diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 9e0457992a..c4fbef4053 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -8359,6 +8359,12 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
System/FeedbackHubAlwaysSaveDiagnosticsLocally
+
+ System/LimitDiagnosticLogCollection
+
+
+ System/LimitDumpCollection
+
System/LimitEnhancedDiagnosticDataWindowsAnalytics
@@ -8992,6 +8998,9 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
WirelessDisplay/AllowMdnsDiscovery
+
+ WirelessDisplay/AllowMovementDetectionOnInfrastructure
+
WirelessDisplay/AllowProjectionFromPC
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index ec9a25a296..9e31c3a67b 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -94,6 +94,12 @@ manager: dansimp
System/FeedbackHubAlwaysSaveDiagnosticsLocally
+
+ System/LimitDiagnosticLogCollection
+
+
+ System/LimitDumpCollection
+
System/LimitEnhancedDiagnosticDataWindowsAnalytics
@@ -1295,6 +1301,105 @@ The following list shows the supported values:
+
+**System/LimitDiagnosticLogCollection**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. It is sent only if we have permission to collect optional diagnostic data, and only if the device meets the criteria for additional data collection.
+
+If you disable or do not configure this policy setting, we may occasionally collect advanced diagnostic data if the user has opted to send optional diagnostic data.
+
+
+
+ADMX Info:
+- GP Friendly name: *Limit Diagnostic Log Collection*
+- GP name: *LimitDiagnosticLogCollection*
+- GP path: *Data Collection and Preview Builds*
+- GP ADMX file name: *DataCollection.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – Disabled
+- 1 – Enabled
+
+
+
+
+
+
+
+**System/LimitDumpCollection**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps are not sent unless we have permission to collect optional diagnostic data.
+
+By enabling this policy setting, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps only.
+
+If you disable or do not configure this policy setting, we may occasionally collect full or heap dumps if the user has opted to send optional diagnostic data.
+
+
+
+ADMX Info:
+- GP Friendly name: *Limit Dump Collection*
+- GP name: *LimitDumpCollection*
+- GP path: *Data Collection and Preview Builds*
+- GP ADMX file name: *DataCollection.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 – Disabled
+- 1 – Enabled
+
+
+
+
+
**System/LimitEnhancedDiagnosticDataWindowsAnalytics**
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index c9ae086d5d..d61b982f66 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -26,6 +26,9 @@ manager: dansimp
WirelessDisplay/AllowMdnsDiscovery
+
+ WirelessDisplay/AllowMovementDetectionOnInfrastructure
+
WirelessDisplay/AllowProjectionFromPC
@@ -129,6 +132,53 @@ The following list shows the supported values:
+
+**WirelessDisplay/AllowMovementDetectionOnInfrastructure**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting allows you to disable the infrastructure movement detection feature.
+
+If you set it to 0, your PC may stay connected and continue to project if you walk away from a Wireless Display receiver to which you are projecting over infrastructure.
+
+If you set it to 1, your PC will detect that you have moved and will automatically disconnect your infrastructure Wireless Display session.
+
+The default value is 1.
+
+
+
+
+The following list shows the supported values:
+
+- 0 - Do not allow
+- 1 (Default) - Allow
+
+
+
+
+
+
**WirelessDisplay/AllowProjectionFromPC**
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
index c114cd86e5..bf92834f9b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
@@ -39,6 +39,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
## Azure AD joined provisioning in a Managed environment
+[Full size image](images/howitworks/prov-aadj-managed.png)
| Phase | Description |
| :----: | :----------- |
@@ -50,6 +51,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
[Return to top](#windows-hello-for-business-provisioning)
## Azure AD joined provisioning in a Federated environment
+[Full size image](images/howitworks/prov-aadj-federated.png)
| Phase | Description |
| :----: | :----------- |
@@ -60,7 +62,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
[Return to top](#windows-hello-for-business-provisioning)
## Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment
-
+[Full size image](images/howitworks/prov-haadj-keytrust-managed.png)
| Phase | Description |
|:-----:|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -78,7 +80,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
[Return to top](#windows-hello-for-business-provisioning)
## Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment
-
+[Full size image](images/howitworks/prov-haadj-instant-certtrust-federated.png)
| Phase | Description |
|:-----:|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -96,6 +98,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
[Return to top](#windows-hello-for-business-provisioning)
## Domain joined provisioning in an On-premises Key Trust deployment
+[Full size image](images/howitworks/prov-onprem-keytrust.png)
| Phase | Description |
| :----: | :----------- |
@@ -107,6 +110,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
[Return to top](#windows-hello-for-business-provisioning)
## Domain joined provisioning in an On-premises Certificate Trust deployment
+[Full size image](images/howitworks/prov-onprem-certtrust.png)
| Phase | Description |
| :----: | :----------- |
diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
index 5610f8e167..d6d92affa4 100644
--- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
+++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
@@ -59,7 +59,7 @@ The following table lists the Group Policy settings that you can configure for W
|Minimum PIN length|Computer|Not configured: PIN length must be greater than or equal to 4.
Enabled: PIN length must be greater than or equal to the number you specify.
Disabled: PIN length must be greater than or equal to 4.|
|Expiration|Computer|
Not configured: PIN does not expire.
Enabled: PIN can be set to expire after any number of days between 1 and 730, or PIN can be set to never expire by setting policy to 0.
Disabled: PIN does not expire.|
|History|Computer|
Not configured: Previous PINs are not stored.
Enabled: Specify the number of previous PINs that can be associated to a user account that can't be reused.
Disabled: Previous PINs are not stored.
Note Current PIN is included in PIN history.
|
-|Require special characters|Computer|Not configured: Users cannot include a special character in their PIN
Enabled: Users must include at least one special character in their PIN.
Disabled: Users cannot include a special character in their PIN.|
+|Require special characters|Computer|
Not configured: Windows allows, but does not require, special characters in the PIN.
Enabled: Windows requires the user to include at least one special character in their PIN.
Disabled: Windows does not allow the user to include special characters in their PIN.|
|Require uppercase letters|Computer|
Not configured: Users cannot include an uppercase letter in their PIN.
Enabled: Users must include at least one uppercase letter in their PIN.
Disabled: Users cannot include an uppercase letter in their PIN.|
### Phone Sign-in
@@ -168,4 +168,4 @@ If you want to use Windows Hello for Business with certificates, you'll need a d
- [Windows Hello and password changes](hello-and-password-changes.md)
- [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
- [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
-- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
\ No newline at end of file
+- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)