Windows 11 Enterprise|Determines whether data persists across different sessions in Microsoft Defender Application Guard.|**Enabled.** This is effective only in managed mode. Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.
**Disabled or not configured.** All user data within Application Guard is reset between sessions.
**NOTE**: If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.
**To reset the container:**
1. Open a command-line program and navigate to `Windows/System32`.
2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.
3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.|
|Turn on Microsoft Defender Application Guard in Managed Mode|Windows 10 Enterprise, 1809 or higher
Windows 11 Enterprise|Determines whether to turn on Application Guard for Microsoft Edge and Microsoft Office.|**Enabled.** Turns on Application Guard for Microsoft Edge and/or Microsoft Office, honoring the network isolation settings, rendering untrusted content in the Application Guard container. Application Guard won't actually be turned on unless the required prerequisites and network isolation settings are already set on the device. Available options:
- Enable Microsoft Defender Application Guard only for Microsoft Edge
- Enable Microsoft Defender Application Guard only for Microsoft Office
- Enable Microsoft Defender Application Guard for both Microsoft Edge and Microsoft Office
**Disabled.** Turns off Application Guard, allowing all apps to run in Microsoft Edge and Microsoft Office.
**Note:** For Windows 10, if you have KB5014666 installed, and for Windows 11, if you have KB5014668 installed, you are no longer required to configure network isolation policy to enable Application Guard for Edge.|
|Allow files to download to host operating system|Windows 10 Enterprise or Pro, 1803 or higher
Windows 11 Enterprise or Pro|Determines whether to save downloaded files to the host operating system from the Microsoft Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Microsoft Defender Application Guard container to the host operating system. This action creates a share between the host and container that also allows for uploads from the host to the Application Guard container.
**Disabled or not configured.** Users aren't able to save downloaded files from Application Guard to the host operating system.| -|Allow hardware-accelerated rendering for Microsoft Defender Application Guard|Windows 10 Enterprise, 1803 or higher
Windows 11 Enterprise|Determines whether Microsoft Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** This is effective only in managed mode. Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.
**Disabled or not configured.** Microsoft Defender Application Guard uses software-based (CPU) rendering and won’t load any third-party graphics drivers or interact with any connected graphics hardware.|
+|Allow hardware-accelerated rendering for Microsoft Defender Application Guard|Windows 10 Enterprise, 1803 or higher
Windows 11 Enterprise|Determines whether Microsoft Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** This is effective only in managed mode. Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.
**Disabled or not configured.** Microsoft Defender Application Guard uses software-based (CPU) rendering and won't load any third-party graphics drivers or interact with any connected graphics hardware.|
|Allow camera and microphone access in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher
Windows 11 Enterprise|Determines whether to allow camera and microphone access inside Microsoft Defender Application Guard.|**Enabled.** This is effective only in managed mode. Applications inside Microsoft Defender Application Guard are able to access the camera and microphone on the user's device. **Important:** Enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.
**Disabled or not configured.** Applications inside Microsoft Defender Application Guard are unable to access the camera and microphone on the user's device.| |Allow Microsoft Defender Application Guard to use Root Certificate Authorities from a user's device|Windows 10 Enterprise or Pro, 1809 or higher
Windows 11 Enterprise or Pro|Determines whether Root Certificates are shared with Microsoft Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Use a comma to separate multiple certificates.
**Disabled or not configured.** Certificates aren't shared with Microsoft Defender Application Guard.| |Allow auditing events in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher
Windows 11 Enterprise|This policy setting allows you to decide whether auditing events can be collected from Microsoft Defender Application Guard.|**Enabled.** This is effective only in managed mode. Application Guard inherits auditing policies from your device and logs system events from the Application Guard container to your host.
**Disabled or not configured.** Event logs aren't collected from your Application Guard container.|
-
## Application Guard support dialog settings
These settings are located at `Administrative Templates\Windows Components\Windows Security\Enterprise Customization`. If an error is encountered, you're presented with a dialog box. By default, this dialog box only contains the error information and a button for you to report it to Microsoft via the feedback hub. However, it's possible to provide additional information in the dialog box.
[Use Group Policy to enable and customize contact information](/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information#use-group-policy-to-enable-and-customize-contact-information).
+
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
index f6a9150ebc..77bc317f54 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
@@ -26,7 +26,7 @@ ms.topic: conceptual
- Windows 10
- Windows 11
-Microsoft Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete.
+Microsoft Defender Application Guard (MDAG) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete.
## What is Application Guard and how does it work?
@@ -34,7 +34,6 @@ For Microsoft Edge, Application Guard helps to isolate enterprise-defined untrus
For Microsoft Office, Application Guard helps prevents untrusted Word, PowerPoint and Excel files from accessing trusted resources. Application Guard opens untrusted files in an isolated Hyper-V-enabled container. The isolated Hyper-V container is separate from the host operating system. This container isolation means that if the untrusted site or file turns out to be malicious, the host device is protected, and the attacker can't get to your enterprise data. For example, this approach makes the isolated container anonymous, so an attacker can't get to your employee's enterprise credentials.
-
### What types of devices should use Application Guard?
@@ -51,6 +50,8 @@ Application Guard has been created to target several types of devices:
[!INCLUDE [microsoft-defender-application-guard-mdag-for-edge-standalone-mode](../../../../includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md)]
+For more information about Microsoft Defender Application Guard (MDAG) for Edge enterprise mode, [Configure Microsoft Defender Application Guard policy settings.](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)
+
## Related articles
|Article |Description |
@@ -63,3 +64,4 @@ Application Guard has been created to target several types of devices:
| [Microsoft Defender Application Guard for Microsoft Office](/microsoft-365/security/office-365-security/install-app-guard) | Describes Application Guard for Microsoft Office, including minimum hardware requirements, configuration, and a troubleshooting guide |
|[Frequently asked questions - Microsoft Defender Application Guard](faq-md-app-guard.yml)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.|
|[Use a network boundary to add trusted sites on Windows devices in Microsoft Intune](/mem/intune/configuration/network-boundary-windows)|Network boundary, a feature that helps you protect your environment from sites that aren't trusted by your organization.|
+
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
index 7ca1ed702c..aebf090b15 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
@@ -19,12 +19,15 @@ ms.topic: conceptual
Starting in Windows 11, version 22H2, Enhanced Phishing Protection in Microsoft Defender SmartScreen helps protect Microsoft school or work passwords against phishing and unsafe usage on sites and apps.
-Enhanced Phishing Protection works alongside Windows security protections, and helps protect typed work or school passwords used to sign into Windows 11 in these ways:
+If a user signs into Windows using a password, Enhanced Phishing Protection works alongside Windows security protections, and helps protect typed work or school password used to sign into Windows 11 in these ways:
- If users type their work or school password on any Chromium browser, into a site deemed malicious by Microsoft Defender SmartScreen, Enhanced Phishing Protection alerts them. It also prompts them to change their password so attackers can't gain access to their account.
- Reusing work or school passwords makes it easy for attackers who compromise a user's password to gain access to their other accounts. Enhanced Phishing Protection can warn users if they reuse their work or school Microsoft account password on sites and apps and prompt them to change their password.
- Since it's unsafe to store plaintext passwords in text editors, Enhanced Phishing Protection can warn users if they store their work or school password in Notepad, Word, or any Microsoft 365 Office app, and recommends they delete their password from the file.
+> [!NOTE]
+> When a user signs-in to a device using a Windows Hello for Business PIN or biometric, Enhanced Phishing Protection does not alert the user or send events to Microsoft Defender for Endpoint.
+
## Benefits of Enhanced Phishing Protection in Microsoft Defender SmartScreen
Enhanced Phishing Protection provides robust phishing protections for work or school passwords that are used to sign into Windows 11. The benefits of Enhanced Phishing Protection are:
@@ -70,7 +73,7 @@ Enhanced Phishing Protection can be configured using the following Administrativ
#### [:::image type="icon" source="images/icons/windows-os.svg"::: **CSP**](#tab/csp)
Enhanced Phishing Protection can be configured using the [WebThreatDefense CSP][WIN-1].
-
+
| Setting | OMA-URI | Data type |
|-------------------------|---------------------------------------------------------------------------|-----------|
| **ServiceEnabled** | `./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/ServiceEnabled` | Integer |
@@ -87,7 +90,7 @@ By default, Enhanced Phishing Protection is deployed in audit mode, preventing n
To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen settings.
#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
-
+
|Settings catalog element|Recommendation|
|---------|---------|
|Service Enabled|**Enable**: Turns on Enhanced Phishing Protection in audit mode, which captures work or school password entry events and sends diagnostic data but doesn't show any notifications to your users.|
@@ -118,11 +121,10 @@ To better help you protect your organization, we recommend turning on and using
## Related articles
- [SmartScreen Frequently Asked Questions](https://fb.smartscreen.microsoft.com/smartscreenfaq.aspx)
+- [WebThreatDefense CSP][WIN-1]
- [Threat protection](../index.md)
-- [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference)
-------------
+
[WIN-1]: /windows/client-management/mdm/policy-csp-webthreatdefense
-
-[MEM-2]: /mem/intune/configuration/settings-catalog
\ No newline at end of file
+[MEM-2]: /mem/intune/configuration/settings-catalog
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index a03dd12363..b647dd4667 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -100,7 +100,7 @@ To check that the policy was successfully applied on your computer:
```xml
[What's New in Windows 10 Enterprise LTSC 2019](whats-new-windows-10-2019.md)
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md
index 0663fe6cd9..da9e6df080 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md
@@ -8,15 +8,14 @@ author: mestew
ms.localizationpriority: low
ms.topic: article
ms.technology: itpro-fundamentals
-ms.date: 12/31/2017
+ms.date: 02/26/2023
+appliesto:
+ - ✅ Windows 10 Enterprise LTSC 2015
---
# What's new in Windows 10 Enterprise LTSC 2015
-**Applies to**
-- Windows 10 Enterprise LTSC 2015
-
-This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2015 (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](index.md).
+This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2015 (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](overview.md).
## Deployment
@@ -289,4 +288,4 @@ The new chromium-based Microsoft Edge isn't included in the LTSC release of Wind
## See Also
-[Windows 10 Enterprise LTSC](index.md): A description of the LTSC servicing channel with links to information about each release.
+[Windows 10 Enterprise LTSC](overview.md): A description of the LTSC servicing channel with links to information about each release.
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md
index 1b70c22e66..ba451305fd 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md
@@ -9,14 +9,13 @@ ms.localizationpriority: low
ms.topic: article
ms.technology: itpro-fundamentals
ms.date: 12/31/2017
+appliesto:
+ - ✅ Windows 10 Enterprise LTSC 2016
---
# What's new in Windows 10 Enterprise LTSC 2016
-**Applies to**
-- Windows 10 Enterprise LTSC 2016
-
-This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2016 (LTSB), compared to Windows 10 Enterprise LTSC 2015 (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](index.md).
+This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2016 (LTSB), compared to Windows 10 Enterprise LTSC 2015 (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](overview.md).
>[!NOTE]
>Features in Windows 10 Enterprise LTSC 2016 are equivalent to Windows 10, version 1607.
@@ -177,4 +176,4 @@ The new chromium-based Microsoft Edge isn't included in the LTSC release of Wind
## See Also
-[Windows 10 Enterprise LTSC](index.md): A description of the LTSC servicing channel with links to information about each release.
+[Windows 10 Enterprise LTSC](overview.md): A description of the LTSC servicing channel with links to information about each release.
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
index d5d3090339..52223f9e9b 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@@ -9,14 +9,13 @@ ms.localizationpriority: medium
ms.topic: conceptual
ms.technology: itpro-fundamentals
ms.date: 04/05/2023
+appliesto:
+ - ✅ Windows 10 Enterprise LTSC 2019
---
# What's new in Windows 10 Enterprise LTSC 2019
-**Applies to**
-- Windows 10 Enterprise LTSC 2019
-
-This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2019, compared to Windows 10 Enterprise LTSC 2016 (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](index.md).
+This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2019, compared to Windows 10 Enterprise LTSC 2016 (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](overview.md).
>[!NOTE]
>Features in Windows 10 Enterprise LTSC 2019 are equivalent to Windows 10, version 1809.
@@ -577,4 +576,4 @@ See the following example:
## See also
-[Windows 10 Enterprise LTSC](index.md): A short description of the LTSC servicing channel with links to information about each release.
+[Windows 10 Enterprise LTSC](overview.md): A short description of the LTSC servicing channel with links to information about each release.
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2021.md b/windows/whats-new/ltsc/whats-new-windows-10-2021.md
index 79dff6896a..48b3e3b651 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2021.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2021.md
@@ -9,14 +9,13 @@ ms.localizationpriority: high
ms.topic: conceptual
ms.technology: itpro-fundamentals
ms.date: 04/05/2023
+appliesto:
+ - ✅ Windows 10 Enterprise LTSC 2021
---
# What's new in Windows 10 Enterprise LTSC 2021
-**Applies to**
-- Windows 10 Enterprise LTSC 2021
-
-This article lists new and updated features and content that is of interest to IT Pros for Windows 10 Enterprise LTSC 2021, compared to Windows 10 Enterprise LTSC 2019 (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](index.md).
+This article lists new and updated features and content that is of interest to IT Pros for Windows 10 Enterprise LTSC 2021, compared to Windows 10 Enterprise LTSC 2019 (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](overview.md).
> [!NOTE]
> Features in Windows 10 Enterprise LTSC 2021 are equivalent to Windows 10, version 21H2.
@@ -244,4 +243,4 @@ WPA3 H2E standards are supported for enhanced Wi-Fi security.
## See Also
-[Windows 10 Enterprise LTSC](index.md): A short description of the LTSC servicing channel with links to information about each release.
+[Windows 10 Enterprise LTSC](overview.md): A short description of the LTSC servicing channel with links to information about each release.
diff --git a/windows/whats-new/removed-features.md b/windows/whats-new/removed-features.md
index 0cfa8fb10e..d837c8fa8c 100644
--- a/windows/whats-new/removed-features.md
+++ b/windows/whats-new/removed-features.md
@@ -12,15 +12,13 @@ ms.date: 01/05/2023
ms.collection:
- highpri
- tier1
+appliesto:
+ - ✅ Windows 11
+ - ✅ Windows 10
---
# Features and functionality removed in Windows client
-**Applies to**
-
-- Windows 10
-- Windows 11
-
Each version of Windows client adds new features and functionality. Occasionally, new versions also remove features and functionality, often because they've added a newer option. This article provides details about the features and functionality that have been removed in Windows client.
For more information about features that might be removed in a future release, see [Deprecated features for Windows client](deprecated-features.md).
diff --git a/windows/whats-new/temporary-enterprise-feature-control.md b/windows/whats-new/temporary-enterprise-feature-control.md
new file mode 100644
index 0000000000..4db66dd6c4
--- /dev/null
+++ b/windows/whats-new/temporary-enterprise-feature-control.md
@@ -0,0 +1,48 @@
+---
+title: Temporary enterprise feature control in Windows 11
+description: Learn about the Windows 11 features behind temporary enterprise feature control.
+ms.prod: windows-client
+ms.technology: itpro-fundamentals
+ms.author: mstewart
+author: mestew
+manager: aaroncz
+ms.localizationpriority: medium
+ms.topic: reference
+ms.date: 05/19/2023
+ms.collection:
+ - highpri
+ - tier2
+appliesto:
+ - ✅ Windows 11, version 22H2 and later
+---
+
+# Temporary enterprise feature control in Windows 11
+
+New features and enhancements are introduced through the monthly cumulative update to provide continuous innovation for Windows 11. To give organizations time to plan and prepare, some of these new features are temporarily turned off by default. Features that are turned off by default are listed in the KB article for the monthly cumulative update. Typically, a feature is selected to be off by default because it either impacts the user experience or IT administrators significantly.
+
+Features behind temporary enterprise control are automatically disabled for devices that have their Windows updates managed by policies.
+
+## Windows 11 features behind temporary enterprise feature control
+
+The following features are behind temporary enterprise control in Windows 11:
+
+| Feature | KB article where the feature was introduced | Feature update that ends temporary control |
+|---|---|---|
+| Touch-optimized taskbar for 2-in-1 devices | [February 28, 2023 - KB5022913](https://support.microsoft.com/topic/february-28-2023-kb5022913-os-build-22621-1344-preview-3e38c0d9-924d-4f3f-b0b6-3bd49b2657b9) | 2023 annual feature update |
+
+## Enable features behind temporary enterprise feature control
+
+Features that are behind temporary enterprise control will be enabled when one of the following conditions is met:
+
+- The device installs the annual feature update that enables the new features by default
+- The device receives a policy that enables features behind temporary enterprise control
+ - When the policy is enabled, all features on the device behind temporary control are turned on when the device next restarts.
+
+## Policy settings for temporary enterprise feature control
+
+You can use a policy to enable features that are behind temporary enterprise feature control. When this policy is enabled, all features that were disabled behind temporary enterprise feature control are turned on when the device next reboots. The following polices apply to Windows 11, version 22H2 with [KB5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later:
+
+- **Group Policy:** Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage end user experience\\**Enable features introduced via servicing that are off by default**
+
+- **CSP**: ./Device/Vendor/MSFT/Policy/Config/Update/[AllowTemporaryEnterpriseFeatureControl](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowtemporaryenterprisefeaturecontrol)
+ - In the Intune [settings catalog](/intune/configuration/settings-catalog), this setting is named **Allow Temporary Enterprise Feature Control** under the **Windows Update for Business** category.
diff --git a/windows/whats-new/whats-new-windows-10-version-20H2.md b/windows/whats-new/whats-new-windows-10-version-20H2.md
index 3030181ea5..37a10475d2 100644
--- a/windows/whats-new/whats-new-windows-10-version-20H2.md
+++ b/windows/whats-new/whats-new-windows-10-version-20H2.md
@@ -12,13 +12,12 @@ ms.collection:
- tier2
ms.technology: itpro-fundamentals
ms.date: 12/31/2017
+appliesto:
+ - ✅ Windows 10, version 20H2
---
# What's new in Windows 10, version 20H2 for IT Pros
-**Applies to**
-- Windows 10, version 20H2
-
This article lists new and updated features and content that is of interest to IT Pros for Windows 10, version 20H2, also known as the Windows 10 October 2020 Update. This update also contains all features and fixes included in previous cumulative updates to Windows 10, version 2004.
> [!NOTE]
diff --git a/windows/whats-new/whats-new-windows-10-version-21H1.md b/windows/whats-new/whats-new-windows-10-version-21H1.md
index af47ae3987..3b134e5092 100644
--- a/windows/whats-new/whats-new-windows-10-version-21H1.md
+++ b/windows/whats-new/whats-new-windows-10-version-21H1.md
@@ -12,13 +12,12 @@ ms.collection:
- tier2
ms.technology: itpro-fundamentals
ms.date: 12/31/2017
+appliesto:
+ - ✅ Windows 10, version 21H1
---
# What's new in Windows 10, version 21H1 for IT Pros
-**Applies to**
-- Windows 10, version 21H1
-
This article lists new and updated features and content that is of interest to IT Pros for Windows 10, version 21H1, also known as the **Windows 10 May 2021 Update**. This update also contains all features and fixes included in previous cumulative updates to Windows 10, version 20H2.
Windows 10, version 21H1 is a scoped set of features for select performance improvements, enterprise features, and quality enhancements. As an [H1-targeted release](/lifecycle/faq/windows#what-is-the-servicing-timeline-for-a-version--feature-update--of-windows-10-), 21H1 is serviced for 18 months from the release date for devices running Windows 10 Enterprise or Windows 10 Education editions.
diff --git a/windows/whats-new/whats-new-windows-10-version-21H2.md b/windows/whats-new/whats-new-windows-10-version-21H2.md
index 0e8808f228..8b06af0956 100644
--- a/windows/whats-new/whats-new-windows-10-version-21H2.md
+++ b/windows/whats-new/whats-new-windows-10-version-21H2.md
@@ -12,14 +12,12 @@ ms.collection:
- tier2
ms.technology: itpro-fundamentals
ms.date: 12/31/2017
+appliesto:
+ - ✅ Windows 10, version 21H2
---
# What's new in Windows 10, version 21H2
-**Applies to**:
-
-- Windows 10, version 21H2
-
Windows 10, version 21H2 is the next feature update. This article lists the new and updated features IT Pros should know. Windows 10, version 21H2 is also known as the Windows 10 November 2021 Update. It includes all features and fixes in previous cumulative updates to Windows 10, version 21H1.
Windows 10, version 21H2 is an [H2-targeted release](/lifecycle/faq/windows#what-is-the-servicing-timeline-for-a-version--feature-update--of-windows-10-), and has the following servicing schedule:
diff --git a/windows/whats-new/whats-new-windows-10-version-22H2.md b/windows/whats-new/whats-new-windows-10-version-22H2.md
index e1ecaecbb0..5c158152d8 100644
--- a/windows/whats-new/whats-new-windows-10-version-22H2.md
+++ b/windows/whats-new/whats-new-windows-10-version-22H2.md
@@ -12,6 +12,8 @@ ms.date: 10/18/2022
ms.collection:
- highpri
- tier2
+appliesto:
+ - ✅ Windows 10, version 22H2
---
# What's new in Windows 10, version 22H2
diff --git a/windows/whats-new/whats-new-windows-11-version-22H2.md b/windows/whats-new/whats-new-windows-11-version-22H2.md
index bb565c5358..6a7edcc281 100644
--- a/windows/whats-new/whats-new-windows-11-version-22H2.md
+++ b/windows/whats-new/whats-new-windows-11-version-22H2.md
@@ -12,11 +12,11 @@ ms.collection:
- tier2
ms.technology: itpro-fundamentals
ms.date: 12/31/2017
+appliesto:
+ - ✅ Windows 11, version 22H2
---
# What's new in Windows 11, version 22H2
-
-**Applies to**: Windows 11, version 22H2
Windows 11, version 22H2 is a feature update for Windows 11. It includes all features and fixes in previous cumulative updates to Windows 11, version 21H2, the original Windows 11 release version. This article lists the new and updated features IT Pros should know.
diff --git a/windows/whats-new/windows-11-overview.md b/windows/whats-new/windows-11-overview.md
index df91262622..90928f5742 100644
--- a/windows/whats-new/windows-11-overview.md
+++ b/windows/whats-new/windows-11-overview.md
@@ -12,14 +12,12 @@ ms.topic: overview
ms.collection:
- highpri
- tier1
+appliesto:
+ - ✅ Windows 11
---
# Windows 11 overview
-**Applies to**:
-
-- Windows 11
-
Windows 11 is the next client operating system, and includes features that organizations should know. Windows 11 is built on the same foundation as Windows 10. If you use Windows 10, then Windows 11 is a natural transition. It's an update to what you know, and what you're familiar with.
It offers innovations focused on enhancing end-user productivity, and is designed to support today's hybrid work environment.
diff --git a/windows/whats-new/windows-11-plan.md b/windows/whats-new/windows-11-plan.md
index ce4a6efa32..346990f31f 100644
--- a/windows/whats-new/windows-11-plan.md
+++ b/windows/whats-new/windows-11-plan.md
@@ -12,17 +12,14 @@ ms.collection:
- tier1
ms.technology: itpro-fundamentals
ms.date: 12/31/2017
+appliesto:
+ - ✅ Windows 11
---
# Plan for Windows 11
-**Applies to**
-
-- Windows 11
-
-## Deployment planning
-
This article provides guidance to help you plan for Windows 11 in your organization.
+## Deployment planning
Since Windows 11 is built on the same foundation as Windows 10, you can use the same deployment capabilities, scenarios, and tools—and the same basic deployment strategy that you use today for Windows 10. You'll need to review and update your servicing strategy to adjust for changes in [Servicing and support](#servicing-and-support) for Windows 11.
diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index 9a0cdaf844..6e9047c606 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -12,15 +12,13 @@ ms.collection:
- tier1
ms.technology: itpro-fundamentals
ms.date: 12/31/2017
+appliesto:
+ - ✅ Windows 11
+ - ✅ Windows 10
---
# Prepare for Windows 11
-**Applies to**
-
-- Windows 11
-- Windows 10
-
Windows 10 and Windows 11 are designed to coexist, so that you can use the same familiar tools and process to manage both operating systems. Using a single management infrastructure that supports common applications across both Windows 10 and Windows 11 helps to simplify the migration process. You can analyze endpoints, determine application compatibility, and manage Windows 11 deployments in the same way that you do with Windows 10.
After you evaluate your hardware to see if it meets [requirements](windows-11-requirements.md) for Windows 11, it's a good time to review your deployment infrastructure, tools, and overall endpoint and update management processes and look for opportunities to simplify and optimize. This article provides some helpful guidance to accomplish these tasks.
diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md
index 74230a9b73..f596c4e962 100644
--- a/windows/whats-new/windows-11-requirements.md
+++ b/windows/whats-new/windows-11-requirements.md
@@ -12,14 +12,13 @@ ms.collection:
- tier1
ms.technology: itpro-fundamentals
ms.date: 02/13/2023
+appliesto:
+ - ✅ Windows 11
+
---
# Windows 11 requirements
-**Applies to**
-
-- Windows 11
-
This article lists the system requirements for Windows 11. Windows 11 is also [supported on a virtual machine (VM)](#virtual-machine-support).
## Hardware requirements
diff --git a/windows/whats-new/windows-licensing.md b/windows/whats-new/windows-licensing.md
index 1af9776fe0..3a56385d67 100644
--- a/windows/whats-new/windows-licensing.md
+++ b/windows/whats-new/windows-licensing.md
@@ -68,7 +68,7 @@ The following table describes the unique Windows Enterprise edition features:
| OS-based feature | Description |
|-|-|
|**[Windows Defender Credential Guard][WIN-1]**|Protects against user credential harvesting and pass-the-hash attacks or pass the token attacks.|
-|**[Managed Microsoft Defender Application Guard for Microsoft Edge][EDGE-1]**| Isolates enterprise-defined untrusted sites with virtualization-based security from Windows, protecting your organization while users browse the Internet.|
+|**[Managed Microsoft Defender Application Guard (MDAG) for Microsoft Edge][WIN-11]**| Isolates enterprise-defined untrusted sites with virtualization-based security from Windows, protecting your organization while users browse the Internet.|
|**[Modern BitLocker Management][WIN-2]** | Allows you to eliminate on-premises tools to monitor and support BitLocker recovery scenarios. |
|**[Personal Data Encryption][WIN-3]**|Encrypts individual's content using Windows Hello for Business to link the encryption keys to user credentials.|
|**[Direct Access][WINS-1]**|Connect remote users to the organization network without the need for traditional VPN connections.|
@@ -127,7 +127,7 @@ Windows Enterprise E3 in Microsoft 365 F3 does not include some use rights previ
## Use a Windows Pro device with the Windows Enterprise user subscription license
-In most cases, the Windows Pro edition comes pre-installed on a business-class device. Microsoft recommends upgrading your Windows Pro devices to Enterprise edition when you have acquired a user subscription licenses for Windows. However, there are cases that require to keep devices on the Pro edition and not upgrade them to Enterprise edition. With Windows 11 Enterprise E3, you can take advantage of features, services and use rights not licensed to the Windows Pro license bound to the device. It includes Windows Enterprise edition with cloud-powered capabilities and subscription use rights, and these capabilities are not always technically enforced. Some scenarios that may require to not upgrade to Windows Enterprise edition:
+In most cases, the Windows Pro edition comes pre-installed on a business-class device. Microsoft recommends upgrading your Windows Pro devices to Enterprise edition when you have acquired a user subscription license for Windows. However, there are cases that require to keep devices on the Pro edition and not upgrade them to Enterprise edition. With Windows 11 Enterprise E3, you can take advantage of features, services and use rights not licensed to the Windows Pro license bound to the device. It includes Windows Enterprise edition with cloud-powered capabilities and subscription use rights, and these capabilities are not always technically enforced. Some scenarios that may require to not upgrade to Windows Enterprise edition:
- Devices not properly provisioned that don't automatically upgrade to Windows Enterprise edition
- Devices may have been acquired for a business process that was not under control of a central IT department or outside of the IT department's knowledge
@@ -142,7 +142,7 @@ The following table lists the Windows 11 Enterprise features and their Windows e
| OS-based feature |Windows Pro|Windows Enterprise|
|-|-|-|
|**[Windows Defender Credential Guard][WIN-1]**|❌|Yes|
-|**[Microsoft Defender Application Guard (MDAG) for Microsoft Edge][EDGE-1]**|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Microsoft Edge][WIN-11]**|Yes|Yes|
|**[Modern BitLocker Management][WIN-2]**|Yes|Yes|
|**[Personal data encryption (PDE)][WIN-3]**|❌|Yes|
|**[Direct Access][WINS-1]**|Yes|Yes|
@@ -186,7 +186,6 @@ To learn more about Windows 11 Enterprise E3 and E5 licensing, download the [Win
- How to acquire licenses through Commercial Licensing
[AZ-1]: /azure/virtual-desktop/prerequisites#operating-systems-and-licenses
-[EDGE-1]: /deployedge/microsoft-edge-security-windows-defender-application-guard
[EXT-1]: https://www.microsoft.com/licensing/terms/productoffering/WindowsDesktopOperatingSystem/EAEAS
[EXT-2]: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-release-health-now-available-in-the-microsoft-365-admin/ba-p/2235908
[EXT-3]: https://windows.com/enterprise
@@ -208,5 +207,7 @@ To learn more about Windows 11 Enterprise E3 and E5 licensing, download the [Win
[WIN-8]: /windows/deployment/do/waas-microsoft-connected-cache
[WIN-9]: /windows/release-health/supported-versions-windows-client#enterprise-and-iot-enterprise-ltsbltsc-editions
[WIN-10]: /windows/whats-new/ltsc/
+[WIN-11]: /windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview
[WINS-1]: /windows-server/remote/remote-access/directaccess/directaccess
[WINS-2]: /windows-server/remote/remote-access/vpn/always-on-vpn/
+