From a18d660dad9529b8a140bde619cc7147b44312d4 Mon Sep 17 00:00:00 2001
From: mapalko <20977663+mapalko@users.noreply.github.com>
Date: Fri, 21 Mar 2025 15:47:00 -0700
Subject: [PATCH 1/5] Update deprecated-features-resources.md

Added a note about NTLMv1 removal including limitations around removal related to other capabilities using the same primitives (i.e. MSCHAPv2).
---
 windows/whats-new/deprecated-features-resources.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md
index 87ff332844..a276519e51 100644
--- a/windows/whats-new/deprecated-features-resources.md
+++ b/windows/whats-new/deprecated-features-resources.md
@@ -36,6 +36,8 @@ In many cases, applications should be able to replace NTLM with Negotiate using
 
 Negotiate's built-in fallback to NTLM is preserved to mitigate compatibility issues during this transition. For updates on NTLM deprecation, see [https://aka.ms/ntlm](https://aka.ms/ntlm). 
 
+NTLM v1 is removed starting in Windows 11, version 24H2 and Windows Server 2025. Some situations still use NTLMv1 primitives for legacy reasons. MSCHAPv2 uses the same response function as NTLMv1 and is vulnerable to the same attacks against the weak crypto.  MSCHAPv2 is only disabled by enabling Credential Guard.
+
 ## WordPad
 
 WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. As a result, Windows will no longer have a built-in, default RTF reader. We recommend Microsoft Word for rich text documents like .doc and .rtf and Notepad for plain text documents like .txt. The following binaries will be removed as a result of WordPad removal:

From 03c3ae8305055eb5d1ae68e6d217651bcad11612 Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Mon, 24 Mar 2025 11:34:29 -0600
Subject: [PATCH 2/5] Update policy-csp-accounts.md

---
 windows/client-management/mdm/policy-csp-accounts.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index c7a8579e25..119876597c 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -143,6 +143,7 @@ Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant
 
 <!-- AllowMicrosoftAccountSignInAssistant-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+If the Microsoft Account Sign-In Assistant service is disabled, the initial digital license activation with a MAK key will fail.
 <!-- AllowMicrosoftAccountSignInAssistant-Editable-End -->
 
 <!-- AllowMicrosoftAccountSignInAssistant-DFProperties-Begin -->

From aa0b71dd9aa7f5b389984ccef61e7f2e8cf6d66d Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Mon, 24 Mar 2025 11:44:16 -0600
Subject: [PATCH 3/5] Update policy-csp-accounts.md

---
 windows/client-management/mdm/policy-csp-accounts.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index 119876597c..517a88f6b3 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -143,7 +143,8 @@ Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant
 
 <!-- AllowMicrosoftAccountSignInAssistant-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-If the Microsoft Account Sign-In Assistant service is disabled, the initial digital license activation with a MAK key will fail.
+> [!CAUTION]
+> If the Microsoft Account Sign-In Assistant service is disabled, the initial digital license activation with a MAK key will fail.
 <!-- AllowMicrosoftAccountSignInAssistant-Editable-End -->
 
 <!-- AllowMicrosoftAccountSignInAssistant-DFProperties-Begin -->

From cca5e98f8a1430fffc4d0612ab1f66bb93a4e1b2 Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Mon, 24 Mar 2025 12:10:01 -0600
Subject: [PATCH 4/5] Update policy-csp-accounts.md

---
 windows/client-management/mdm/policy-csp-accounts.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index 517a88f6b3..2c00a22b4a 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -144,7 +144,7 @@ Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant
 <!-- AllowMicrosoftAccountSignInAssistant-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!CAUTION]
-> If the Microsoft Account Sign-In Assistant service is disabled, the initial digital license activation with a MAK key will fail.
+> If the Microsoft Account Sign-In Assistant service is disabled, the initial digital license activation with a Multiple Activation Key (MAK) will fail.
 <!-- AllowMicrosoftAccountSignInAssistant-Editable-End -->
 
 <!-- AllowMicrosoftAccountSignInAssistant-DFProperties-Begin -->

From 6a4025841d5b2e65519e9aa6bab675d58c96fb56 Mon Sep 17 00:00:00 2001
From: Markus Sarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Mon, 24 Mar 2025 11:59:31 +0100
Subject: [PATCH 5/5] Learn Editor: Update rules.md

---
 .../network-security/windows-firewall/rules.md              | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/security/operating-system-security/network-security/windows-firewall/rules.md b/windows/security/operating-system-security/network-security/windows-firewall/rules.md
index 64b6580098..3e4efcc4cd 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md
@@ -11,7 +11,7 @@ In many cases, a first step for administrators is to customize the firewall prof
 
 This article describes the concepts and recommendations for creating and managing firewall rules.
 
-## Rule precedence for inbound rules
+## Rule precedence for inbound and outbound rules
 
 In many cases, allowing specific types of inbound traffic is required for applications to function in the network. Administrators should keep the following rule precedence behaviors in mind when configuring inbound exceptions:
 
@@ -19,7 +19,9 @@ In many cases, allowing specific types of inbound traffic is required for applic
 1. Explicit block rules take precedence over any conflicting allow rules
 1. More specific rules take precedence over less specific rules, except if there are explicit block rules as mentioned in 2. For example, if the parameters of rule 1 include an IP address range, while the parameters of rule 2 include a single IP host address, rule 2 takes precedence
 
-Because of 1 and 2, when designing a set of policies you should make sure that there are no other explicit block rules that could inadvertently overlap, thus preventing the traffic flow you wish to allow.
+Because of 1 and 2, when designing a set of policies, you should make sure that there are no other explicit block rules that could inadvertently overlap, thus preventing the traffic flow you wish to allow.
+
+Outbound rules follow the same precedence behaviors. 
 
 > [!NOTE]
 > Windows Firewall doesn't support weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors as described.