diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 5287b5f528..9e89ce6f88 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1868,19 +1868,19 @@ You can turn off Windows Update by setting the following registry entries: This is applicable to Windows 10. -- Set the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Do not connect to any Windows Update Internet locations** to **Enabled** +- Set the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Do not connect to any Windows Update Internet locations** to **Enabled**. -and- -- Set the Group Policy **Computer Configuration** > **Administrative Templates** > **System** > **Internet Communication Management** > **Internet Communication Settings** > **Turn off access to all Windows Update features** to **Enabled** +- Set the Group Policy **Computer Configuration** > **Administrative Templates** > **System** > **Internet Communication Management** > **Internet Communication Settings** > **Turn off access to all Windows Update features** to **Enabled**. -and- -- Set the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Specify intranet Microsoft update service location** to **Enabled** and ensure the settings under **Options** (intranet update service, intranet statistics server, and alternate download server) are set to **" "** +- Set the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Specify intranet Microsoft update service location** to **Enabled** and ensure the settings under **Options** (intranet update service, intranet statistics server, and alternate download server) are set to **" "**. -and- -- Set the Group Policy **User Configuration** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Remove access to use all Windows Update features** to **Enabled** and then set **Configure notifications** to **0 - Do not show any notifications***. +- Set the Group Policy **User Configuration** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Remove access to use all Windows Update features** to **Enabled** and then set **Configure notifications** to **0 - Do not show any notifications**. This is applicable to Windows 11. @@ -1888,7 +1888,7 @@ This is applicable to Windows 11. -and- -- Set the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Manage updates offered from Windows Server Update Service** > **Specify intranet Microsoft update service location** to **Enabled** and ensure the settings under **Options** (intranet update service, intranet statistics server, and alternate download server) are set to **" "** +- Set the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Manage updates offered from Windows Server Update Service** > **Specify intranet Microsoft update service location** to **Enabled** and ensure the settings under **Options** (intranet update service, intranet statistics server, and alternate download server) are set to **" "**. -and- diff --git a/windows/security/book/includes/local-security-authority-protection.md b/windows/security/book/includes/local-security-authority-protection.md index fac74d5553..9e924356bb 100644 --- a/windows/security/book/includes/local-security-authority-protection.md +++ b/windows/security/book/includes/local-security-authority-protection.md @@ -13,7 +13,7 @@ By loading only trusted, signed code, LSA provides significant protection agains [!INCLUDE [new-24h2](new-24h2.md)] -To help keep these credentials safe, LSA protection is enabled by default on all devices (MSA, Microsoft Entra joined, hybrid, and local). For new installs, it is enabled immediately. For upgrades, it is enabled after rebooting after an evaluation period of 10 days. +To help keep these credentials safe, LSA protection is enabled by default on all devices (MSA, Microsoft Entra joined, hybrid, and local). For new installs, it's enabled immediately. For upgrades, it's enabled after rebooting after an evaluation period of five days. Users have the ability to manage the LSA protection state in the Windows Security application under **Device Security** > **Core Isolation** > **Local Security Authority protection**.