ID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" FriendlyName="semav6msr64.sys Hash Page Sha1" Hash="F3821EC0AEF270F749DF9F44FBA91AFA5C8C38E8" />
@@ -330,66 +396,118 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Deny ID="ID_DENY_PHYMEMX_64" FriendlyName="Phymemx64 Memory Mapping Driver" FileName="phymemx64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <Deny ID="ID_DENY_DBK_32" FriendlyName="Cheat Engine Driver" FileName="dbk32.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <Deny ID="ID_DENY_DBK_64" FriendlyName="Cheat Engine Driver" FileName="dbk64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
-    <FileAttrib ID="ID_FILEATTRIB_CPUZ_DRIVER" FriendlyName="" FileName="cpuz.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.4.3" />
-    <FileAttrib ID="ID_FILEATTRIB_ELBY_DRIVER" FriendlyName="" FileName="ElbyCDIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.0.3.2" />
-    <FileAttrib ID="ID_FILEATTRIB_LIBNICM_DRIVER" FriendlyName="" FileName="libnicm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
-    <FileAttrib ID="ID_FILEATTRIB_MTCBSV64" FriendlyName="mtcBSv64.sys FileAttribute" FileName="mtcBSv64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="21.2.0.0" />
-    <FileAttrib ID="ID_FILEATTRIB_NICM_DRIVER" FriendlyName="" FileName="NICM.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
-    <FileAttrib ID="ID_FILEATTRIB_NSCM_DRIVER" FriendlyName="" FileName="nscm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
-    <FileAttrib ID="ID_FILEATTRIB_SANDRA_DRIVER" FriendlyName="" FileName="sandra.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.12.0.0" />
-    <FileAttrib ID="ID_FILEATTRIB_RTKIO64_DRIVER" FriendlyName="" FileName="rtkio64.sys " MinimumFileVersion="65535.65535.65535.65535" />
-    <FileAttrib ID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" FriendlyName="" FileName="rtkiow10x64.sys " MinimumFileVersion="65535.65535.65535.65535" />
-    <FileAttrib ID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" FriendlyName="" FileName="rtkiow8x64.sys " MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_AMD_RYZEN" FriendlyName="amdryzenmaster.sys" FileName="AMDRyzenMasterDriver.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.5.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_AMDPP" FriendlyName="AMDPowerProfiler.sys FileAttribute" FileName="AMDPowerProfiler.sys" MinimumFileVersion="6.1.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_ATSZIO" FriendlyName="ATSZIO.sys FileAttribute" FileName="ATSZIO.sys" MinimumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_BSMI" FriendlyName="" FileName="BSMI.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.3" />
     <FileAttrib ID="ID_FILEATTRIB_BS_HWMIO64" FriendlyName="" FileName="BS_HWMIO64_W10.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.1806.2200" />
     <FileAttrib ID="ID_FILEATTRIB_BS_I2CIO" FriendlyName="" FileName="BS_I2cIo.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.1.0.0" />
+	<FileAttrib ID="ID_FILEATTRIB_BS_RCIO" FriendlyName="BS_RCIO.sys FileAttribute" FileName="BS_RCIO64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.0.1" />
     <FileAttrib ID="ID_FILEATTRIB_NTIOLIB" FriendlyName="" FileName="NTIOLib.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_CPUZ_DRIVER" FriendlyName="" FileName="cpuz.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.4.3" />
+    <FileAttrib ID="ID_FILEATTRIB_ELBY_DRIVER" FriendlyName="" FileName="ElbyCDIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.0.3.2" />
+    <FileAttrib ID="ID_FILEATTRIB_HPPORTIOX64" FriendlyName="HpPortIox64.sys" FileName="HpPortIox64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.2.0.9" />
+    <FileAttrib ID="ID_FILEATTRIB_IQVW64" FriendlyName="IQVW64.sys FileAttribute" FileName="iQVW64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.4.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_KEVP64" FriendlyName="kevp64.sys FileAttribute" FileName="kEvP64.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_LHA" FriendlyName="LHA.sys FileAttribute" FileName="LHA.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_LIBNICM_DRIVER" FriendlyName="" FileName="libnicm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
+    <FileAttrib ID="ID_FILEATTRIB_MTCBSV64" FriendlyName="mtcBSv64.sys FileAttribute" FileName="mtcBSv64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="21.2.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_NCHGBIOS2X64" FriendlyName="" FileName="NCHGBIOS2x64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="4.2.4.0" />
+	<FileAttrib ID="ID_FILEATTRIB_NCPL_DRIVER" FriendlyName="" FileName="NCPL.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
+    <FileAttrib ID="ID_FILEATTRIB_NICM_DRIVER" FriendlyName="" FileName="NICM.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
+    <FileAttrib ID="ID_FILEATTRIB_NSCM_DRIVER" FriendlyName="" FileName="nscm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
+    <FileAttrib ID="ID_FILEATTRIB_PHYSMEM" FriendlyName="Physmem.sys FileAttribute" FileName="physmem.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RTKIO_DRIVER" FriendlyName="" FileName="rtkio.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RTKIO64_DRIVER" FriendlyName="" FileName="rtkio64.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" FriendlyName="" FileName="rtkiow8x64.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" FriendlyName="" FileName="rtkiow10x64.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RWDRV_DRIVER" FriendlyName="" FileName="RwDrv.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_SANDRA" FriendlyName="" FileName="SANDRA" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.12.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_SANDRA_DRIVER" FriendlyName="" FileName="sandra.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.12.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_SEGWINDRVX64" FriendlyName="segwindrvx64.sys FileAttribute" FileName="segwindrvx64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="100.0.7.2" />
-    <FileAttrib ID="ID_FILEATTRIB_AMD_RYZEN" FriendlyName="amdryzenmaster.sys" FileName="AMDRyzenMasterDriver.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.5.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_TREND_MICRO" FriendlyName="TmComm.sys" FileName="TmComm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="8.0.0.0" />
+	<FileAttrib ID="ID_FILEATTRIB_VBOX" FriendlyName="VBoxDrv.sys FileAttribute" FileName="VBoxDrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.0.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_VIRAGT" FriendlyName="viragt.sys 32-bit" FileName="viragt.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.80.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_VIRAGT64" FriendlyName="viragt64.sys" FileName="viragt64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.11" />
-    <FileAttrib ID="ID_FILEATTRIB_HPPORTIOX64" FriendlyName="HpPortIox64.sys" FileName="HpPortIox64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.2.0.9" />
+    <FileAttrib ID="ID_FILEATTRIB_VMDRV" FriendlyName="vmdrv.sys FileAttribute" FileName="vmdrv.sys" MinimumFileVersion="10.0.10011.16384" />
     <FileAttrib ID="ID_FILEATTRIB_WINRING0" FriendlyName="WinRing0.sys" FileName="WinRing0.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.0.0.0" />
   </FileRules>
   <!--Signers-->
   <Signers>
     <Signer ID="ID_SIGNER_VERISIGN_2010" Name="VeriSign Class 3 Code Signing 2010 CA">
       <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ATSZIO" />
       <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_KEVP64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LHA" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RWDRV_DRIVER" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2010_2" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4678C6E4A8787A8E6ED2BCE8792B122F6C08AFD8" />
       <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
     </Signer>
-  <Signer ID="ID_SIGNER_CHEAT_ENGINE" Name="Microsoft Windows Third Party Component CA 2014 Cheat Engine OPUS">
+    <Signer ID="ID_SIGNER_CAPCOM" Name="Symantec Class 3 SHA256 Code Signing CA">
+      <CertRoot Type="TBS" Value="A08E79C386083D875014C409C13D144E0A24386132980DF11FF59737C8489EB1" />
+      <CertPublisher Value="CAPCOM Co.,Ltd." />
+    </Signer>
+    <Signer ID="ID_SIGNER_CHEAT_ENGINE" Name="Microsoft Windows Third Party Component CA 2014 Cheat Engine OPUS">
       <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
       <CertOemID Value="Cheat Engine"/>
     </Signer>
-    <Signer ID="ID_SIGNER_CPUZ" Name="DigiCert EV Code Signing CA (SHA2)">
+    <Signer ID="ID_SIGNER_ENE" Name="Microsoft Windows Third Party Component CA 2014 ENE Tech OPUS">
+      <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
+      <CertOemID Value="ENE Technology Inc." />
+    </Signer>
+    <Signer ID="ID_SIGNER_DIGICERT_EV" Name="DigiCert EV Code Signing CA (SHA2)">
       <CertRoot Type="TBS" Value="EEC58131DC11CD7F512501B15FDBC6074C603B68CA91F7162D5A042054EDB0CF" />
-      <CertPublisher Value="CPUID" />
       <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" />
     </Signer>
     <Signer ID="ID_SIGNER_ELBY" Name="GlobalSign Primary Object Publishing CA">
       <CertRoot Type="TBS" Value="041750993D7C9E063F02DFE74699598640911AAB" />
       <CertPublisher Value="Elaborate Bytes AG" />
       <FileAttribRef RuleID="ID_FILEATTRIB_ELBY_DRIVER" />
     </Signer>
-    <Signer ID="ID_SIGNER_NOVELL" Name="VeriSign Class 3 Code Signing 2009-2 CA">
+    <Signer ID="ID_SIGNER_VERISIGN_2009" Name="VeriSign Class 3 Code Signing 2009-2 CA">
       <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
-      <CertPublisher Value="Novell, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ATSZIO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
+	  <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NICM_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NSCM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NCHGBIOS2X64" />
     </Signer>
     <Signer ID="ID_SIGNER_SANDRA" Name="GeoTrust TrustCenter CodeSigning CA I">
       <CertRoot Type="TBS" Value="172F39BCA3DDA7C6D5169C96B34A5FE7E96FF0BD" />
       <CertPublisher Value="SiSoftware Ltd" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDRA" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDRA_DRIVER" />
+    </Signer>
+    <Signer ID="ID_SIGNER_SANDRA_THAWTE" Name="Thawte Code Signing CA">
+      <CertRoot Type="TBS" Value="F6297A00D3B2B4CE4750402B66E7EA018D54F683" />
+      <CertPublisher Value="SiSoftware Ltd" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDRA" />
       <FileAttribRef RuleID="ID_FILEATTRIB_SANDRA_DRIVER" />
     </Signer>
     <Signer ID="ID_SIGNER_MIMIKATZ_KERNEL" Name="GlobalSign CodeSigning CA - G2">
       <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
       <CertPublisher Value="Benjamin Delpy" />
     </Signer>
+    <Signer ID="ID_SIGNER_MIMIKATZ_KERNEL_SHA2" Name="GlobalSign CodeSigning CA - G2">
+      <CertRoot Type="TBS" Value="F6CAE0B028995EB13B1C2CCE5B5107384AB7C77279AE5560933E345061D99CC0" />
+      <CertPublisher Value="Benjamin Delpy" />
+    </Signer>
     <Signer ID="ID_SIGNER_MIMIKATZ_USER" Name="Certum Code Signing CA SHA2">
       <CertRoot Type="TBS" Value="F7B6EEB3A567223000A61F68C53B458193557C17E5D512D2825BCB13E5FC9BE5" />
       <CertPublisher Value="Open Source Developer, Benjamin Delpy" />
@@ -405,37 +523,60 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Signer ID="ID_SIGNER_VBOX" Name="GlobalSign Primary Object Publishing CA">
       <CertRoot Type="TBS" Value="041750993D7C9E063F02DFE74699598640911AAB" />
       <CertPublisher Value="innotek GmbH" />
+    </Signer>
+	<Signer ID="ID_SIGNER_VBOX_ORCALE" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Oracle Corporation" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VBOX" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VBOX_SUN" Name="VeriSign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
+      <CertPublisher Value="Sun Microsystems, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VBOX" />
     </Signer>
     <Signer ID="ID_SIGNER_REALTEK" Name="DigiCert EV Code Signing CA">
       <CertRoot Type="TBS" Value="2D54C16A8F8B69CCDEA48D0603C132F547A5CF75" />
       <CertPublisher Value="Realtek Semiconductor Corp." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" />
     </Signer>
-    <Signer ID="ID_SIGNER_REALTEK_2" Name="DigiCert EV Code Signing CA (SHA2)">
-      <CertRoot Type="TBS" Value="EEC58131DC11CD7F512501B15FDBC6074C603B68CA91F7162D5A042054EDB0CF" />
+    <Signer ID="ID_SIGNER_VERISIGN_2009_REALTEK" Name="VeriSign Class 3 Code Signing 2009-2 CA">
+      <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
       <CertPublisher Value="Realtek Semiconductor Corp." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" />
     </Signer>
     <Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2012" Name="Microsoft Windows Third Party Component CA 2012">
       <CertRoot Type="TBS" Value="CEC1AFD0E310C55C1DCC601AB8E172917706AA32FB5EAF826813547FDF02DD46" />
       <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
       <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
       <FileAttribRef RuleID="ID_FILEATTRIB_HPPORTIOX64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_WINRING0" />
     </Signer>
     <Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2014" Name="Microsoft Windows Third Party Component CA 2014">
       <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
       <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
+	  <FileAttribRef RuleID="ID_FILEATTRIB_BS_RCIO" />
       <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LHA" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
+	  <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NICM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NSCM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_BS_HWMIO64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
       <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VMDRV" />
     </Signer>
    <Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2010" Name="Microsoft Third Party Component Windows PCA 2010">
       <CertRoot Type="TBS" Value="90C9669670E75989159E6EEF69625EB6AD17CBA6209ED56F5665D55450A05212" />
@@ -445,18 +586,27 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     </Signer>
     <Signer ID="ID_SIGNER_VERISIGN_2004" Name="VeriSign Class 3 Code Signing 2004 CA">
       <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
-      <CertPublisher Value="Mitac Technology Corporation" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
     </Signer>
-    <Signer ID="ID_SIGNER_VERISIGN_2009" Name="VeriSign Class 3 Code Signing 2009-2 CA">
-      <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
-      <CertPublisher Value="BIOSTAR MICROTECH INT'L CORP" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_BSMI" />
-    </Signer>
-    <Signer ID="ID_SIGNER_VERISIGN_BIOSTAR" Name="VeriSign Class 3 Code Signing 2004 CA">
+    <Signer ID="ID_SIGNER_VERISIGN_2004_BIOSTAR" Name="VeriSign Class 3 Code Signing 2004 CA">
       <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
       <CertPublisher Value="BIOSTAR MICROTECH INT'L CORP" />
       <FileAttribRef RuleID="ID_FILEATTRIB_BS_I2CIO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BSMI" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2009_BIOSTAR" Name="VeriSign Class 3 Code Signing 2009-2 CA">
+      <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
+      <CertPublisher Value="BIOSTAR MICROTECH INT'L CORP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BSMI" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BS_I2CIO" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2010_BIOSTAR" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="BIOSTAR MICROTECH INT'L CORP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BS_I2CIO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BSMI" />
     </Signer>
     <Signer ID="ID_SIGNER_GLOBALSIGN_G2_MICROSTAR" Name="GlobalSign CodeSigning CA - G2">
       <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
@@ -468,6 +618,14 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
       <CertPublisher Value="TOSHIBA CORPORATION" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NCHGBIOS2X64" />
     </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_NOVELL" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Novell, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
+	  <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NICM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NSCM_DRIVER" />
+    </Signer>
     <Signer ID="ID_SIGNER_GLOBALSIGN_MICROSTAR" Name="GlobalSign Primary Object Publishing CA">
       <CertRoot Type="TBS" Value="041750993D7C9E063F02DFE74699598640911AAB" />
       <CertPublisher Value="Micro-Star Int'l Co. Ltd." />
@@ -481,8 +639,14 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Signer ID="ID_SIGNER_SYMANTEC_CLASS_3" Name="Symantec Class 3 SHA256 Code Signing CA">
       <CertRoot Type="TBS" Value="A08E79C386083D875014C409C13D144E0A24386132980DF11FF59737C8489EB1" />
       <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
       <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
     </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_AMD" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Advanced Micro Devices, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
+    </Signer>
     <Signer ID="ID_SIGNER_VERISIGN_TG_SOFT" Name="VeriSign Class 3 Code Signing 2010 CA">
       <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
       <CertPublisher Value="TG Soft S.a.s. Di Tonello Gianfranco e C." />
@@ -501,6 +665,42 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
       <FileAttribRef RuleID="ID_FILEATTRIB_HPPORTIOX64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_WINRING0" />
     </Signer>
+    <Signer ID="ID_SIGNER_GETAC" Name="Symantec Class 3 Extended Validation Code Signing CA - G2">
+      <CertRoot Type="TBS" Value="B3C925B4048C3F7C444D248A2B101186B57CBA39596EB5DCE0E17A4EE4B32F19" />
+      <CertPublisher Value="Getac Technology Corp." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_GLOBALSIGN_CHEAT_ENGINE" Name="GlobalSign CA Cheat Engine Publisher">
+      <CertRoot Type="TBS" Value="BD1765C56594221373893EF26D97F88C144FB0E5A0111215B45D7239C3444DF7" />
+      <CertPublisher Value="Cheat Engine" />
+    </Signer>
+    <Signer ID="ID_SIGNER_GLOBALSIGN_G2_CHEAT_ENGINE" Name="GlobalSign CodeSigning CA - G2">
+      <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
+      <CertPublisher Value="Cheat Engine" />
+    </Signer>
+    <Signer ID="ID_SIGNER_PHYSMEM" Name="GlobalSign CodeSigning CA - G2">
+      <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
+      <CertPublisher Value="Hilscher Gesellschaft fuer Systemautomation mbH" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_PHYSMEM" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VMDRV" Name="DigiCert EV Code Signing CA (SHA2)">
+      <CertRoot Type="TBS" Value="EEC58131DC11CD7F512501B15FDBC6074C603B68CA91F7162D5A042054EDB0CF" />
+      <CertPublisher Value="Voicemod Sociedad Limitada" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VMDRV" />
+    </Signer>
+    <Signer ID="ID_SIGNER_INTEL_IQVW" Name="Intel External Basic Policy CA">
+      <CertRoot Type="TBS" Value="53B052BA209C525233293274854B264BC0F68B73" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_COMODO_IQVW" Name="COMODO RSA Certification Authority">
+      <CertRoot Type="TBS" Value="7CE102D63C57CB48F80A65D1A5E9B350A7A618482AA5A36775323CA933DDFCB00DEF83796A6340DEC5EBF7596CFD8E5D" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_AMDPP" Name="USERTrust RSA Certification Authority">
+      <CertRoot Type="TBS" Value="13BAA039635F1C5292A8C2F36AAE7E1D25C025202E9092F5B0F53F5F752DFA9C71B3D1B8D9A6358FCEE6EC75622FABF9" />
+      <CertPublisher Value="Advanced Micro Devices Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
+    </Signer>
     <Signer ID="ID_SIGNER_GEOTRUST_SRL_2009" Name="HT Srl Digital ID Class 3 - Microsoft Software Validation v2">
       <CertRoot Type="TBS" Value="d70edfa009a76bd8250d74e9ee92eb9ead7d4cb3" />
     </Signer>
@@ -521,6 +721,12 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     </Signer>
 	<Signer ID="ID_SIGNER_SAASAME" Name="SaaSaMe Ltd.">
       <CertRoot Type="TBS" Value="A86DE66D8198E4272859881476A6F9936034A482" />
+    </Signer>
+	<Signer ID="ID_SIGNER_NVIDIA_2011" Name="Leaked 2011 NVIDIA Corporation Verisign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="15C37DBEBE6FCC77108E3D7AD982676D3D5E77F7" />
+    </Signer>
+	<Signer ID="ID_SIGNER_NVIDIA_2015" Name="Leaked 2015 NVIDIA Corporation Verisign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="F049A238763D4A90B148AB10A500F96EBF1DC436" />
     </Signer>
   </Signers>
   <!--Driver Signing Scenarios-->
@@ -528,42 +734,63 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DENIED_VULN_MAL_SIGNERS" FriendlyName="Signers of known vulnerable or malicious drivers">
       <ProductSigners>
         <DeniedSigners>
-          <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_KERNEL" />
-          <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_USER" />
-          <DeniedSigner SignerId="ID_SIGNER_NOVELL" />
-          <DeniedSigner SignerId="ID_SIGNER_RWEVERY" />
-          <DeniedSigner SignerId="ID_SIGNER_SANDRA" />
-          <DeniedSigner SignerId="ID_SIGNER_SPEEDFAN" />
-          <DeniedSigner SignerId="ID_SIGNER_VBOX" />
-          <DeniedSigner SignerId="ID_SIGNER_CPUZ" />
+          <DeniedSigner SignerId="ID_SIGNER_AMDPP" />
+          <DeniedSigner SignerId="ID_SIGNER_CAPCOM" />
+          <DeniedSigner SignerId="ID_SIGNER_CHEAT_ENGINE" /> 
+          <DeniedSigner SignerId="ID_SIGNER_COMODO_IQVW" /> 
           <DeniedSigner SignerId="ID_SIGNER_ELBY" />
-          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2010" />
-          <DeniedSigner SignerId="ID_SIGNER_HP" />
+          <DeniedSigner SignerId="ID_SIGNER_ENE" />
+          <DeniedSigner SignerId="ID_SIGNER_DIGICERT_EV" />
+          <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2009" />
+          <DeniedSigner SignerId="ID_SIGNER_GETAC" />
+          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_CHEAT_ENGINE" />
+          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_G2_CHEAT_ENGINE" />
+          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_G2_MICROSTAR" />
+          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_MICROSTAR" />
+          <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2010" />
+          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_TG_SOFT" />
+          <DeniedSigner SignerId="ID_SIGNER_HANDAN" />
+          <DeniedSigner SignerId="ID_SIGNER_HP" /> 
+          <DeniedSigner SignerId="ID_SIGNER_INTEL_IQVW" />
+          <DeniedSigner SignerId="ID_SIGNER_JEROMIN_CODY_ERIC" />
+          <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_KERNEL" />
+          <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_KERNEL_SHA2" />
+          <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_USER" />
+          <DeniedSigner SignerId="ID_SIGNER_NANJING" />
+		  <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2011" />
+		  <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2015" />
+          <DeniedSigner SignerId="ID_SIGNER_PHYSMEM" />
           <DeniedSigner SignerId="ID_SIGNER_REALTEK" />
-          <DeniedSigner SignerId="ID_SIGNER_REALTEK_2" />
+          <DeniedSigner SignerId="ID_SIGNER_RWEVERY" />
+		  <DeniedSigner SignerId="ID_SIGNER_SAASAME" />
+          <DeniedSigner SignerId="ID_SIGNER_SANDRA" />
+          <DeniedSigner SignerId="ID_SIGNER_SANDRA_THAWTE" />
+          <DeniedSigner SignerId="ID_SIGNER_SPEEDFAN" />
+          <DeniedSigner SignerId="ID_SIGNER_SYMANTEC_CLASS_3" />
+          <DeniedSigner SignerId="ID_SIGNER_TRUST_ASIA" />
+          <DeniedSigner SignerId="ID_SIGNER_VBOX" />
+		  <DeniedSigner SignerId="ID_SIGNER_VBOX_ORCALE" />
+		  <DeniedSigner SignerId="ID_SIGNER_VBOX_SUN" />
           <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2004" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2004_BIOSTAR" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2009" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2009_BIOSTAR" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2009_REALTEK" /> 
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2010" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2010_2" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2010_BIOSTAR" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_AMD" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_INSYDE" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_NOVELL" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_TG_SOFT" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_TOSHIBA" />
+          <DeniedSigner SignerId="ID_SIGNER_VMDRV" />
           <DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2010" />
           <DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2012" />
           <DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2014" />
-          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2009" />
-          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_BIOSTAR" />
-          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_G2_MICROSTAR" />
-          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_TOSHIBA" />
-          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_MICROSTAR" />
-          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_INSYDE" />
-          <DeniedSigner SignerId="ID_SIGNER_SYMANTEC_CLASS_3" />
-          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_TG_SOFT" />
-          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_TG_SOFT" />
-          <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2009" />
-          <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2010" />
-          <DeniedSigner SignerId="ID_SIGNER_HANDAN" />
-          <DeniedSigner SignerId="ID_SIGNER_NANJING" />
-          <DeniedSigner SignerId="ID_SIGNER_TRUST_ASIA" />
-          <DeniedSigner SignerId="ID_SIGNER_JEROMIN_CODY_ERIC" />
-          <DeniedSigner SignerId="ID_SIGNER_CHEAT_ENGINE" />
-		  <DeniedSigner SignerId="ID_SIGNER_SAASAME" />
         </DeniedSigners>
         <FileRulesRef>
+          <FileRuleRef RuleID="ID_ALLOW_ALL_1" />
           <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1" />
           <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256" />
           <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE" />
@@ -608,10 +835,22 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <FileRuleRef RuleID="ID_DENY_BANDAI_SHA256" />
           <FileRuleRef RuleID="ID_DENY_BANDAI_SHA1_PAGE" />
           <FileRuleRef RuleID="ID_DENY_BANDAI_SHA256_PAGE" />
+		  <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA256_PAGE" />
           <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1" />
           <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256" />
           <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1_PAGE" />
           <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_32_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_32_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_32_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_32_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_64_SHA256_PAGE" />
           <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1" />
           <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256" />
           <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1_PAGE" />
@@ -645,7 +884,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256C" />
           <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA1_PAGE" />
           <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256_PAGE" />
-          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1F" />
+          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1" />
           <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256" />
           <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1_PAGE" />
           <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256_PAGE" />
@@ -657,10 +896,60 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256" />
           <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_PAGE" />
           <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_PAGE" />
-          <FileRuleRef RuleID="ID_DENY_MSIO64_SHA1" />
-          <FileRuleRef RuleID="ID_DENY_MSIO64_SHA256" />
-          <FileRuleRef RuleID="ID_DENY_MSIO64_SHA1_PAGE" />
-          <FileRuleRef RuleID="ID_DENY_MSIO64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_12" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_13" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_14" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_15" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_16" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_17" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_18" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_19" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1A" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1B" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1C" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1D" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1E" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1F" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_20" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_21" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_22" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_23" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_24" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_25" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_26" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_27" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_28" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_29" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2A" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2B" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2C" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2D" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2E" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2F" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_30" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_31" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_32" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_33" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_34" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_35" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_36" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_37" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_38" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_39" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_3A" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_3B" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_1" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_1" /> 		
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_PAGE_1" /> 	
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_PAGE_1" />	
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_2" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_2" />		
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_PAGE_2" /> 	
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_PAGE_2" />	
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_3" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_3" />		
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_4" />	
+          <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_4" />		
           <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1" />
           <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256" />
           <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1_PAGE" />
@@ -669,6 +958,10 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256" />
           <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1_PAGE" />
           <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA256_PAGE" />
           <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1" />
           <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256" />
           <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" />
@@ -833,6 +1126,9 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     </SigningScenario>
     <SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="">
       <ProductSigners>
+        <FileRulesRef>
+          <FileRuleRef RuleID="ID_ALLOW_ALL_2" />
+        </FileRulesRef>
       </ProductSigners>
     </SigningScenario>
   </SigningScenarios>
@@ -847,7 +1143,12 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     </Setting>
     <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
       <Value>
-        <String>10.0.22493.0</String>
+        <String>10.0.25070.0</String>
+      </Value>
+    </Setting>
+    <Setting Provider="PolicyInfo" Key="NoRevalidationUponRefresh" ValueName="NoRevalidationUponRefreshValue">
+      <Value>
+        <Boolean>true</Boolean>
       </Value>
     </Setting>
   </Settings>

From dd3cd748c45ec7cf53119565286adadb37af6ec0 Mon Sep 17 00:00:00 2001
From: Michael Nady <michael.nady@gmail.com>
Date: Tue, 8 Mar 2022 02:11:04 +0200
Subject: [PATCH 14/39] Update hello-why-pin-is-better-than-password.md

implementing suggestions given in this task
https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10328
---
 .../hello-why-pin-is-better-than-password.md  | 20 ++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
index 0635a17b37..bf1676989e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
+++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
@@ -1,6 +1,6 @@
 ---
-title: Why a PIN is better than a password (Windows)
-description: Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a password .
+title: Why a PIN is better than an online password (Windows)
+description: Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) an online password .
 ms.assetid: A6FC0520-01E6-4E90-B53D-6C4C4E780212
 keywords: pin, security, password, hello
 ms.prod: m365-security
@@ -19,42 +19,44 @@ ms.localizationpriority: medium
 ms.date: 10/23/2017
 ---
 
-# Why a PIN is better than a password
+# Why a PIN is better than an online password
 
 **Applies to**
 
 - Windows 10
 - Windows 11
 
-Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a password?
-On the surface, a PIN looks much like a password. A PIN can be a set of numbers, but enterprise policy might allow complex PINs that include special characters and letters, both upper-case and lower-case. Something like **t758A!** could be an account password or a complex Hello PIN. It isn't the structure of a PIN (length, complexity) that makes it better than a password, it's how it works.
+Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a local password?
+On the surface, a PIN looks much like a password. A PIN can be a set of numbers, but enterprise policy might allow complex PINs that include special characters and letters, both upper-case and lower-case. Something like **t758A!** could be an account password or a complex Hello PIN. It isn't the structure of a PIN (length, complexity) that makes it better than an online password, it's how it works. First we need to distinguish between two types of passwords: 'local' passwords are validated against the machine's password store, whereas 'online' passwords are validated against a server. This article mostly covers the benefits a PIN has over an online password, and also why it can be considered even better than a local password. 
 
-Watch Dana Huang explain why a Windows Hello for Business PIN is more secure than a password.
+Watch Dana Huang explain why a Windows Hello for Business PIN is more secure than an online password.
 
 > [!VIDEO https://www.youtube.com/embed/cC24rPBvdhA]
 
 ## PIN is tied to the device
 
-One important difference between a password and a Hello PIN is that the PIN is tied to the specific device on which it was set up. That PIN is useless to anyone without that specific hardware. Someone who steals your password can sign in to your account from anywhere, but if they steal your PIN, they'd have to steal your physical device too!
+One important difference between an online password and a Hello PIN is that the PIN is tied to the specific device on which it was set up. That PIN is useless to anyone without that specific hardware. Someone who steals your online password can sign in to your account from anywhere, but if they steal your PIN, they'd have to steal your physical device too!
 
 Even you can't use that PIN anywhere except on that specific device. If you want to sign in on multiple devices, you have to set up Hello on each device.
 
 ## PIN is local to the device
 
-A password is transmitted to the server -- it can be intercepted in transmission or stolen from a server. A PIN is local to the device -- it isn't transmitted anywhere and it isn't stored on the server.
+An online password is transmitted to the server -- it can be intercepted in transmission or stolen from a server. A PIN is local to the device -- it isn't transmitted anywhere and it isn't stored on the server.
 When the PIN is created, it establishes a trusted relationship with the identity provider and creates an asymmetric key pair that is used for authentication. When you enter your PIN, it unlocks the authentication key and uses the key to sign the request that is sent to the authenticating server.
+Note, however, that even though local passwords are also local to the device, they are still less secure than a PIN, as described in the next section.
 
 >[!NOTE]
 >For details on how Hello uses asymetric key pairs for authentication, see [Windows Hello for Business](hello-overview.md#benefits-of-windows-hello).
  
 ## PIN is backed by hardware
 
-The Hello PIN is backed by a Trusted Platform Module (TPM) chip, which is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. Many modern devices have TPM.
+The Hello PIN is backed by a Trusted Platform Module (TPM) chip, which is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. Many modern devices have TPM. Windows 10, on the other hand, has a defect of not linking local passwords to TPM. This is the reason why PINs are considered more secure than local passwords.
 
 User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetric key pairs, users credentials can't be stolen in cases where the identity provider or websites the user accesses have been compromised.
 
 The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. After too many incorrect guesses, the device is locked.
 
+
 ## PIN can be complex
 
 The Windows Hello for Business PIN is subject to the same set of IT management policies as a password, such as complexity, length, expiration, and history. Although we generally think of a PIN as a simple four-digit code, administrators can set [policies](hello-manage-in-organization.md) for managed devices to require a PIN complexity similar to a password. You can require or block: special characters, uppercase characters, lowercase characters, and digits.

From 7ee0c447d1cf0554ec2e142bb3c55e4e90e0a458 Mon Sep 17 00:00:00 2001
From: Florian Stosse <Harvester57@users.noreply.github.com>
Date: Tue, 8 Mar 2022 18:24:05 +0100
Subject: [PATCH 15/39] [WDAC] Fix instructions order for UEFI deployment

Fix https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10403
---
 .../deployment/deploy-wdac-policies-with-script.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
index 4368a1ce60..a51d73c403 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
@@ -88,8 +88,8 @@ In addition to the steps outlined above, the binary policy file must also be cop
    $MountPoint = 'C:\EFI'
    $EFIDestinationFolder = "$MountPoint\Microsoft\Boot\CiPolicies\Active"
    $EFIPartition = (Get-Partition | Where-Object IsSystem).AccessPaths[0]
-   mkdir $EFIDestinationFolder
    mountvol $MountPoint $EFIPartition
+   mkdir $EFIDestinationFolder
     ```
 
 2. Copy the signed policy to the created folder:

From f808c1aa702e5ccff708288440d7d014203849d5 Mon Sep 17 00:00:00 2001
From: Tina Burden <v-tibur@microsoft.com>
Date: Tue, 8 Mar 2022 10:44:37 -0800
Subject: [PATCH 16/39] Update
 windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-why-pin-is-better-than-password.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
index bf1676989e..755677290b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
+++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
@@ -27,7 +27,7 @@ ms.date: 10/23/2017
 - Windows 11
 
 Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a local password?
-On the surface, a PIN looks much like a password. A PIN can be a set of numbers, but enterprise policy might allow complex PINs that include special characters and letters, both upper-case and lower-case. Something like **t758A!** could be an account password or a complex Hello PIN. It isn't the structure of a PIN (length, complexity) that makes it better than an online password, it's how it works. First we need to distinguish between two types of passwords: 'local' passwords are validated against the machine's password store, whereas 'online' passwords are validated against a server. This article mostly covers the benefits a PIN has over an online password, and also why it can be considered even better than a local password. 
+On the surface, a PIN looks much like a password. A PIN can be a set of numbers, but enterprise policy might allow complex PINs that include special characters and letters, both upper-case and lower-case. Something like **t758A!** could be an account password or a complex Hello PIN. It isn't the structure of a PIN (length, complexity) that makes it better than an online password, it's how it works. First we need to distinguish between two types of passwords: `local` passwords are validated against the machine's password store, whereas `online` passwords are validated against a server. This article mostly covers the benefits a PIN has over an online password, and also why it can be considered even better than a local password. 
 
 Watch Dana Huang explain why a Windows Hello for Business PIN is more secure than an online password.
 

From 1c4cbd6da537f1bb1fa42ccdc824747e813acc4b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 8 Mar 2022 11:20:19 -0800
Subject: [PATCH 17/39] Update deploy-wdac-policies-with-script.md

---
 .../deployment/deploy-wdac-policies-with-script.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
index a51d73c403..e7c5dca396 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
@@ -10,7 +10,7 @@ ms.reviewer: jogeurte
 ms.author: jogeurte
 ms.manager: jsuther
 manager: dansimp
-ms.date: 11/06/2021
+ms.date: 03/08/2022
 ms.technology: windows-sec
 ms.topic: article
 ms.localizationpriority: medium

From dc5b13a4959c8aa127273cdf02b4d71346711c53 Mon Sep 17 00:00:00 2001
From: Diana Hanson <v-dihans@microsoft.com>
Date: Tue, 8 Mar 2022 12:49:59 -0700
Subject: [PATCH 18/39] Update hello-why-pin-is-better-than-password.md

---
 .../hello-for-business/hello-why-pin-is-better-than-password.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
index 755677290b..6c4c54aee9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
+++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
@@ -43,7 +43,7 @@ Even you can't use that PIN anywhere except on that specific device. If you want
 
 An online password is transmitted to the server -- it can be intercepted in transmission or stolen from a server. A PIN is local to the device -- it isn't transmitted anywhere and it isn't stored on the server.
 When the PIN is created, it establishes a trusted relationship with the identity provider and creates an asymmetric key pair that is used for authentication. When you enter your PIN, it unlocks the authentication key and uses the key to sign the request that is sent to the authenticating server.
-Note, however, that even though local passwords are also local to the device, they are still less secure than a PIN, as described in the next section.
+However, note that even though local passwords are also local to the device, they are still less secure than a PIN, as described in the next section.
 
 >[!NOTE]
 >For details on how Hello uses asymetric key pairs for authentication, see [Windows Hello for Business](hello-overview.md#benefits-of-windows-hello).

From 20efba33cc2759d01a4b725548b83336b1f81a4b Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Tue, 8 Mar 2022 15:43:27 -0800
Subject: [PATCH 19/39] add warning

---
 windows/deployment/update/windows-update-resources.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/deployment/update/windows-update-resources.md b/windows/deployment/update/windows-update-resources.md
index 8173d6ca5b..addbc016f4 100644
--- a/windows/deployment/update/windows-update-resources.md
+++ b/windows/deployment/update/windows-update-resources.md
@@ -82,6 +82,10 @@ If all else fails, try resetting the Windows Update Agent by running these comma
    Ren %Systemroot%\SoftwareDistribution\Download Download.bak
    Ren %Systemroot%\System32\catroot2 catroot2.bak
    ```
+
+      > [!IMPORTANT]
+      > The **reset** step below using sc.exe will **overwrite** your existing security ACLs on the BITS and Windows Update service and set them to default.  Skip this step unless the other steps to reset Windows Update components have not resolved the issue.
+
    2. Reset the **BITS service** and the **Windows Update service** to the default security descriptor. To do this, type the following commands at a command prompt. Press ENTER after you type each command.
    ``` console
    sc.exe sdset bits D:(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)

From ff7db07bed62b5ad381e88bb7b6dc83f99284ee4 Mon Sep 17 00:00:00 2001
From: valemieux <98555474+valemieux@users.noreply.github.com>
Date: Tue, 8 Mar 2022 20:49:20 -0800
Subject: [PATCH 20/39] Update the Recommended blocklist with new blocks
 38430645

---
 ...icrosoft-recommended-driver-block-rules.md | 22 +++++--------------
 1 file changed, 5 insertions(+), 17 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index a47682f38e..ddc5e3e2fe 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -110,7 +110,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Deny ID="ID_DENY_BANDAI_SHA256" FriendlyName="bandai.sys Hash Sha256" Hash="7FD788358585E0B863328475898BB4400ED8D478466D1B7F5CC0252671456CC8" />
     <Deny ID="ID_DENY_BANDAI_SHA1_PAGE" FriendlyName="bandai.sys Hash Page Sha1" Hash="EA360A9F23BB7CF67F08B88E6A185A699F0C5410" />
     <Deny ID="ID_DENY_BANDAI_SHA256_PAGE" FriendlyName="bandai.sys Hash Page Sha256" Hash="BB83738210650E09307CE869ACA9BFA251024D3C47B1006B94FCE2846313F56E" />
-  	<Deny ID="ID_DENY_BS_RCIO64_SHA1" FriendlyName="BS_RCIO64 73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Sha1" Hash="4BFE9E5A5A25B7CDE6C81EBE31ED4ABEB5147FAF" />
+	<Deny ID="ID_DENY_BS_RCIO64_SHA1" FriendlyName="BS_RCIO64 73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Sha1" Hash="4BFE9E5A5A25B7CDE6C81EBE31ED4ABEB5147FAF" />
     <Deny ID="ID_DENY_BS_RCIO64_SHA256" FriendlyName="BS_RCIO64 73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Sha256" Hash="0381632CD236CD94FA9E64CCC958516AC50F9437F99092E231A607B1E6BE6CF8" />
     <Deny ID="ID_DENY_BS_RCIO64_SHA1_PAGE" FriendlyName="BS_RCIO64 5651466512138240\73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Page Sha1" Hash="C28B640BECA5E2834D2A373F139869CC309F6631" />
     <Deny ID="ID_DENY_BS_RCIO64_SHA256_PAGE" FriendlyName="BS_RCIO64 5651466512138240\73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Page Sha256" Hash="9378F7DFF94D9409D38FA1A125C52734D6BAEA90913FC3CEE2659FD36AB0DA29" />
@@ -402,7 +402,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <FileAttrib ID="ID_FILEATTRIB_BSMI" FriendlyName="" FileName="BSMI.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.3" />
     <FileAttrib ID="ID_FILEATTRIB_BS_HWMIO64" FriendlyName="" FileName="BS_HWMIO64_W10.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.1806.2200" />
     <FileAttrib ID="ID_FILEATTRIB_BS_I2CIO" FriendlyName="" FileName="BS_I2cIo.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.1.0.0" />
-	 <FileAttrib ID="ID_FILEATTRIB_BS_RCIO" FriendlyName="BS_RCIO.sys FileAttribute" FileName="BS_RCIO64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.0.1" />
+	<FileAttrib ID="ID_FILEATTRIB_BS_RCIO" FriendlyName="BS_RCIO.sys FileAttribute" FileName="BS_RCIO64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.0.1" />
     <FileAttrib ID="ID_FILEATTRIB_NTIOLIB" FriendlyName="" FileName="NTIOLib.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_CPUZ_DRIVER" FriendlyName="" FileName="cpuz.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.4.3" />
     <FileAttrib ID="ID_FILEATTRIB_ELBY_DRIVER" FriendlyName="" FileName="ElbyCDIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.0.3.2" />
@@ -413,7 +413,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <FileAttrib ID="ID_FILEATTRIB_LIBNICM_DRIVER" FriendlyName="" FileName="libnicm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
     <FileAttrib ID="ID_FILEATTRIB_MTCBSV64" FriendlyName="mtcBSv64.sys FileAttribute" FileName="mtcBSv64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="21.2.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_NCHGBIOS2X64" FriendlyName="" FileName="NCHGBIOS2x64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="4.2.4.0" />
-	  <FileAttrib ID="ID_FILEATTRIB_NCPL_DRIVER" FriendlyName="" FileName="NCPL.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
+	<FileAttrib ID="ID_FILEATTRIB_NCPL_DRIVER" FriendlyName="" FileName="NCPL.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
     <FileAttrib ID="ID_FILEATTRIB_NICM_DRIVER" FriendlyName="" FileName="NICM.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
     <FileAttrib ID="ID_FILEATTRIB_NSCM_DRIVER" FriendlyName="" FileName="nscm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
     <FileAttrib ID="ID_FILEATTRIB_PHYSMEM" FriendlyName="Physmem.sys FileAttribute" FileName="physmem.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
@@ -448,13 +448,6 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RWDRV_DRIVER" />
     </Signer>
-    <Signer ID="ID_SIGNER_VERISIGN_2010_2" Name="VeriSign Class 3 Code Signing 2010 CA">
-      <CertRoot Type="TBS" Value="4678C6E4A8787A8E6ED2BCE8792B122F6C08AFD8" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RWDRV_DRIVER" />
-    </Signer>
     <Signer ID="ID_SIGNER_VERISIGN_2010_2" Name="VeriSign Class 3 Code Signing 2010 CA">
       <CertRoot Type="TBS" Value="4678C6E4A8787A8E6ED2BCE8792B122F6C08AFD8" />
       <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
@@ -575,7 +568,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
       <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_LHA" />
       <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
-	   <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER" />
+	  <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NICM_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NSCM_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
@@ -629,7 +622,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
       <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
       <CertPublisher Value="Novell, Inc." />
       <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
-	    <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER" />
+	  <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NICM_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NSCM_DRIVER" />
     </Signer>
@@ -1153,11 +1146,6 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
         <String>10.0.25070.0</String>
       </Value>
     </Setting>
-    <Setting Provider="PolicyInfo" Key="NoRevalidationUponRefresh" ValueName="NoRevalidationUponRefreshValue">
-      <Value>
-        <Boolean>true</Boolean>
-      </Value>
-    </Setting>
   </Settings>
 </SiPolicy>
 ```

From e62f8b8804125a9baddbbbd87ca7f63c8e2fb1c4 Mon Sep 17 00:00:00 2001
From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com>
Date: Wed, 9 Mar 2022 12:26:47 -0800
Subject: [PATCH 21/39] Update configure-md-app-guard.md

---
 .../configure-md-app-guard.md                                | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
index 725a653863..3fbdf21757 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -63,3 +63,8 @@ These settings, located at `Computer Configuration\Administrative Templates\Wind
 |Allow camera and microphone access in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher<p>Windows 11|Determines whether to allow camera and microphone access inside Microsoft Defender Application Guard.|**Enabled.** Applications inside Microsoft Defender Application Guard are able to access the camera and microphone on the user's device. **Important:** Be aware that enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.<p>**Disabled or not configured.** Applications inside Microsoft Defender Application Guard are unable to access the camera and microphone on the user's device.|
 |Allow Microsoft Defender Application Guard to use Root Certificate Authorities from a user's device|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher<p>Windows 11|Determines whether Root Certificates are shared with Microsoft Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Use a comma to separate multiple certificates.<p>**Disabled or not configured.** Certificates are not shared with Microsoft Defender Application Guard.|
 |Allow auditing events in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher<p>Windows 11|This policy setting allows you to decide whether auditing events can be collected from Microsoft Defender Application Guard.|**Enabled.** Application Guard inherits auditing policies from your device and logs system events from the Application Guard container to your host.<p>**Disabled or not configured.** event logs aren't collected from your Application Guard container.|
+ 
+## Application Guard support dialogue settings
+
+These settings are located at `Administrative Templates -> Windows Components -> Windows Security -> Enterprise Customization`. If an error is encountered, the user is presented with a dialog. By default, this dialog only contains the error information and a button for them to report it to Microsoft via feedback hub. However, it is possible to supplement additional information in the dialog.
+[Use Group Policy to enable and customize contact information](/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information#use-group-policy-to-enable-and-customize-contact-information).

From 2b80ed166f95b35bfe265364a682f10a13f56a51 Mon Sep 17 00:00:00 2001
From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com>
Date: Wed, 9 Mar 2022 12:31:01 -0800
Subject: [PATCH 22/39] Update configure-md-app-guard.md

---
 .../configure-md-app-guard.md                                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
index 3fbdf21757..6d5e6b568d 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -67,4 +67,4 @@ These settings, located at `Computer Configuration\Administrative Templates\Wind
 ## Application Guard support dialogue settings
 
 These settings are located at `Administrative Templates -> Windows Components -> Windows Security -> Enterprise Customization`. If an error is encountered, the user is presented with a dialog. By default, this dialog only contains the error information and a button for them to report it to Microsoft via feedback hub. However, it is possible to supplement additional information in the dialog.
-[Use Group Policy to enable and customize contact information](/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information#use-group-policy-to-enable-and-customize-contact-information).
+[Use Group Policy to enable and customize contact information](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information#use-group-policy-to-enable-and-customize-contact-information).

From 0e9ffcc471e4393680a72cf92d335857800ac64d Mon Sep 17 00:00:00 2001
From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com>
Date: Wed, 9 Mar 2022 12:32:33 -0800
Subject: [PATCH 23/39] Update configure-md-app-guard.md

---
 .../configure-md-app-guard.md                                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
index 6d5e6b568d..0b3c1ef222 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -66,5 +66,5 @@ These settings, located at `Computer Configuration\Administrative Templates\Wind
  
 ## Application Guard support dialogue settings
 
-These settings are located at `Administrative Templates -> Windows Components -> Windows Security -> Enterprise Customization`. If an error is encountered, the user is presented with a dialog. By default, this dialog only contains the error information and a button for them to report it to Microsoft via feedback hub. However, it is possible to supplement additional information in the dialog.
+These settings are located at `Administrative Templates\Windows Components\Windows Security\Enterprise Customization`. If an error is encountered, the user is presented with a dialog. By default, this dialog only contains the error information and a button for them to report it to Microsoft via feedback hub. However, it is possible to supplement additional information in the dialog.
 [Use Group Policy to enable and customize contact information](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information#use-group-policy-to-enable-and-customize-contact-information).

From 218b04c43762a3e2712914c1fda85a319e8f19d2 Mon Sep 17 00:00:00 2001
From: Michael Mardahl <iphase@iphase.dk>
Date: Wed, 9 Mar 2022 23:50:24 +0100
Subject: [PATCH 24/39] Update
 bitlocker-device-encryption-overview-windows-10.md

Added information about deprecation that is VERY important to point out, and removed links to get MBAM.

Added new links and relevant information.

#ATCP
---
 .../bitlocker-device-encryption-overview-windows-10.md     | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
index 2b18579a8c..0d310a2a0b 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@@ -144,4 +144,9 @@ Part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage
 * Offers an IT-customizable recovery user experience.
 * Supports Windows 10.
 
-For more information about MBAM, including how to obtain it, see [Microsoft BitLocker Administration and Monitoring](/microsoft-desktop-optimization-pack/) on the MDOP TechCenter.
+> [!IMPORTANT]
+>Enterprises can use Microsoft BitLocker Administration and Monitoring (MBAM) to manage client computers with BitLocker that are domain-joined on-premises until mainstream support ends in July 2019 or they can receive extended support until April 2026
+
+Going forward, the functionality of MBAM will be incorporated into Microsoft Endpoint Manager Config Manager (MEMCM), see [Features in Configuration Manager technical preview version 1909](/mem/configmgr/core/get-started/2019/technical-preview-1909#bkmk_bitlocker)
+
+Customers not using Config Manager can utilize the built-in features of Azure AD and Microsoft Endpoint Manager Microsoft Intune (MEMMI) for administration and monitoring, see [Monitor device encryption with Intune](/mem/intune/protect/encryption-monitor)

From 7aaefada29f6bb1423da04a3f86736f30a369c6b Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Thu, 10 Mar 2022 11:11:21 +0500
Subject: [PATCH 25/39] Update phishing.md

---
 windows/security/threat-protection/intelligence/phishing.md | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/intelligence/phishing.md b/windows/security/threat-protection/intelligence/phishing.md
index 36de3f06bf..f3ef00e9da 100644
--- a/windows/security/threat-protection/intelligence/phishing.md
+++ b/windows/security/threat-protection/intelligence/phishing.md
@@ -81,11 +81,7 @@ If you feel you've been a victim of a phishing attack:
 
 - **Microsoft Office Outlook**: While in the suspicious message, select **Report message** from the ribbon, and then select **Phishing**.
 
-- **Microsoft**: Create a new, blank email message with the one of the following recipients:
-    - Junk: junk@office365.microsoft.com
-    - Phishing: phish@office365.microsoft.com
-
-    Drag and drop the junk or phishing message into the new message. This will save the junk or phishing message as an attachment in the new message. Don't copy and paste the content of the message or forward the message (we need the original message so we can inspect the message headers). For more information, see [Report messages and files to Microsoft](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft).
+- **Microsoft 365**: Use [Submissions portal in Microsoft 365 Defender](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft) to submit the junk or phishing sample to Microsoft for analysis. For more information, see [Report messages and files to Microsoft](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft).
 
 - **Anti-Phishing Working Group**: phishing-report@us-cert.gov. The group uses reports generated from emails sent to fight phishing scams and hackers. ISPs, security vendors, financial institutions, and law enforcement agencies are involved.
 

From d107f8c791ec08ca6b2a800721ff72d639c31486 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Thu, 10 Mar 2022 11:42:17 +0500
Subject: [PATCH 26/39] Update windows-sandbox-overview.md

---
 .../windows-sandbox/windows-sandbox-overview.md                | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
index 2a3f6d6dc3..3e04906f6d 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -29,6 +29,9 @@ Windows Sandbox has the following properties:
 - **Secure**: Uses hardware-based virtualization for kernel isolation. It relies on the Microsoft hypervisor to run a separate kernel that isolates Windows Sandbox from the host.
 - **Efficient:** Uses the integrated kernel scheduler, smart memory management, and virtual GPU.
 
+   > [!IMPORTANT]
+   > Sandbox has enabled network connection by default. It can be disabled using [Sandbox Configuration file](/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file#networking).
+
 The following video provides an overview of Windows Sandbox.
 
 > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4rFAo]

From a4bdeb6e0140a6758aa5403b1be351bf122f5c98 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Thu, 10 Mar 2022 12:29:29 +0500
Subject: [PATCH 27/39] Update credential-guard.md

---
 .../credential-guard/credential-guard.md                    | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md
index 2c6e89c1e2..f1da3ea8c0 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard.md
@@ -38,12 +38,8 @@ By enabling Windows Defender Credential Guard, the following features and soluti
  
 ## Related topics
 
-- [Isolated User Mode in Windows 10 with Dave Probert (Channel 9)](https://channel9.msdn.com/Blogs/Seth-Juarez/Isolated-User-Mode-in-Windows-10-with-Dave-Probert)
-- [Isolated User Mode Processes and Features in Windows 10 with Logan Gabriel (Channel 9)](https://channel9.msdn.com/Blogs/Seth-Juarez/Isolated-User-Mode-Processes-and-Features-in-Windows-10-with-Logan-Gabriel)
-- [More on Processes and Features in Windows 10 Isolated User Mode with Dave Probert (Channel 9)](https://channel9.msdn.com/Blogs/Seth-Juarez/More-on-Processes-and-Features-in-Windows-10-Isolated-User-Mode-with-Dave-Probert)
-- [Mitigating Credential Theft using the Windows 10 Isolated User Mode (Channel 9)](https://channel9.msdn.com/Blogs/Seth-Juarez/Mitigating-Credential-Theft-using-the-Windows-10-Isolated-User-Mode)
 - [Protecting network passwords with Windows Defender Credential Guard](https://www.microsoft.com/itshowcase/Article/Content/831/Protecting-network-passwords-with-Windows-10-Credential-Guard)
 - [Enabling Strict KDC Validation in Windows Kerberos](https://www.microsoft.com/download/details.aspx?id=6382)
 - [What's New in Kerberos Authentication for Windows Server 2012](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831747(v=ws.11))
 - [Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd378897(v=ws.10))
-- [Trusted Platform Module](/windows/device-security/tpm/trusted-platform-module-overview)
\ No newline at end of file
+- [Trusted Platform Module](/windows/device-security/tpm/trusted-platform-module-overview)

From 187fa93a705a42a699d679d4968dc6d0d6158d5c Mon Sep 17 00:00:00 2001
From: Michael Mardahl <iphase@iphase.dk>
Date: Thu, 10 Mar 2022 12:28:21 +0100
Subject: [PATCH 28/39] Update
 windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../bitlocker-device-encryption-overview-windows-10.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
index 0d310a2a0b..fbd429a2fb 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@@ -149,4 +149,4 @@ Part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage
 
 Going forward, the functionality of MBAM will be incorporated into Microsoft Endpoint Manager Config Manager (MEMCM), see [Features in Configuration Manager technical preview version 1909](/mem/configmgr/core/get-started/2019/technical-preview-1909#bkmk_bitlocker)
 
-Customers not using Config Manager can utilize the built-in features of Azure AD and Microsoft Endpoint Manager Microsoft Intune (MEMMI) for administration and monitoring, see [Monitor device encryption with Intune](/mem/intune/protect/encryption-monitor)
+Enterprises not using Configuration Manager can use the built-in features of Azure AD and Microsoft Intune in Microsoft Endpoint Manager for administration and monitoring. For more details, see [Monitor device encryption with Intune](/mem/intune/protect/encryption-monitor).

From c3f38f0b8e48f055281d78e966db418b95ddd193 Mon Sep 17 00:00:00 2001
From: Michael Mardahl <iphase@iphase.dk>
Date: Thu, 10 Mar 2022 12:28:28 +0100
Subject: [PATCH 29/39] Update
 windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../bitlocker-device-encryption-overview-windows-10.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
index fbd429a2fb..8ad54f3f43 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@@ -145,7 +145,7 @@ Part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage
 * Supports Windows 10.
 
 > [!IMPORTANT]
->Enterprises can use Microsoft BitLocker Administration and Monitoring (MBAM) to manage client computers with BitLocker that are domain-joined on-premises until mainstream support ends in July 2019 or they can receive extended support until April 2026
+> Enterprises could use MBAM to manage client computers with BitLocker that are domain-joined on-premises until mainstream support ended in July 2019, or they could receive extended support until April 2026.
 
 Going forward, the functionality of MBAM will be incorporated into Microsoft Endpoint Manager Config Manager (MEMCM), see [Features in Configuration Manager technical preview version 1909](/mem/configmgr/core/get-started/2019/technical-preview-1909#bkmk_bitlocker)
 

From b6c4a357af12760583e9775740a1497032d002c0 Mon Sep 17 00:00:00 2001
From: Michael Mardahl <iphase@iphase.dk>
Date: Thu, 10 Mar 2022 12:28:33 +0100
Subject: [PATCH 30/39] Update
 windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../bitlocker-device-encryption-overview-windows-10.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
index 8ad54f3f43..5af5cc77cf 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@@ -147,6 +147,6 @@ Part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage
 > [!IMPORTANT]
 > Enterprises could use MBAM to manage client computers with BitLocker that are domain-joined on-premises until mainstream support ended in July 2019, or they could receive extended support until April 2026.
 
-Going forward, the functionality of MBAM will be incorporated into Microsoft Endpoint Manager Config Manager (MEMCM), see [Features in Configuration Manager technical preview version 1909](/mem/configmgr/core/get-started/2019/technical-preview-1909#bkmk_bitlocker)
+Going forward, the functionality of MBAM will be incorporated into Configuration Manager. For more details, see [Features in Configuration Manager technical preview version 1909](/mem/configmgr/core/get-started/2019/technical-preview-1909#bkmk_bitlocker).
 
 Enterprises not using Configuration Manager can use the built-in features of Azure AD and Microsoft Intune in Microsoft Endpoint Manager for administration and monitoring. For more details, see [Monitor device encryption with Intune](/mem/intune/protect/encryption-monitor).

From e056d54062b29ee7713e401490791f41da458176 Mon Sep 17 00:00:00 2001
From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com>
Date: Thu, 10 Mar 2022 08:58:10 -0800
Subject: [PATCH 31/39] Update
 windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../configure-md-app-guard.md                                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
index 0b3c1ef222..50b4a55457 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -66,5 +66,5 @@ These settings, located at `Computer Configuration\Administrative Templates\Wind
  
 ## Application Guard support dialogue settings
 
-These settings are located at `Administrative Templates\Windows Components\Windows Security\Enterprise Customization`. If an error is encountered, the user is presented with a dialog. By default, this dialog only contains the error information and a button for them to report it to Microsoft via feedback hub. However, it is possible to supplement additional information in the dialog.
+These settings are located at `Administrative Templates\Windows Components\Windows Security\Enterprise Customization`. If an error is encountered, you are presented with a dialog box. By default, this dialog box only contains the error information and a button for you to report it to Microsoft via the feedback hub. However, it is possible to provide additional information in the dialog box.
 [Use Group Policy to enable and customize contact information](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information#use-group-policy-to-enable-and-customize-contact-information).

From 604e862ce8b352566d62f9a1ce1177a9c727f51c Mon Sep 17 00:00:00 2001
From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com>
Date: Thu, 10 Mar 2022 08:58:20 -0800
Subject: [PATCH 32/39] Update
 windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../configure-md-app-guard.md                                  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
index 50b4a55457..f7d0af983d 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -67,4 +67,5 @@ These settings, located at `Computer Configuration\Administrative Templates\Wind
 ## Application Guard support dialogue settings
 
 These settings are located at `Administrative Templates\Windows Components\Windows Security\Enterprise Customization`. If an error is encountered, you are presented with a dialog box. By default, this dialog box only contains the error information and a button for you to report it to Microsoft via the feedback hub. However, it is possible to provide additional information in the dialog box.
-[Use Group Policy to enable and customize contact information](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information#use-group-policy-to-enable-and-customize-contact-information).
+
+[Use Group Policy to enable and customize contact information](/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information#use-group-policy-to-enable-and-customize-contact-information).

From d7eaf38736c154b98f4fd91de7736eca04c65e7f Mon Sep 17 00:00:00 2001
From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com>
Date: Thu, 10 Mar 2022 08:58:29 -0800
Subject: [PATCH 33/39] Update
 windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../configure-md-app-guard.md                                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
index f7d0af983d..c1d1935482 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -64,7 +64,7 @@ These settings, located at `Computer Configuration\Administrative Templates\Wind
 |Allow Microsoft Defender Application Guard to use Root Certificate Authorities from a user's device|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher<p>Windows 11|Determines whether Root Certificates are shared with Microsoft Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Use a comma to separate multiple certificates.<p>**Disabled or not configured.** Certificates are not shared with Microsoft Defender Application Guard.|
 |Allow auditing events in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher<p>Windows 11|This policy setting allows you to decide whether auditing events can be collected from Microsoft Defender Application Guard.|**Enabled.** Application Guard inherits auditing policies from your device and logs system events from the Application Guard container to your host.<p>**Disabled or not configured.** event logs aren't collected from your Application Guard container.|
  
-## Application Guard support dialogue settings
+## Application Guard support dialog settings
 
 These settings are located at `Administrative Templates\Windows Components\Windows Security\Enterprise Customization`. If an error is encountered, you are presented with a dialog box. By default, this dialog box only contains the error information and a button for you to report it to Microsoft via the feedback hub. However, it is possible to provide additional information in the dialog box.
 

From 1a8d0c06003383739252b94da42202583d322246 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 10 Mar 2022 09:59:42 -0800
Subject: [PATCH 34/39] Update configure-md-app-guard.md

---
 .../configure-md-app-guard.md                          | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
index c1d1935482..99819da4d5 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 09/20/2021
+ms.date: 03/10/2022
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
@@ -31,13 +31,13 @@ Application Guard uses both network isolation and application-specific settings.
 These settings, located at `Computer Configuration\Administrative Templates\Network\Network Isolation`, help you define and manage your organization's network boundaries. Application Guard uses this information to automatically transfer any requests to access the non-corporate resources into the Application Guard container.
 
 > [!NOTE]
-> You must configure either the Enterprise resource domains hosted in the cloud or Private network ranges for apps settings on your employee devices to successfully turn on Application Guard using enterprise mode. Proxy servers must be a neutral resource listed in the "Domains categorized as both work and personal" policy.
+> You must configure either the Enterprise resource domains hosted in the cloud or Private network ranges for apps settings on your employee devices to successfully turn on Application Guard using enterprise mode. Proxy servers must be a neutral resource listed in the **Domains categorized as both work and personal** policy.
  
 |Policy name|Supported versions|Description|
 |-----------|------------------|-----------|
 |Private network ranges for apps | At least Windows Server 2012, Windows 8, or Windows RT| A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
-|Enterprise resource domains hosted in the cloud| At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. <p>**NOTE**: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
-|Domains categorized as both work and personal| At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment. <p>**NOTE**: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
+|Enterprise resource domains hosted in the cloud| At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (`|`) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. <p>Note that this list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
+|Domains categorized as both work and personal| At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment. <p>Note that this list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
 
 ## Network isolation settings wildcards
 
@@ -49,7 +49,7 @@ These settings, located at `Computer Configuration\Administrative Templates\Netw
 |`..contoso.com`|2|Trust all levels of the domain hierarchy that are to the left of the dot. Matching sites include `shop.contoso.com`, `us.shop.contoso.com`, `www.us.shop.contoso.com`, but NOT `contoso.com` itself.|
 
 ## Application-specific settings
-These settings, located at `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard`, can help you to manage your company's implementation of Application Guard.
+These settings, located at `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard`, can help you to manage your organization's implementation of Application Guard.
 
 |Name|Supported versions|Description|Options|
 |-----------|------------------|-----------|-------|

From 00b832976d583de4acc9a7db867f45daf84475ac Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 10 Mar 2022 10:14:10 -0800
Subject: [PATCH 35/39] Update
 bitlocker-device-encryption-overview-windows-10.md

---
 .../bitlocker-device-encryption-overview-windows-10.md       | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
index 5af5cc77cf..708a928453 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@@ -14,7 +14,7 @@ ms.collection:
   - M365-security-compliance
   - highpri
 ms.topic: conceptual
-ms.date: 02/28/2019
+ms.date: 03/10/2022
 ms.custom: bitlocker
 ---
 
@@ -64,6 +64,7 @@ Microsoft includes instrumentation in Windows 11 and Windows 10 that enable the
 ## Deploy hard drive encryption
 
 BitLocker is capable of encrypting entire hard drives, including both system and data drives. BitLocker pre-provisioning can drastically reduce the time required to provision new PCs with BitLocker enabled. With Windows 11 and Windows 10, administrators can turn on BitLocker and the TPM from within the Windows Preinstallation Environment before they install Windows or as part of an automated deployment task sequence without any user interaction. Combined with Used Disk Space Only encryption and a mostly empty drive (because Windows is not yet installed), it takes only a few seconds to enable BitLocker.
+
 With earlier versions of Windows, administrators had to enable BitLocker after Windows had been installed. Although this process could be automated, BitLocker would need to encrypt the entire drive, a process that could take anywhere from several hours to more than a day depending on drive size and performance, which significantly delayed deployment. Microsoft has improved this process through multiple features in Windows 11 and Windows 10.
 
 ## BitLocker Device Encryption 
@@ -130,7 +131,7 @@ For more information about how to configure Network Unlock, see [BitLocker: How
 
 ## Microsoft BitLocker Administration and Monitoring
 
-Part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage and support BitLocker and BitLocker To Go. MBAM 2.5 with Service Pack 1, the latest version, has the following key features:
+Part of the Microsoft Desktop Optimization Pack, Microsoft BitLocker Administration and Monitoring (MBAM) makes it easier to manage and support BitLocker and BitLocker To Go. MBAM 2.5 with Service Pack 1, the latest version, has the following key features:
 
 * Enables administrators to automate the process of encrypting volumes on client computers across the enterprise.
 * Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself.

From 632cae29956f3f6faec2cc9f564d5d3abe994e0a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 10 Mar 2022 10:15:35 -0800
Subject: [PATCH 36/39] Update
 windows/security/threat-protection/intelligence/phishing.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/security/threat-protection/intelligence/phishing.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/intelligence/phishing.md b/windows/security/threat-protection/intelligence/phishing.md
index f3ef00e9da..960336ca09 100644
--- a/windows/security/threat-protection/intelligence/phishing.md
+++ b/windows/security/threat-protection/intelligence/phishing.md
@@ -81,7 +81,7 @@ If you feel you've been a victim of a phishing attack:
 
 - **Microsoft Office Outlook**: While in the suspicious message, select **Report message** from the ribbon, and then select **Phishing**.
 
-- **Microsoft 365**: Use [Submissions portal in Microsoft 365 Defender](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft) to submit the junk or phishing sample to Microsoft for analysis. For more information, see [Report messages and files to Microsoft](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft).
+- **Microsoft 365**: Use the [Submissions portal in Microsoft 365 Defender](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft) to submit the junk or phishing sample to Microsoft for analysis. For more information, see [Report messages and files to Microsoft](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft).
 
 - **Anti-Phishing Working Group**: phishing-report@us-cert.gov. The group uses reports generated from emails sent to fight phishing scams and hackers. ISPs, security vendors, financial institutions, and law enforcement agencies are involved.
 

From 872eb1ca830bba26eef8ffc0a33b294ed4f61f5f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 10 Mar 2022 10:17:25 -0800
Subject: [PATCH 37/39] Update
 windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../windows-sandbox/windows-sandbox-overview.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
index 3e04906f6d..65b8c21047 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -30,7 +30,7 @@ Windows Sandbox has the following properties:
 - **Efficient:** Uses the integrated kernel scheduler, smart memory management, and virtual GPU.
 
    > [!IMPORTANT]
-   > Sandbox has enabled network connection by default. It can be disabled using [Sandbox Configuration file](/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file#networking).
+   > Windows Sandbox enables network connection by default. It can be disabled using the [Windows Sandbox configuration file](/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file#networking).
 
 The following video provides an overview of Windows Sandbox.
 

From 3152525e9afbd5cacfd513e83bfaaaed4b8084a5 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 10 Mar 2022 10:18:38 -0800
Subject: [PATCH 38/39] Update credential-guard.md

---
 .../identity-protection/credential-guard/credential-guard.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md
index f1da3ea8c0..4153f5223b 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard.md
@@ -16,7 +16,7 @@ ms.collection:
   - M365-identity-device-management
   - highpri
 ms.topic: article
-ms.date: 08/17/2017
+ms.date: 03/10/2022
 ---
 
 # Protect derived domain credentials with Windows Defender Credential Guard

From 7f1b5caf13f5613692fd59638930b62d0947d1af Mon Sep 17 00:00:00 2001
From: Diana Hanson <v-dihans@microsoft.com>
Date: Thu, 10 Mar 2022 11:53:51 -0700
Subject: [PATCH 39/39] Update
 bitlocker-device-encryption-overview-windows-10.md

---
 .../bitlocker-device-encryption-overview-windows-10.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
index 708a928453..26f5413422 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@@ -135,7 +135,7 @@ Part of the Microsoft Desktop Optimization Pack, Microsoft BitLocker Administrat
 
 * Enables administrators to automate the process of encrypting volumes on client computers across the enterprise.
 * Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself.
-* Provides centralized reporting and hardware management with Microsoft Microsoft Endpoint Configuration Manager.
+* Provides centralized reporting and hardware management with Microsoft Endpoint Configuration Manager.
 * Reduces the workload on the help desk to assist end users with BitLocker recovery requests.
 * Enables end users to recover encrypted devices independently by using the Self-Service Portal.
 * Enables security officers to easily audit access to recovery key information.