Merge branch 'do_docs' of https://github.com/cmknox/windows-docs-pr into do_docs

2025-06-15 18:33:43 +00:00 · 2024-06-10 14:37:31 -06:00
parent 2c6abfd77d 68a58b0060
commit 8ce7dc2550
116 changed files with 304 additions and 345 deletions
--- a/education/windows/configure-aad-google-trust.md
+++ b/education/windows/configure-aad-google-trust.md
@ -18,7 +18,7 @@ To configure Google Workspace as an IdP for Microsoft Entra ID, the following pr
 1. A Microsoft Entra tenant, with one or multiple custom DNS domains (that is, domains that aren't in the format \**.onmicrosoft.com*)
    - If the federated domain hasn't yet been added to Microsoft Entra ID, you must have access to the DNS domain to create a DNS record. This is required to verify the ownership of the DNS namespace
    - Learn how to [Add your custom domain name using the Microsoft Entra admin center](/azure/active-directory/fundamentals/add-custom-domain)
-1. Access to Microsoft Entra ID with an account with the *Global Administrator* role
+1. Access to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [External Identity Provider Administrator](/entra/identity/role-based-access-control/permissions-reference#external-identity-provider-administrator)
 1. Access to Google Workspace with an account with *super admin* privileges

 To test federation, the following prerequisites must be met:
@ -56,7 +56,7 @@ To test federation, the following prerequisites must be met:
    |Basic Information: Primary Email|App attributes: IDPEmail|

    > [!IMPORTANT]
-    > You must ensure that your the Microsoft Entra user accounts email match those in your Google Workspace.
+    > You must ensure that your Microsoft Entra user account's email matches that in your Google Workspace.

 1. Select **Finish**

@ -73,7 +73,7 @@ Now that the app is configured, you must enable it for the users in Google Works
 ## Configure Microsoft Entra ID as a Service Provider (SP) for Google Workspace

 The configuration of Microsoft Entra ID consists of changing the authentication method for the custom DNS domains. This configuration can be done using PowerShell.\
-Using the **IdP metadata** XML file downloaded from Google Workspace, modify the *$DomainName* variable of the following script to match your environment, and then run it in a PowerShell session. When prompted to authenticate to Microsoft Entra ID, use the credentials of an account with the *Global Administrator* role.
+Using the **IdP metadata** XML file downloaded from Google Workspace, modify the *$DomainName* variable of the following script to match your environment, and then run it in a PowerShell session. When prompted to authenticate to Microsoft Entra ID, sign in as at least a [External Identity Provider Administrator](/entra/identity/role-based-access-control/permissions-reference#external-identity-provider-administrator)

 ```powershell
 Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@ -110,7 +110,7 @@ A package expiration date is also attached to the end of each package. For examp

 After you select **Next**, you can no longer change the name in the app. To create a package with a different name, reopen the Set up School PCs app.

-To change an existing package's name, right-click the package folder on your device and select **Rename**. This action doesn't change the name in Microsoft Entra ID. If you have Global Admin permissions, you can go to Microsoft Entra ID in the Azure portal, and rename the package there.  
+To change an existing package's name, right-click the package folder on your device and select **Rename**. This action doesn't change the name in Microsoft Entra ID. You can access to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](/entra/identity/role-based-access-control/permissions-reference#user-administrator), and rename the package there.

 ### Sign in

--- a/store-for-business/prerequisites-microsoft-store-for-business.md
+++ b/store-for-business/prerequisites-microsoft-store-for-business.md
@ -65,11 +65,10 @@ If your organization restricts computers on your network from connecting to the
 - `account.live.com`
 - `clientconfig.passport.net`
 - `windowsphone.com`
- `\*.wns.windows.com`
- `\*.microsoft.com`
- `\*.s-microsoft.com`
+- `*.wns.windows.com`
+- `*.microsoft.com`
+- `*.s-microsoft.com`
 - `www.msftncsi.com` (prior to Windows 10, version 1607)
- `www.msftconnecttest.com/connecttest.txt` (replaces `www.msftncsi.com`
-  starting with Windows 10, version 1607)
+- `www.msftconnecttest.com/connecttest.txt` (replaces `www.msftncsi.com` starting with Windows 10, version 1607)
 
 Store for Business requires Microsoft Windows HTTP Services (WinHTTP) to install, or update apps.
--- a/windows/client-management/client-tools/quick-assist.md
+++ b/windows/client-management/client-tools/quick-assist.md
@ -20,7 +20,7 @@ Quick Assist is an application that enables a person to share their [Windows](#i

 ## Before you begin

-All that's required to use Quick Assist is suitable network and internet connectivity. No roles, permissions, or policies are involved. Neither party needs to be in a domain. The helper must have a Microsoft account. The sharer doesn't have to authenticate.
+All you need to use Quick Assist is suitable network and internet connectivity. No roles, permissions, or policies are involved. Neither party needs to be in a domain. The helper must have a Microsoft account. The sharer doesn't have to authenticate.

 ### Authentication

@ -99,29 +99,13 @@ In some scenarios, the helper does require the sharer to respond to application
 ### Install Quick Assist from the Microsoft Store

 1. Download the new version of Quick Assist by visiting the [Microsoft Store](https://apps.microsoft.com/store/detail/quick-assist/9P7BP5VNWKX5).
-1. In the Microsoft Store, select **Get in Store app**. Then, give permission to install Quick Assist. When the installation is complete, **Get** changes to **Open**.</br> :::image type="content" source="images/quick-assist-get.png" lightbox="images/quick-assist-get.png" alt-text="Microsoft Store window showing the Quick Assist app with a button labeled get in the bottom right corner.":::
+1. In the Microsoft Store, select **View in store**, then install Quick Assist. When the installation is complete, **Install** changes to **Open**.

 For more information, visit [Install Quick Assist](https://support.microsoft.com/windows/install-quick-assist-c17479b7-a49d-4d12-938c-dbfb97c88bca).

 ### Install Quick Assist with Intune

-Before installing Quick Assist, you need to set up synchronization between Intune and Microsoft Store for Business. If you've already set up sync, log into [Microsoft Store for Business](https://businessstore.microsoft.com) and skip to step 5.
-
-1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Tenant administration** / **Connectors and tokens** / **Microsoft Store for Business** and verify that **Microsoft Store for Business sync** is set to **Enable**.
-1. Using your Global Admin account, log into [Microsoft Store for Business](https://businessstore.microsoft.com).
-1. Select **Manage** / **Settings** and enable **Show offline apps**.
-1. Choose the **Distribute** tab and verify that **Microsoft Intune** is **Active**. You might need to use the **+Add management tool** link if it's not.
-1. Search for **Quick Assist** and select it from the Search results.
-1. Choose the **Offline** license and select **Get the app**
-1. In the Intune admin center, choose **Sync**.
-1. Navigate to **Apps** / **Windows** and you should see **Quick Assist (Offline)** in the list.
-1. Select it to view its properties.
-1. By default, the app isn't assigned to any user or device, select the **Edit** link. Assign the app to the required group of devices and choose **Review + save** to complete the application install.
-
-> [!NOTE]
-> Assigning the app to a device or group of devices instead of a user is important because it's the only way to install a store app in device context.
-
-Visit [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-windows) for more information.
+To deploy Quick Assist with Intune, see [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-microsoft).

 ### Install Quick Assist Offline

@ -129,7 +113,7 @@ To install Quick Assist offline, you need to download your APPXBUNDLE and unenco

 1. Start **Windows PowerShell** with Administrative privileges
 1. In PowerShell, change the directory to the location where you saved the file in step 1: `cd <location of package file>`
-1. Run the following command to install Quick Assist: `Add-AppxProvisionedPackage -Online -PackagePath "MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe.AppxBundle" -LicensePath "MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe_4bc27046-84c5-8679-dcc7-d44c77a47dd0.xml"`
+1. To install Quick Assist, run the following command: `Add-AppxProvisionedPackage -Online -PackagePath "MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe.AppxBundle" -LicensePath "MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe_4bc27046-84c5-8679-dcc7-d44c77a47dd0.xml"`
 1. After Quick Assist is installed, run this command to confirm that Quick Assist is installed for the user: `Get-AppxPackage *QuickAssist* -AllUsers`

 ### Microsoft Edge WebView2
--- a/windows/client-management/wmi-providers-supported-in-windows.md
+++ b/windows/client-management/wmi-providers-supported-in-windows.md
@ -76,7 +76,7 @@ For links to these classes, see [**MDM Bridge WMI Provider**](/windows/win32/dmw
 | [**MDM_WirelesssProfileXML**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wirelessprofilexml)        | Yes                          |
 | [**MDM_WNSChannel**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wnschannel)                         | Yes                          |
 | [**MDM_WNSConfiguration**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wnsconfiguration)             | Yes                          |
-| [**MSFT_NetFirewallProfile**](/previous-versions/windows/desktop/wfascimprov/msft-netfirewallprofile)           | Yes                          |
+| [**MSFT_NetFirewallProfile**](/windows/win32/fwp/wmi/wfascimprov/msft-netfirewallprofile)                       | Yes                          |
 | [**MSFT_VpnConnection**](/previous-versions/windows/desktop/vpnclientpsprov/msft-vpnconnection)                 | Yes                          |
 | [**SoftwareLicensingProduct**](/previous-versions/windows/desktop/sppwmi/softwarelicensingproduct)              |                              |
 | [**SoftwareLicensingService**](/previous-versions/windows/desktop/sppwmi/softwarelicensingservice)              |                              |
--- a/windows/configuration/assigned-access/xsd.md
+++ b/windows/configuration/assigned-access/xsd.md
@ -259,7 +259,7 @@ Here's the Assigned Access XSD for the features added in Windows 11, version 21H

 ## Windows 10, version 1909 additions

-Here's the Assigned Access XSD for the features added in Windows 10, version 1909:
+Here are the Assigned Access XSDs for the features added in Windows 10, version 1909:

 ```xml
 <xs:schema
@ -292,6 +292,33 @@ Here's the Assigned Access XSD for the features added in Windows 10, version 190
 </xs:schema>
 ```

+```xml
+<xs:schema
+    elementFormDefault="qualified"
+    xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns:vc="http://www.w3.org/2007/XMLSchema-versioning"
+    vc:minVersion="1.1"
+    xmlns="http://schemas.microsoft.com/AssignedAccess/202010/config"
+    xmlns:default="http://schemas.microsoft.com/AssignedAccess/202010/config"
+    targetNamespace="http://schemas.microsoft.com/AssignedAccess/202010/config"
+    >
+
+    <xs:complexType name="deviceOwnerGroup_t">
+        <xs:attribute name="Name" type="xs:string" fixed="DeviceOwner" />
+    </xs:complexType>
+
+    <xs:complexType name="exclusion_t">
+            <xs:sequence minOccurs="1" maxOccurs="1">
+                <xs:choice>
+                   <xs:element name="SpecialGroup" type="deviceOwnerGroup_t" minOccurs="1" maxOccurs="1" />
+                </xs:choice>
+            </xs:sequence>
+    </xs:complexType>
+
+    <xs:element name="Exclusions" type="exclusion_t" />
+</xs:schema>
+```
+
 ## Windows 10, version 1809 additions

 Here's the Assigned Access XSD for the features added in Windows 10, version 1809:
--- a/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md
@ -1,7 +1,7 @@
 ---
 title: Diagnose Provisioning Packages
 description: Diagnose general failures in provisioning.
-ms.topic: article
+ms.topic: troubleshooting
 ms.date: 01/18/2023
 ---

--- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@ -1,7 +1,7 @@
 ---
 title: Configuration service providers for IT pros
 description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---

--- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
@ -1,7 +1,7 @@
 ---
 title: Provision PCs with common settings
 description: Create a provisioning package to apply common settings to a PC running Windows 10.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---

--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@ -1,7 +1,7 @@
 ---
 title: Provision PCs with apps
 description: Learn how to install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---

--- a/windows/configuration/provisioning-packages/provisioning-apply-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md
@ -1,7 +1,7 @@
 ---
 title: Apply a provisioning package
 description: Provisioning packages can be applied to a device during initial setup (OOBE) and after (runtime).
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---

--- a/windows/configuration/provisioning-packages/provisioning-command-line.md
+++ b/windows/configuration/provisioning-packages/provisioning-command-line.md
@ -1,13 +1,13 @@
 ---
-title: Windows Configuration Designer command-line interface
-description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command-line interface for Windows10/11 client devices.
-ms.topic: article
+title: Windows Configuration Designer command line interface
+description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command line interface for Windows10/11 client devices.
+ms.topic: how-to
 ms.date: 12/31/2017
 ---

-# Windows Configuration Designer command-line interface (reference)
+# Windows Configuration Designer command line interface (reference)

-You can use the Windows Configuration Designer command-line interface (CLI) to automate the building of provisioning packages.
+You can use the Windows Configuration Designer command line interface (CLI) to automate the building of provisioning packages.

 - IT pros can use the Windows Configuration Designer CLI to require less retooling of existing processes. You must run the Windows Configuration Designer CLI from a command window with administrator privileges.

@ -30,10 +30,10 @@ icd.exe /Build-ProvisioningPackage /CustomizationXML:<path_to_xml> /PackagePath:
 | --- | --- | --- |
 | /CustomizationXML | No | Specifies the path to a Windows provisioning XML file that contains the customization assets and settings. For more information, see Windows provisioning answer file. |
 | /PackagePath | Yes | Specifies the path and the package name where the built provisioning package will be saved. |
-| /StoreFile | No</br></br></br>See Important note. | For partners using a settings store other than the default store(s) used by Windows Configuration Designer, use this parameter to specify the path to one or more comma-separated Windows settings store file. By default, if you don't specify a settings store file, the settings store that's common to all Windows editions will be loaded by Windows Configuration Designer.</br></br></br>**Important**  If you use this parameter, you must not use /MSPackageRoot or /OEMInputXML. |
+| /StoreFile | No</br></br></br>See Important note. | For partners using a settings store other than the default store(s) used by Windows Configuration Designer, use this parameter to specify the path to one or more comma-separated Windows settings store file. By default, if you don't specify a settings store file, the settings store that's common to all Windows editions is loaded by Windows Configuration Designer.</br></br></br>**Important**  If you use this parameter, you must not use /MSPackageRoot or /OEMInputXML. |
 | /Variables | No | Specifies a semicolon separated `<name>` and `<value>` macro pair. The format for the argument must be `<name>=<value>`. |
-| Encrypted | No | Denotes whether the provisioning package should be built with encryption. Windows Configuration Designer autogenerates the decryption password and includes this information in the output.</br></br></br>Precede with `+` for encryption, or `-` for no encryption. The default is no encryption. |
-| Overwrite | No | Denotes whether to overwrite an existing provisioning package.</br></br></br>Precede with + to overwrite an existing package or - if you don't want to overwrite an existing package. The default is false (don't overwrite). |
+| Encrypted | No | Denotes whether the provisioning package should be built with encryption. Windows Configuration Designer autogenerates the decryption password and includes this information in the output. <br></br>Precede with `+` for encryption, or `-` for no encryption. The default is no encryption. |
+| Overwrite | No | Denotes whether to overwrite an existing provisioning package. </br></br>Precede with + to overwrite an existing package or - if you don't want to overwrite an existing package. The default is false (don't overwrite). |
 | /? | No | Lists the switches and their descriptions for the command-line tool or for certain commands. |


--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@ -1,7 +1,7 @@
 ---
 title: Create a provisioning package
 description: Learn how to create a provisioning package for Windows 10/11, which lets you quickly configure a device without having to install a new image.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---

--- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md
+++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
@ -1,7 +1,7 @@
 ---
 title: How provisioning works in Windows 10/11
 description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 12/31/2017
 ---

--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@ -1,7 +1,7 @@
 ---
 title: Install Windows Configuration Designer
 description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11.
-ms.topic: article
+ms.topic: how-to
 ms.reviewer: kevinsheehan
 ms.date: 12/31/2017
 ---
--- a/windows/configuration/provisioning-packages/provisioning-multivariant.md
+++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md
@ -1,7 +1,7 @@
 ---
 title: Create a provisioning package with multivariant settings
 description: Create a provisioning package with multivariant settings to customize the provisioned settings for defined conditions.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---

--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@ -2,7 +2,7 @@
 title: Provisioning packages overview
 description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
 ms.reviewer: kevinsheehan
-ms.topic: article
+ms.topic: conceptual
 ms.date: 12/31/2017
 ---

--- a/windows/configuration/provisioning-packages/provisioning-powershell.md
+++ b/windows/configuration/provisioning-packages/provisioning-powershell.md
@ -1,7 +1,7 @@
 ---
 title: PowerShell cmdlets for provisioning Windows 10/11
 description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices.
-ms.topic: article
+ms.topic: conceptual

 ms.date: 12/31/2017
 ---
--- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
+++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
@ -1,7 +1,7 @@
 ---
 title: Use a script to install a desktop app in provisioning packages
 description: With Windows 10/11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---

--- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
@ -1,7 +1,7 @@
 ---
 title: Uninstall a provisioning package - reverted settings
 description: This article lists the settings that are reverted when you uninstall a provisioning package on Windows 10/11 desktop client devices.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 12/31/2017
 ---

--- a/windows/configuration/start/layout.md
+++ b/windows/configuration/start/layout.md
@ -649,45 +649,3 @@ When you configure the Start layout with policy settings, you overwrite the enti
 [MEM-1]: /mem/intune/configuration/custom-settings-windows-10
 [PS-1]: /powershell/module/startlayout/export-startlayout
 [WIN-1]: /windows/client-management/mdm/policy-csp-start
-
-
-<!--
-## Add image for secondary Microsoft Edge tiles
-
-App tiles are the Start screen tiles that represent and launch an app. A tile that allows a user to go to a specific location in an app is a *secondary tile*. Some examples of secondary tiles include:
-
- Weather updates for a specific city in a weather app
- A summary of upcoming events in a calendar app
- Status and updates from an important contact in a social app
- A website in Microsoft Edge
-
-By using the PowerShell cmdlet `export-StartLayoutEdgeAssets` and the policy setting `ImportEdgeAssets`, the tiles display the same as they did on the device from which you exported the Start layout.
-
-[!INCLUDE [example-secondary-tiles](includes/example-secondary-tiles.md)]
-
-## Export Start layout and assets
-
-1. If you'd like to change the image for a secondary tile to your own custom image, open the layout.xml file, and look for the images that the tile references.
-   - For example, your layout.xml contains `Square150x150LogoUri="ms-appdata:///local/PinnedTiles/21581260870/hires.png" Wide310x150LogoUri="ms-appx:///"`
-
-   - Open `C:\Users\<username>\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\21581260870\` and replace those images with your customized images.
-
-1. In Windows PowerShell, enter the following command:
-
-    ```powershell
-    Export-StartLayoutEdgeAssets assets.xml
-    ```
-
-[!INCLUDE [example-assets](includes/example-assets.md)]
-
-## Configure policy settings
-
-Prepare the Start layout and Edge assets XML files
-
-The `Export-StartLayout` and **export-StartLayoutEdgeAssets** cmdlets produce XML files. Because Windows Configuration Designer produces a customizations.xml file that contains the configuration settings, adding the Start layout and Edge assets sections to the customizations.xml file directly would result in an XML file embedded in an XML file. Before you add the Start layout and Edge assets sections to the customizations.xml file, you must replace the markup characters in your layout.xml with escape characters.
-
-1. Copy the contents of layout.xml into an online tool that escapes characters.
-1. Copy the contents of assets.xml into an online tool that escapes characters.
-1. When you create a provisioning package, you'll copy the text with the escape characters and paste it in the customizations.xml file for your project.
-
-->
--- a/windows/configuration/taskbar/includes/allow-widgets.md
+++ b/windows/configuration/taskbar/includes/allow-widgets.md
@ -15,4 +15,4 @@ This policy specifies whether the widgets feature is allowed on the device.
 |  | Path |
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/Policy/Config/NewsAndInterests/`[AllowNewsAndInterests](/windows/client-management/mdm/policy-csp-newsandinterests#allownewsandinterests) |
-| **GPO** | **Computer Configuration**  > **Administrative Templates** > **Windows Components** > **Widgets** |
+| **GPO** | - **Computer Configuration**  > **Administrative Templates** > **Windows Components** > **Widgets** |
--- a/windows/configuration/taskbar/includes/configure-start-layout.md
+++ b/windows/configuration/taskbar/includes/configure-start-layout.md
@ -13,7 +13,7 @@ This policy setting lets you specify the applications pinned to the taskbar. The

 |  | Path |
 |--|--|
-| **CSP** | - `./Device/Vendor/MSFT/Policy/Config/Start/StartLayout`/[Configure start layout](/windows/client-management/mdm/policy-csp-start#startlayout)<br><br>- `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`/[Configure start layout](/windows/client-management/mdm/policy-csp-start#startlayout) |
-| **GPO** | **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br> **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **CSP** | - `./Device/Vendor/MSFT/Policy/Config/Start/StartLayout`/[Configure start layout](/windows/client-management/mdm/policy-csp-start#startlayout)<br>- `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`/[Configure start layout](/windows/client-management/mdm/policy-csp-start#startlayout) |
+| **GPO** | - **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |

 For more information, see [Customize the taskbar pinned applications](../pinned-apps.md).
--- a/windows/configuration/taskbar/includes/configures-search-on-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/configures-search-on-the-taskbar.md
@ -18,4 +18,4 @@ This policy setting allows you to configure search on the taskbar.
 |  | Path |
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/Policy/Config/Search/`[ConfigureSearchOnTaskbarMode](/windows/client-management/mdm/policy-csp-search#configuresearchontaskbarmode) |
-| **GPO** | **Computer Configuration**  > **Windows Components** > **Search** |
+| **GPO** | - **Computer Configuration**  > **Windows Components** > **Search** |
--- a/windows/configuration/taskbar/includes/disable-editing-quick-settings.md
+++ b/windows/configuration/taskbar/includes/disable-editing-quick-settings.md
@ -13,4 +13,4 @@ ms.topic: include
 |  | Path |
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[DisableEditingQuickSettings](/windows/client-management/mdm/policy-csp-start#disableeditingquicksettings)|
-| **GPO** | **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Disable editing quick settings** |
+| **GPO** | - **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Disable editing quick settings** |
--- a/windows/configuration/taskbar/includes/do-not-allow-pinning-items-in-jump-lists.md
+++ b/windows/configuration/taskbar/includes/do-not-allow-pinning-items-in-jump-lists.md
@ -15,4 +15,4 @@ With this policy setting you control the pinning of items in Jump Lists.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/do-not-allow-pinning-programs-to-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/do-not-allow-pinning-programs-to-the-taskbar.md
@ -15,4 +15,4 @@ This policy setting allows you to control pinning programs to the Taskbar.
 |  | Path |
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[NoPinningToTaskbar](/windows/client-management/mdm/policy-csp-start#nopinningtotaskbar) |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/do-not-allow-pinning-store-app-to-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/do-not-allow-pinning-store-app-to-the-taskbar.md
@ -15,4 +15,4 @@ This policy setting allows you to control pinning the Store app to the Taskbar.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/do-not-allow-taskbars-on-more-than-one-display.md
+++ b/windows/configuration/taskbar/includes/do-not-allow-taskbars-on-more-than-one-display.md
@ -12,4 +12,4 @@ This policy setting allows you to prevent taskbars from being displayed on more
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/do-not-display-or-track-items-in-jump-lists-from-remote-locations.md
+++ b/windows/configuration/taskbar/includes/do-not-display-or-track-items-in-jump-lists-from-remote-locations.md
@ -18,4 +18,4 @@ This policy setting allows you to control displaying or tracking items in Jump L
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/hide-recent-jumplists.md
+++ b/windows/configuration/taskbar/includes/hide-recent-jumplists.md
@ -19,5 +19,5 @@ Prevents the operating system and installed programs from creating and displayin

 |  | Path |
 |--|--|
-| **CSP** | - `./Device/Vendor/MSFT/Policy/Config/Start/`[HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists)<br><br>- `./User/Vendor/MSFT/Policy/Config/Start/`[HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists) |
-| **GPO** | **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **don't keep history of recently opened documents**<br><br> **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **don't keep history of recently opened documents**|
+| **CSP** | - `./Device/Vendor/MSFT/Policy/Config/Start/`[HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists)<br>- `./User/Vendor/MSFT/Policy/Config/Start/`[HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists) |
+| **GPO** | - **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **don't keep history of recently opened documents**<br>- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **don't keep history of recently opened documents**|
--- a/windows/configuration/taskbar/includes/hide-the-notification-area.md
+++ b/windows/configuration/taskbar/includes/hide-the-notification-area.md
@ -12,4 +12,4 @@ This setting affects the notification area (previously called the "system tray")
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/hide-the-taskview-button.md
+++ b/windows/configuration/taskbar/includes/hide-the-taskview-button.md
@ -11,5 +11,5 @@ This policy setting allows you to hide the TaskView button. If you enable this p

 |  | Path |
 |--|--|
-| **CSP** |- `./Device/Vendor/MSFT/Policy/Config/Start/`[HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton) <br><br>- `./User/Vendor/MSFT/Policy/Config/Start/`[HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton) |
-| **GPO** |- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **CSP** |- `./Device/Vendor/MSFT/Policy/Config/Start/`[HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton) <br>- `./User/Vendor/MSFT/Policy/Config/Start/`[HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton) |
+| **GPO** |- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/lock-all-taskbar-settings.md
+++ b/windows/configuration/taskbar/includes/lock-all-taskbar-settings.md
@ -15,4 +15,4 @@ With this policy setting you lock all taskbar settings.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/lock-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/lock-the-taskbar.md
@ -12,4 +12,4 @@ This setting affects the taskbar, which is used to switch between running applic
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/prevent-changes-to-taskbar-and-start-menu-settings.md
+++ b/windows/configuration/taskbar/includes/prevent-changes-to-taskbar-and-start-menu-settings.md
@ -15,4 +15,4 @@ With this policy setting you prevent changes to taskbar and Start settings.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/prevent-grouping-of-taskbar-items.md
+++ b/windows/configuration/taskbar/includes/prevent-grouping-of-taskbar-items.md
@ -15,4 +15,4 @@ Taskbar grouping consolidates similar applications when there's no room on the t
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/prevent-users-from-adding-or-removing-toolbars.md
+++ b/windows/configuration/taskbar/includes/prevent-users-from-adding-or-removing-toolbars.md
@ -15,4 +15,4 @@ With this policy setting you prevent users from adding or removing toolbars.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/prevent-users-from-moving-taskbar-to-another-screen-dock-location.md
+++ b/windows/configuration/taskbar/includes/prevent-users-from-moving-taskbar-to-another-screen-dock-location.md
@ -15,4 +15,4 @@ With this policy setting you prevent users from moving taskbar to another screen
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/prevent-users-from-rearranging-toolbars.md
+++ b/windows/configuration/taskbar/includes/prevent-users-from-rearranging-toolbars.md
@ -15,4 +15,4 @@ With this policy setting you prevent users from rearranging toolbars.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/prevent-users-from-resizing-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/prevent-users-from-resizing-the-taskbar.md
@ -15,4 +15,4 @@ With this policy setting you prevent users from resizing the taskbar.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/remove-access-to-the-context-menus-for-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/remove-access-to-the-context-menus-for-the-taskbar.md
@ -17,4 +17,4 @@ This policy setting doesn't prevent users from using other methods to issue the
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/remove-clock-from-the-system-notification-area.md
+++ b/windows/configuration/taskbar/includes/remove-clock-from-the-system-notification-area.md
@ -13,4 +13,4 @@ ms.topic: include
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/remove-notifications-and-action-center.md
+++ b/windows/configuration/taskbar/includes/remove-notifications-and-action-center.md
@ -17,4 +17,4 @@ The notification area is located at the far right end of the taskbar, and includ
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/remove-pinned-programs-from-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/remove-pinned-programs-from-the-taskbar.md
@ -15,4 +15,4 @@ This policy setting allows you to remove pinned programs from the taskbar.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/remove-quick-settings.md
+++ b/windows/configuration/taskbar/includes/remove-quick-settings.md
@ -17,4 +17,4 @@ If this setting is enabled, Quick Settings isn't displayed in the Quick Settings
 |  | Path |
 |--|--|
 | **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/`[DisableControlCenter](/windows/client-management/mdm/policy-csp-start#disablecontrolcenter) |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/remove-the-battery-meter.md
+++ b/windows/configuration/taskbar/includes/remove-the-battery-meter.md
@ -15,4 +15,4 @@ With this policy setting you can remove the battery meter from the system contro
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/remove-the-meet-now-icon.md
+++ b/windows/configuration/taskbar/includes/remove-the-meet-now-icon.md
@ -15,4 +15,4 @@ With this policy setting allows you can remove the Meet Now icon from the system
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/remove-the-networking-icon.md
+++ b/windows/configuration/taskbar/includes/remove-the-networking-icon.md
@ -15,4 +15,4 @@ With this policy setting you can remove the networking icon from the system cont
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/remove-the-people-bar-from-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/remove-the-people-bar-from-the-taskbar.md
@ -12,4 +12,4 @@ With this policy allows you can remove the People Bar from the taskbar and disab
 |  | Path |
 |--|--|
 | **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/`[HidePeopleBar](/windows/client-management/mdm/policy-csp-start#hidepeoplebar) |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/remove-the-volume-control-icon.md
+++ b/windows/configuration/taskbar/includes/remove-the-volume-control-icon.md
@ -15,4 +15,4 @@ With this policy setting you can remove the volume control icon from the system
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/show-additional-calendar.md
+++ b/windows/configuration/taskbar/includes/show-additional-calendar.md
@ -19,4 +19,4 @@ By default, the calendar is set according to the locale of the operating system,
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/simplify-quick-settings-layout.md
+++ b/windows/configuration/taskbar/includes/simplify-quick-settings-layout.md
@ -13,4 +13,4 @@ ms.topic: include
 |  | Path |
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[SimplifyQuickSettings](/windows/client-management/mdm/policy-csp-start#simplifyquicksettings) |
-| **GPO** | **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/turn-off-automatic-promotion-of-notification-icons-to-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/turn-off-automatic-promotion-of-notification-icons-to-the-taskbar.md
@ -15,4 +15,4 @@ With this policy setting you can turn off automatic promotion of notification ic
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/includes/turn-off-notification-area-cleanup.md
+++ b/windows/configuration/taskbar/includes/turn-off-notification-area-cleanup.md
@ -18,4 +18,4 @@ This setting determines whether the items are always expanded or always collapse
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
--- a/windows/configuration/taskbar/pinned-apps.md
+++ b/windows/configuration/taskbar/pinned-apps.md
@ -231,3 +231,7 @@ If you apply the taskbar configuration to a clean install or an update, users ca
 Learn more about the options available to configure Start menu settings using the Configuration Service Provider (CSP) and Group Policy (GPO):

 - [Taskbar policy settings](policy-settings.md)
+
+---
+[WIN-1]: /windows/client-management/mdm/policy-csp-start
+[MEM-1]: /mem/intune/configuration/custom-settings-windows-10
--- a/windows/deployment/do/waas-delivery-optimization-faq.yml
+++ b/windows/deployment/do/waas-delivery-optimization-faq.yml
@ -77,11 +77,12 @@ sections:
    questions:
      - question: Which ports does Delivery Optimization use?
        answer: | 
-          Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service registers and opens this port on the device. The port must be set to accept inbound traffic through your firewall. If you don't allow inbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data).
+          Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service registers and opens this port on the device. The port must be set to accept inbound and outbound TCP traffic through your firewall. If you don't allow traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download updates by using HTTP over port 80 (or HTTPS over port 443 where applicable).

-          Delivery Optimization uses Teredo to create peer groups, which include devices across NATs (or any form of internal subnet that uses gateways or firewalls between subnets). To enable this scenario, you must allow inbound TCP/IP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
+          If you set the "Download Mode" policy to "Group (2)" or "Internet (3)", Teredo will be used by Delivery Optimization to connect to peer devices across NATs. You must allow inbound and outbound UDP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
+
+          Delivery Optimization also communicates with its cloud service by using HTTPS over port 443.
          
-          Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80.
      - question: What are the requirements if I use a proxy?
        answer: |
          For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](../do/delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](/windows/deployment/update/windows-update-troubleshooting).
--- a/windows/deployment/do/waas-delivery-optimization-reference.md
+++ b/windows/deployment/do/waas-delivery-optimization-reference.md
@ -96,7 +96,7 @@ More options available that control the impact Delivery Optimization has on your

 #### Policies to prioritize the use of peer-to-peer and cache server sources

-When Delivery Optimization client is configured to use peers and Microsoft Connected Cache (MCC), to achieve the best possible content delivery experience, the client connects to both MCC and peers in parallel. If the desired content can't be obtained from MCC or peers, Delivery Optimization will automatically fallback to the HTTP source to get the requested content. There are four settings that allow you to prioritize peer-to-peer or MCC sources by delaying the immediate fallback to HTTP source, which is the default behavior.
+When Delivery Optimization client is configured to use peers and Microsoft Connected Cache (MCC), to achieve the best possible content delivery experience, the client connects to both MCC and peers in parallel. If the desired content can't be obtained from MCC or peers, Delivery Optimization will automatically fall back to the HTTP source to get the requested content. There are four settings that allow you to prioritize peer-to-peer or MCC sources by delaying the immediate fallback to HTTP source, which is the default behavior.

 ##### Peer-to-peer delay fallback settings

--- a/windows/deployment/update/check-release-health.md
+++ b/windows/deployment/update/check-release-health.md
@ -13,7 +13,7 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 04/04/2024
+ms.date: 06/04/2024
 ---

 # How to check Windows release health
@ -33,7 +33,7 @@ Ensure the following prerequisites are met to display the Windows release health
   - Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)

 - Sign into the Microsoft 365 admin center using an [admin role](/microsoft-365/admin/add-users/about-admin-roles).
-   - Most roles containing the word `administrator` give you access to the Windows release health page such as [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator), [Helpdesk Administrator](/azure/active-directory/roles/permissions-reference#helpdesk-administrator), and [Service Support Administrator](/azure/active-directory/roles/permissions-reference#service-support-administrator). For more information, see [Assign admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/assign-admin-roles).
+   - Most roles containing the word `administrator` give you access to the Windows release health page such as [Helpdesk Administrator](/azure/active-directory/roles/permissions-reference#helpdesk-administrator) and [Service Support Administrator](/azure/active-directory/roles/permissions-reference#service-support-administrator). For more information, see [Assign admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/assign-admin-roles).

 > [!NOTE]
 > Currently, Windows release health is available for Government Community Cloud (GCC) tenants, but isn't available for GCC High and DoD. <!--8337541-->
--- a/windows/deployment/update/includes/wufb-deployment-limitations.md
+++ b/windows/deployment/update/includes/wufb-deployment-limitations.md
@ -10,4 +10,6 @@ ms.localizationpriority: medium
 ---
 <!--This file is shared by deployment-service-overview.md and the deployment-service-prerequisites.md articles. Headings may be driven by article context. 7512398 -->

-Windows Update for Business deployment service is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Windows Update for Business deployment service doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Windows Update for Business deployment service is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.
+Windows Update for Business deployment service is a Windows service hosted in Azure Commercial that uses Windows diagnostic data. While customers with GCC tenants may choose to use it, the Windows Update for Business deployment service is outside the [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) boundary. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home).
+
+Windows Update for Business deployment service isn't available in Azure Government for [Office 365 GCC High and DoD](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc-high-and-dod) tenants.
--- a/windows/deployment/update/includes/wufb-reports-admin-center-permissions.md
+++ b/windows/deployment/update/includes/wufb-reports-admin-center-permissions.md
@ -19,7 +19,6 @@ Accessing Windows Update for Business reports typcially requires permissions fro

 To [enroll](../wufb-reports-enable.md#bkmk_enroll) into Windows Update for Business reports from the [Azure portal](https://portal.azure.com) or the [Microsoft 365 admin center](https://admin.microsoft.com) requires one of the following roles:

- [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator) Microsoft Entra role
 - [Intune Administrator](/azure/active-directory/roles/permissions-reference#intune-administrator) Microsoft Entra role
 - [Windows Update deployment administrator](/azure/active-directory/roles/permissions-reference#windows-update-deployment-administrator) Microsoft Entra role
 - [Policy and profile manager](/mem/intune/fundamentals/role-based-access-control#built-in-roles) Microsoft Intune role
--- a/windows/deployment/update/release-cycle.md
+++ b/windows/deployment/update/release-cycle.md
@ -11,7 +11,7 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 05/19/2023
+ms.date: 06/04/2024
 ---

 # Update release cycle for Windows clients
@ -56,18 +56,15 @@ Many update management tools, such as [Microsoft Configuration Manager](/mem/con

 ## Optional nonsecurity preview release

-**Optional nonsecurity preview releases** provide IT admins an opportunity for early validation of that content prior to the **monthly security update release**. Admins can test and validate production-quality releases ahead of the planned monthly security update release for the following month. These updates are optional, cumulative, nonsecurity preview releases. New features might initially be deployed in the prior month's **optional nonsecurity preview release**, then ship in the following **monthly security update release**. These releases are only offered to the most recent, supported versions of Windows.
+**Optional nonsecurity preview releases** provide IT admins an opportunity for early validation of that content prior to the **monthly security update release**. Admins can test and validate production-quality releases ahead of the planned monthly security update release for the following month. These updates are optional, cumulative, nonsecurity preview releases. New features might initially be deployed in the prior month's **optional nonsecurity preview release**, then ship in the following **monthly security update release**. **Optional nonsecurity preview releases** are typically released on the fourth Tuesday of the month at 10:00 AM Pacific Time (PST/PDT). These releases are only offered to the most recent, supported versions of Windows.

 **Optional nonsecurity preview releases** might commonly be referred to as:

- C or D week releases (meaning the third or fourth week of the month)
+- D week releases (meaning the fourth week of the month)
 - Preview updates
 - Preview CU
 - LCU preview

-> [!Important]
-> Starting in April 2023, all **optional nonsecurity preview releases** will be released on the fourth Tuesday of the month. This change in release cadence gives admins a consistent time cycle for testing and validating fixes and features.
-
 To access the optional nonsecurity preview release:
 - Navigate to **Settings** > **Update & Security** > **Windows Update** and select **Check for updates**. 
 - Use [Windows Insider Program for Business](https://insider.windows.com/for-business)
--- a/windows/deployment/update/update-other-microsoft-products.md
+++ b/windows/deployment/update/update-other-microsoft-products.md
@ -11,7 +11,7 @@ manager: aaroncz
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
-ms.date: 03/14/2024
+ms.date: 06/07/2024
 ---

 # Update other Microsoft products
@ -44,6 +44,7 @@ The following is a list of other Microsoft products that might be updated:
 - Microsoft Advanced Threat Analytics
 - Microsoft Application Virtualization
 - Microsoft Azure StorSimple
+- Microsoft Configuration Manager
 - Microsoft Dynamics CRM
 - Microsoft Information Protection
 - Microsoft Lync Server and Microsoft Lync
@ -59,7 +60,6 @@ The following is a list of other Microsoft products that might be updated:
 - Skype for Business
 - SQL
 - System Center Application Controller
- System Center Configuration Manager
 - System Center Data Protection Manager
 - System Center Operations Manager
 - System Center Orchestrator
--- a/windows/deployment/update/wufb-reports-prerequisites.md
+++ b/windows/deployment/update/wufb-reports-prerequisites.md
@ -11,7 +11,7 @@ manager: aaroncz
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
-ms.date: 05/07/2024
+ms.date: 06/04/2024
 ---

 # Windows Update for Business reports prerequisites
@ -50,9 +50,11 @@ Windows Update for Business reports supports Windows client devices on the follo
 - General Availability Channel
 - Windows Update for Business reports *counts* Windows Insider Preview devices, but doesn't currently provide detailed deployment insights for them.

-### Windows operating system updates
+## Windows operating system updates for client devices

-For [changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data), installing the January 2023 release preview cumulative update, or a later equivalent update, is recommended.
+Installing the February 2023 cumulative update, or a later equivalent update, is required for clients to enroll into Windows Update for Business reports. This update helped enable [changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data), which Windows Update for Business reports relies on. 
+
+For more information about available updates, see [Windows 11 release information](/windows/release-health/windows11-release-information) and [Windows 10 release information](/windows/release-health/release-information). 

 ## Diagnostic data requirements

--- a/windows/deployment/update/wufb-wsus.md
+++ b/windows/deployment/update/wufb-wsus.md
@ -46,7 +46,7 @@ To help you better understand the scan source policy, see the default scan behav
  - On Windows 10: All of your updates will come from WSUS.
  - On Windows 11: All of your updates will still come from WSUS unless you configure the specify scan source policy.

- If you configure a WSUS server and deferral policies: All of your updates will come from Windows Update unless you specify the scan source policy.
+- If you configure a WSUS server and deferral policies on Windows 10: All of your updates will come from Windows Update unless you specify the scan source policy or have disabled dual scan.
 - If you configure a WSUS server and the scan source policy: All of your updates will come from the source chosen in the scan source policy.

 > [!TIP]
--- a/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+++ b/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
@ -6,7 +6,7 @@ author: vinaypamnani-msft
 ms.author: vinpa
 manager: aaroncz
 ms.date: 03/26/2024
-ms.topic: article
+ms.topic: conceptual
 appliesto:
 - ✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>
 - ✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>
--- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
@ -3,7 +3,7 @@ title: Testing and Debugging AppId Tagging Policies
 description: Testing and Debugging AppId Tagging Policies to ensure your policies are deployed successfully.
 ms.localizationpriority: medium
 ms.date: 04/29/2022
-ms.topic: article
+ms.topic: troubleshooting
 ---

 # Testing and Debugging AppId Tagging Policies
@ -19,20 +19,20 @@ After verifying the policy has been deployed, the next step is to verify that th

 1. Download and Install the Windows Debugger

-	[Microsoft's WinDbg Preview application](https://www.microsoft.com/store/productId/9PGJGD53TN86) can be downloaded from the Store and used to verify tags on running processes. 
+    [Microsoft's WinDbg Preview application](https://www.microsoft.com/store/productId/9PGJGD53TN86) can be downloaded from the Store and used to verify tags on running processes.

 2. Get the Process ID (PID) of the process under validation

-	Using Task Manager, or an equivalent process monitoring tool, locate the PID of the process you wish to inspect. In the example below, we've located the PID for the running process for Microsoft Edge to be 2260. The PID will be used in the next step. 
+    Using Task Manager, or an equivalent process monitoring tool, locate the PID of the process you wish to inspect. In the example below, we've located the PID for the running process for Microsoft Edge to be 2260. The PID will be used in the next step.

-	![Using Task Manager to locate the process ID - PID.](../images/appid-pid-task-mgr.png)
+    ![Using Task Manager to locate the process ID - PID.](../images/appid-pid-task-mgr.png)

 3. Use WinDbg to inspect the process

-	After opening WinDbg. select File followed by `Attach to Process`, and select the process with the PID identified in the step prior. Finally, select `Attach` to connect to the process. 
+    After opening WinDbg. select File followed by `Attach to Process`, and select the process with the PID identified in the step prior. Finally, select `Attach` to connect to the process.

-	![Attach to the process using WinDbg.](../images/appid-pid-windbg.png)
+    ![Attach to the process using WinDbg.](../images/appid-pid-windbg.png)

-	Lastly, in the textbox, type `!token` and then press the Enter key to dump the security attributes on the process, including the _POLICYAPPID://_ followed by the key you set in the policy, and its corresponding value in the Value[0] field.
+    Lastly, in the textbox, type `!token` and then press the Enter key to dump the security attributes on the process, including the _POLICYAPPID://_ followed by the key you set in the policy, and its corresponding value in the Value[0] field.

-	![Dump the security attributes on the process using WinDbg.](../images/appid-pid-windbg-token.png)
+    ![Dump the security attributes on the process using WinDbg.](../images/appid-pid-windbg-token.png)
--- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
@ -3,7 +3,7 @@ title: Deploying Windows Defender Application Control AppId tagging policies
 description: How to deploy your WDAC AppId tagging policies locally and globally within your managed environment.
 ms.localizationpriority: medium
 ms.date: 04/29/2022
-ms.topic: article
+ms.topic: conceptual
 ---

 # Deploying Windows Defender Application Control AppId tagging policies
--- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
@ -3,7 +3,7 @@ title: Create your Windows Defender Application Control AppId Tagging Policies
 description: Create your Windows Defender Application Control AppId tagging policies for Windows devices.
 ms.localizationpriority: medium
 ms.date: 04/29/2022
-ms.topic: article
+ms.topic: conceptual
 ---

 # Creating your WDAC AppId Tagging Policies
--- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md
@ -1,9 +1,9 @@
 ---
-title: Designing, creating, managing and troubleshooting Windows Defender Application Control AppId Tagging policies
-description: How to design, create, manage and troubleshoot your WDAC AppId Tagging policies
+title: Designing, creating, managing, and troubleshooting Windows Defender Application Control AppId Tagging policies
+description: How to design, create, manage, and troubleshoot your WDAC AppId Tagging policies
 ms.localizationpriority: medium
 ms.date: 04/27/2022
-ms.topic: article
+ms.topic: conceptual
 ---

 # WDAC Application ID (AppId) Tagging guide
@ -13,14 +13,14 @@ ms.topic: article

 ## AppId Tagging Feature Overview

-The Application ID (AppId) Tagging Policy feature, while based off Windows Defender Application Control (WDAC), does not control whether applications will run. AppId Tagging policies can be used to mark the processes of the running application with a customizable tag defined in the policy. Application processes that pass the AppId policy will receive the tag while failing applications won't. 
+The Application ID (AppId) Tagging Policy feature, while based off Windows Defender Application Control (WDAC), doesn't control whether applications run. AppId Tagging policies can be used to mark the processes of the running application with a customizable tag defined in the policy. Application processes that pass the AppId policy receive the tag while failing applications don't.

 ## AppId Tagging Feature Availability

 The WDAC AppId Tagging feature is available on the following versions of the Windows platform:

 Client:
- Windows 10 20H1, 20H2 and 21H1 versions only
+- Windows 10 20H1, 20H2, and 21H1 versions only
 - Windows 11

 Server:
@ -28,8 +28,8 @@ Server:

 ## In this section

-| Topic | Description |
+| article | Description |
 | - | - |
-| [Designing and Creating AppId Policies](design-create-appid-tagging-policies.md) | This topic covers how to design and create AppId Tagging policies. |
-| [Deploying AppId Policies](deploy-appid-tagging-policies.md) | This topic covers how to deploy AppId Tagging policies. |
-| [Debugging AppId Policies](debugging-operational-guide-appid-tagging-policies.md) | This topic covers how to debug and view events from AppId Tagging policies. |
+| [Designing and Creating AppId Policies](design-create-appid-tagging-policies.md) | This article covers how to design and create AppId Tagging policies. |
+| [Deploying AppId Policies](deploy-appid-tagging-policies.md) | This article covers how to deploy AppId Tagging policies. |
+| [Debugging AppId Policies](debugging-operational-guide-appid-tagging-policies.md) | This article covers how to debug and view events from AppId Tagging policies. |
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/rule-collection-extensions.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/rule-collection-extensions.md
@ -6,7 +6,7 @@ ms.collection:
 - must-keep
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 12/23/2023
+ms.date: 06/07/2024
 ---

 # AppLocker rule collection extensions
@ -35,4 +35,4 @@ To apply AppLocker policy to nonuser processes, set ``<Services EnforcementMode=

 ## System apps

-When using AppLocker to control nonuser processes, your policy must allow all Windows system code or your device night behave unexpectedly. To automatically allow all system code that is part of Windows, set ``<SystemApps Allow="Enabled"/>`` in the ``<RedstoneExtensions>`` section as shown in the preceding XML fragment.
+When using AppLocker to control nonuser processes, your policy must allow all Windows system code or your device might behave unexpectedly. To automatically allow all system code that is part of Windows, set ``<SystemApps Allow="Enabled"/>`` in the ``<RedstoneExtensions>`` section as shown in the preceding XML fragment.
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md
@ -3,7 +3,7 @@ title: Use audit events to create WDAC policy rules
 description: Audits allow admins to discover apps, binaries, and scripts that should be added to the WDAC policy.
 ms.localizationpriority: medium
 ms.date: 05/03/2018
-ms.topic: article
+ms.topic: conceptual
 ---

 # Use audit events to create WDAC policy rules
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md
@ -3,7 +3,7 @@ title: Deploy WDAC policies via Group Policy
 description: Windows Defender Application Control (WDAC) policies can easily be deployed and managed with Group Policy. Learn how by following this step-by-step guide.
 ms.localizationpriority: medium
 ms.date: 01/23/2023
-ms.topic: article
+ms.topic: how-to
 ---

 # Deploy Windows Defender Application Control policies by using Group Policy
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
@ -3,7 +3,7 @@ title: Deploy Windows Defender Application Control (WDAC) policies using script
 description: Use scripts to deploy Windows Defender Application Control (WDAC) policies. Learn how with this step-by-step guide.
 ms.manager: jsuther
 ms.date: 01/23/2023
-ms.topic: article
+ms.topic: how-to
 ms.localizationpriority: medium
 ---

--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md
@ -3,7 +3,7 @@ title: Remove Windows Defender Application Control policies
 description: Learn how to disable both signed and unsigned Windows Defender Application Control policies, within Windows and within the BIOS.
 ms.localizationpriority: medium
 ms.date: 11/04/2022
-ms.topic: article
+ms.topic: how-to
 ---

 # Remove Windows Defender Application Control (WDAC) policies
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md
@ -3,7 +3,7 @@ title: Enforce Windows Defender Application Control (WDAC) policies
 description: Learn how to switch a WDAC policy from audit to enforced mode.
 ms.manager: jsuther
 ms.date: 04/22/2021
-ms.topic: article
+ms.topic: how-to
 ms.localizationpriority: medium
 ---

--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md
@ -3,7 +3,7 @@ title: Merge Windows Defender Application Control policies (WDAC)
 description: Learn how to merge WDAC policies as part of your policy lifecycle management.
 ms.manager: jsuther
 ms.date: 04/22/2021
-ms.topic: article
+ms.topic: how-to
 ms.localizationpriority: medium
 ---

--- a/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md
@ -3,7 +3,7 @@ title: Allow COM object registration in a WDAC policy
 description: You can allow COM object registration in a Windows Defender Application Control policy.
 ms.localizationpriority: medium
 ms.date: 04/05/2023
-ms.topic: article
+ms.topic: how-to
 ---

 # Allow COM object registration in a Windows Defender Application Control policy
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md
@ -3,7 +3,7 @@ title: Policy creation for common WDAC usage scenarios
 description: Develop a plan for deploying Windows Defender Application Control (WDAC) in your organization based on these common scenarios.
 ms.localizationpriority: medium
 ms.date: 04/05/2023
-ms.topic: article
+ms.topic: conceptual
 ---

 # Windows Defender Application Control deployment in different scenarios: types of devices
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md
@ -3,7 +3,7 @@ title: Allow apps deployed with a WDAC managed installer
 description: Explains how to configure a custom Managed Installer.
 ms.localizationpriority: medium
 ms.date: 02/02/2023
-ms.topic: article
+ms.topic: how-to
 ---

 # Automatically allow apps deployed by a managed installer with Windows Defender Application Control
@ -147,7 +147,7 @@ The AppLocker policy creation UI in GPO Editor and the AppLocker PowerShell cmdl
        </RuleCollectionExtensions>
      </RuleCollection>
      <RuleCollection Type="ManagedInstaller" EnforcementMode="AuditOnly">
-        <FilePublisherRule Id="55932f09-04b8-44ec-8e2d-3fc736500c56" Name="MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE version 1.39.200.2 or greater in MICROSOFT® INTUNE™ from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
+        <FilePublisherRule Id="55932f09-04b8-44ec-8e2d-3fc736500c56" Name="MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE version 1.39.200.2 or greater in MICROSOFT&reg; INTUNE&trade; from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
          <Conditions>
              <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="*" BinaryName="MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE">
                <BinaryVersionRange LowSection="1.39.200.2" HighSection="*" />
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md
@ -3,7 +3,7 @@ title: Create WDAC Deny Policy
 description: Explains how to create WDAC deny policies
 ms.localizationpriority: medium
 ms.date: 12/31/2017
-ms.topic: article
+ms.topic: how-to
 ---

 # Guidance on Creating WDAC Deny Policies
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md
@ -3,7 +3,7 @@ title: Create a WDAC policy using a reference computer
 description: To create a Windows Defender Application Control (WDAC) policy that allows all code installed on a reference computer within your organization, follow this guide.
 ms.localizationpriority: medium
 ms.date: 08/08/2022
-ms.topic: article
+ms.topic: how-to
 ---

 # Create a WDAC policy using a reference computer
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md
@ -3,7 +3,7 @@ title: Use multiple Windows Defender Application Control Policies
 description: Windows Defender Application Control supports multiple code integrity policies for one device.
 ms.localizationpriority: medium
 ms.date: 04/15/2024
-ms.topic: article
+ms.topic: how-to
 ---

 # Use multiple Windows Defender Application Control Policies
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md
@ -3,7 +3,7 @@ title: Manage packaged apps with WDAC
 description: Packaged apps, also known as Universal Windows apps, allow you to control the entire app by using a single Windows Defender Application Control (WDAC) rule.
 ms.localizationpriority: medium
 ms.date: 03/01/2023
-ms.topic: article
+ms.topic: how-to
 ---

 # Manage Packaged Apps with Windows Defender Application Control
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
@ -6,7 +6,7 @@ ms.collection:
 - tier3
 - must-keep
 ms.date: 01/24/2024
-ms.topic: article
+ms.topic: how-to
 ---

 # Microsoft recommended driver block rules
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md
@ -3,7 +3,7 @@ title: Plan for WDAC policy management
 description: Learn about the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control policies.
 ms.localizationpriority: medium
 ms.date: 11/22/2023
-ms.topic: article
+ms.topic: conceptual
 ---

 # Plan for Windows Defender Application Control lifecycle policy management
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md
@ -3,7 +3,7 @@ title: Understand WDAC script enforcement
 description: WDAC script enforcement
 ms.manager: jsuther
 ms.date: 05/26/2023
-ms.topic: article
+ms.topic: conceptual
 ms.localizationpriority: medium
 ---

--- a/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md
@ -3,7 +3,7 @@ title: Understand Windows Defender Application Control (WDAC) policy rules and f
 description: Learn how WDAC policy rules and file rules can control your Windows 10 and Windows 11 computers.
 ms.localizationpriority: medium
 ms.date: 11/22/2023
-ms.topic: article
+ms.topic: conceptual
 ---

 # Understand Windows Defender Application Control (WDAC) policy rules and file rules
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md
@ -3,7 +3,7 @@ title: Understand Windows Defender Application Control policy design decisions
 description: Understand Windows Defender Application Control policy design decisions.
 ms.localizationpriority: medium
 ms.date: 02/08/2018
-ms.topic: article
+ms.topic: conceptual
 ---

 # Understand Windows Defender Application Control policy design decisions
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md
@ -3,7 +3,7 @@ title: Understanding Windows Defender Application Control (WDAC) secure settings
 description: Learn about secure settings in Windows Defender Application Control.
 ms.localizationpriority: medium
 ms.date: 04/05/2023
-ms.topic: article
+ms.topic: conceptual
 ---

 # Understanding WDAC Policy Settings
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md
@ -3,7 +3,7 @@ title: Use a Windows Defender Application Control policy to control specific plu
 description: WDAC policies can be used not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps.
 ms.localizationpriority: medium
 ms.date: 11/02/2022
-ms.topic: article
+ms.topic: how-to
 ---

 # Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md
@ -1,9 +1,9 @@
 ---
 title: Authorize reputable apps with the Intelligent Security Graph (ISG)
-description: Automatically authorize applications that Microsoft’s ISG recognizes as having known good reputation.
+description: Automatically authorize applications that Microsoft's ISG recognizes as having known good reputation.
 ms.localizationpriority: medium
 ms.date: 12/31/2017
-ms.topic: article
+ms.topic: how-to
 ---

 # Authorize reputable apps with the Intelligent Security Graph (ISG)
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md
@ -3,7 +3,7 @@ title: Windows Defender Application Control and .NET
 description: Understand how WDAC and .NET work together and use Dynamic Code Security to verify code loaded by .NET at runtime.
 ms.localizationpriority: medium
 ms.date: 11/22/2023
-ms.topic: article
+ms.topic: conceptual
 ---

 # Windows Defender Application Control (WDAC) and .NET
--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md
@ -3,7 +3,7 @@ title: Understanding Application Control event tags
 description: Learn what different Windows Defender Application Control event tags signify.
 ms.localizationpriority: medium
 ms.date: 05/09/2023
-ms.topic: article
+ms.topic: conceptual
 ---

 # Understanding Application Control event tags
--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md
@ -3,7 +3,7 @@ title: Inbox WDAC policies
 description: This article describes the inbox WDAC policies that may be active on a device.
 ms.manager: jsuther
 ms.date: 03/10/2023
-ms.topic: article
+ms.topic: conceptual
 ms.localizationpriority: medium
 ---

--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md
@ -3,7 +3,7 @@ title: WDAC Admin Tips & Known Issues
 description: WDAC Known Issues
 ms.manager: jsuther
 ms.date: 04/15/2024
-ms.topic: article
+ms.topic: troubleshooting
 ms.localizationpriority: medium
 ---

--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md
@ -3,7 +3,7 @@ title: Query Application Control events with Advanced Hunting
 description: Learn how to query Windows Defender Application Control events across your entire organization by using Advanced Hunting.
 ms.localizationpriority: medium
 ms.date: 03/01/2022
-ms.topic: article
+ms.topic: troubleshooting
 ---

 # Querying Application Control events centrally using Advanced hunting
--- a/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md
@ -3,7 +3,7 @@ title: WDAC and AppLocker Overview
 description: Compare Windows application control technologies.
 ms.localizationpriority: medium
 ms.date: 01/03/2024
-ms.topic: article
+ms.topic: conceptual
 ---

 # Windows Defender Application Control and AppLocker Overview
--- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md
+++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md
@ -1,7 +1,7 @@
 ---
 title: Windows Sandbox architecture
 description: Windows Sandbox architecture
-ms.topic: article
+ms.topic: conceptual
 ms.date: 03/26/2024
 ---

--- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@ -1,7 +1,7 @@
 ---
 title: Windows Sandbox configuration
 description: Windows Sandbox configuration
-ms.topic: article
+ms.topic: how-to
 ms.date: 03/26/2024
 ---

@ -208,7 +208,7 @@ The following config file can be used to easily test the downloaded files inside

 ```xml
 <Configuration>
-  <VGpu>Disable</VGpu>
+  <vGpu>Disable</vGpu>
  <Networking>Disable</Networking>
  <MappedFolders>
    <MappedFolder>
--- a/Show More
+++ b/Show More