From 530619025b5f797c0835f827df6e540311399b58 Mon Sep 17 00:00:00 2001
From: Nash Pherson <napherso@microsoft.com>
Date: Wed, 27 Mar 2024 08:50:10 -0500
Subject: [PATCH 01/16] Clarify support for GCC

Clarified that Office 365 GCC tenants are supported, but the service is outside the GCC compliance boundary. Made it clear that GCC-High and DOD tenants are not supported.
---
 .../deployment/update/includes/wufb-deployment-limitations.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/deployment/update/includes/wufb-deployment-limitations.md b/windows/deployment/update/includes/wufb-deployment-limitations.md
index a57711bffd..b26f7aeb85 100644
--- a/windows/deployment/update/includes/wufb-deployment-limitations.md
+++ b/windows/deployment/update/includes/wufb-deployment-limitations.md
@@ -10,4 +10,6 @@ ms.localizationpriority: medium
 ---
 <!--This file is shared by deployment-service-overview.md and the deployment-service-prerequisites.md articles. Headings may be driven by article context. 7512398 -->
 
-Windows Update for Business deployment service is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Windows Update for Business deployment service doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Windows Update for Business deployment service is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.
+Windows Update for Business deployment service is a Windows service hosted in Azure Commercial that uses Windows diagnostic data. While customers with Office 365 GCC tenants may chose to use it, the Windows Update for Business deployment service is outside the [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) boundary. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home).
+
+Windows Update for Business deployment service is not available in Azure Government for [Office 365 GCC High and DOD](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc-high-and-dod) tenants.

From 58e6522f1b5b246874dfd83a515ec5bcda58faed Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Wed, 27 Mar 2024 10:21:59 -0700
Subject: [PATCH 02/16] update FAQ questions about ports

Updated for accuracy.
---
 windows/deployment/do/waas-delivery-optimization-faq.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml
index 73a6691166..3501f7bb90 100644
--- a/windows/deployment/do/waas-delivery-optimization-faq.yml
+++ b/windows/deployment/do/waas-delivery-optimization-faq.yml
@@ -77,11 +77,12 @@ sections:
     questions:
       - question: Which ports does Delivery Optimization use?
         answer: | 
-          Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service registers and opens this port on the device. The port must be set to accept inbound traffic through your firewall. If you don't allow inbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data).
+          Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service registers and opens this port on the device. The port must be set to accept inbound and outbound TCP traffic through your firewall. If you don't allow traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download updates by using HTTP over port 80 (or HTTPS over port 443 where applicable).
 
-          Delivery Optimization uses Teredo to create peer groups, which include devices across NATs (or any form of internal subnet that uses gateways or firewalls between subnets). To enable this scenario, you must allow inbound TCP/IP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
+          If you set the "Download Mode" policy to "Group (2)", Teredo will be used by Delivery Optimization to connect to peer devices across NATs. You must allow inbound and outbound UDP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
 
-          Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80.
+          Delivery Optimization also communicates with its cloud service by using HTTPS over port 443.
+          
       - question: What are the requirements if I use a proxy?
         answer: |
           For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](../do/delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](/windows/deployment/update/windows-update-troubleshooting).

From 6e5480be7e27dda72c14e27cc9a4c87f8e3d2af4 Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Wed, 27 Mar 2024 18:04:04 -0700
Subject: [PATCH 03/16] Teredo also used in "Internet" download mode

---
 windows/deployment/do/waas-delivery-optimization-faq.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml
index 3501f7bb90..2113295426 100644
--- a/windows/deployment/do/waas-delivery-optimization-faq.yml
+++ b/windows/deployment/do/waas-delivery-optimization-faq.yml
@@ -79,7 +79,7 @@ sections:
         answer: | 
           Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service registers and opens this port on the device. The port must be set to accept inbound and outbound TCP traffic through your firewall. If you don't allow traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download updates by using HTTP over port 80 (or HTTPS over port 443 where applicable).
 
-          If you set the "Download Mode" policy to "Group (2)", Teredo will be used by Delivery Optimization to connect to peer devices across NATs. You must allow inbound and outbound UDP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
+          If you set the "Download Mode" policy to "Group (2)" or "Internet (3)", Teredo will be used by Delivery Optimization to connect to peer devices across NATs. You must allow inbound and outbound UDP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
 
           Delivery Optimization also communicates with its cloud service by using HTTPS over port 443.
           

From 37a5128fa775cd05a3391b2ed5f9cfe3954777cf Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Mon, 1 Apr 2024 12:07:58 -0700
Subject: [PATCH 04/16] Update wufb-deployment-limitations.md

wording tweaks
---
 .../deployment/update/includes/wufb-deployment-limitations.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/includes/wufb-deployment-limitations.md b/windows/deployment/update/includes/wufb-deployment-limitations.md
index b26f7aeb85..1a4d2b6c80 100644
--- a/windows/deployment/update/includes/wufb-deployment-limitations.md
+++ b/windows/deployment/update/includes/wufb-deployment-limitations.md
@@ -10,6 +10,6 @@ ms.localizationpriority: medium
 ---
 <!--This file is shared by deployment-service-overview.md and the deployment-service-prerequisites.md articles. Headings may be driven by article context. 7512398 -->
 
-Windows Update for Business deployment service is a Windows service hosted in Azure Commercial that uses Windows diagnostic data. While customers with Office 365 GCC tenants may chose to use it, the Windows Update for Business deployment service is outside the [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) boundary. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home).
+Windows Update for Business deployment service is a Windows service hosted in Azure Commercial that uses Windows diagnostic data. While customers with GCC tenants may choose to use it, the Windows Update for Business deployment service is outside the [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) boundary. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home).
 
-Windows Update for Business deployment service is not available in Azure Government for [Office 365 GCC High and DOD](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc-high-and-dod) tenants.
+Windows Update for Business deployment service isn't available in Azure Government for [Office 365 GCC High and DOD](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc-high-and-dod) tenants.

From a0323a8066f7c13bf50b609a5345cdef6e3fc55b Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Mon, 1 Apr 2024 13:24:00 -0700
Subject: [PATCH 05/16] Update
 windows/deployment/update/includes/wufb-deployment-limitations.md

---
 .../deployment/update/includes/wufb-deployment-limitations.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/includes/wufb-deployment-limitations.md b/windows/deployment/update/includes/wufb-deployment-limitations.md
index 1a4d2b6c80..5ed854edd0 100644
--- a/windows/deployment/update/includes/wufb-deployment-limitations.md
+++ b/windows/deployment/update/includes/wufb-deployment-limitations.md
@@ -12,4 +12,4 @@ ms.localizationpriority: medium
 
 Windows Update for Business deployment service is a Windows service hosted in Azure Commercial that uses Windows diagnostic data. While customers with GCC tenants may choose to use it, the Windows Update for Business deployment service is outside the [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) boundary. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home).
 
-Windows Update for Business deployment service isn't available in Azure Government for [Office 365 GCC High and DOD](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc-high-and-dod) tenants.
+Windows Update for Business deployment service isn't available in Azure Government for [Office 365 GCC High and DoD](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc-high-and-dod) tenants.

From 30db229f60f46adf42ae1bbf6b9eef78f79b5ac8 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Tue, 16 Apr 2024 09:16:19 -0700
Subject: [PATCH 06/16] ntlm-dep-8396018

---
 windows/whats-new/deprecated-features-resources.md | 10 +++++++++-
 windows/whats-new/deprecated-features.md           |  3 ++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md
index 521dc1b1be..ac840d039e 100644
--- a/windows/whats-new/deprecated-features-resources.md
+++ b/windows/whats-new/deprecated-features-resources.md
@@ -1,7 +1,7 @@
 ---
 title: Resources for deprecated features in the Windows client
 description: Resources and details for deprecated features in the Windows client.
-ms.date: 03/25/2024
+ms.date: 04/19/2024
 ms.service: windows-client
 ms.subservice: itpro-fundamentals
 ms.localizationpriority: medium
@@ -21,6 +21,14 @@ appliesto:
 
 This article provides additional resources about [deprecated features for Windows client](deprecated-features.md) that may be needed by IT professionals. The following information is provided to help IT professionals plan for the removal of deprecated features:
 
+## NTLM
+
+Customers concerned about NTLM usage in their environments are encouraged to utilize [NTLM auditing](/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain) to [investigate how NTLM is being used](https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/ntlm-blocking-and-you-application-analysis-and-auditing/ba-p/397191).  
+
+In many cases, applications should be able to replace NTLM with Negotiate using a one-line change in their `AcquireCredentialsHandle` request to the SSPI. One known exception is for applications that have made hard assumptions about the maximum number of round trips needed to complete authentication. In most cases, Negotiate will add at least one additional round trip. Some scenarios may require more additional configuration. For more information, see [Kerberos authentication troubleshooting guidance](/troubleshoot/windows-server/windows-security/kerberos-authentication-troubleshooting-guidance).
+
+Negotiate's built-in fallback to NTLM is preserved to mitigate compatibility issues during this transition. For updates on NTLM deprecation, see [https://aka.ms/ntlm](https://aka.ms/ntlm).
+
 ## WordPad
 
 WordPad will be removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. As a result, Windows will no longer have a built-in, default RTF reader. We recommend Microsoft Word for rich text documents like .doc and .rtf and Notepad for plain text documents like .txt. The following binaries will be removed as a result of WordPad removal:
diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index 662ade9a57..0423badca7 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -1,7 +1,7 @@
 ---
 title: Deprecated features in the Windows client
 description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11.
-ms.date: 03/25/2024
+ms.date: 04/19/2024
 ms.service: windows-client
 ms.subservice: itpro-fundamentals
 ms.localizationpriority: medium
@@ -47,6 +47,7 @@ The features in this article are no longer being actively developed, and might b
 
 | Feature | Details and mitigation  | Deprecation announced |
 |---|---|---|
+| NTLM <!--8396018-->| All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and will be deprecated in Windows 11, version 24H2 and Windows Server 2025. Use of NTLM will continue to work in these releases. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | April 2024 |
 | NPLogonNotify and NPPasswordChangeNotify APIs <!--8787264--> | Starting in Windows 11, version 24H2, the inclusion of password payload in MPR notifications is set to disabled by default through group policy in [NPLogonNotify](/windows/win32/api/npapi/nf-npapi-nplogonnotify) and [NPPasswordChangeNotify](/windows/win32/api/npapi/nf-npapi-nppasswordchangenotify) APIs. The APIs may be removed in a future release. The primary reason for disabling this feature is to enhance security. When enabled, these APIs allow the caller to retrieve a users password, presenting potential risks for password exposure and harvesting by malicious users. To include password payload in MPR notifications, set the [EnableMPRNotifications](/windows/client-management/mdm/policy-csp-windowslogon#enablemprnotifications) policy to `enabled`.| March 2024 |
 | TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits <!--8644149-->| Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see [Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows. </br></br> TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| March 2024|
 | Test Base <!--8790681--> | [Test Base for Microsoft 365](/microsoft-365/test-base/overview), an Azure cloud service for application testing, is deprecated. The service will be retired in the future and will be no longer available for use after retirement. | March 2024 |

From b1ceeaf01d80459c18b70f00a6a367431cc90c3e Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Tue, 16 Apr 2024 09:51:59 -0700
Subject: [PATCH 07/16] ntlm-dep-8396018

---
 windows/whats-new/deprecated-features-resources.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md
index ac840d039e..e5fa724c6e 100644
--- a/windows/whats-new/deprecated-features-resources.md
+++ b/windows/whats-new/deprecated-features-resources.md
@@ -25,7 +25,7 @@ This article provides additional resources about [deprecated features for Window
 
 Customers concerned about NTLM usage in their environments are encouraged to utilize [NTLM auditing](/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain) to [investigate how NTLM is being used](https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/ntlm-blocking-and-you-application-analysis-and-auditing/ba-p/397191).  
 
-In many cases, applications should be able to replace NTLM with Negotiate using a one-line change in their `AcquireCredentialsHandle` request to the SSPI. One known exception is for applications that have made hard assumptions about the maximum number of round trips needed to complete authentication. In most cases, Negotiate will add at least one additional round trip. Some scenarios may require more additional configuration. For more information, see [Kerberos authentication troubleshooting guidance](/troubleshoot/windows-server/windows-security/kerberos-authentication-troubleshooting-guidance).
+In many cases, applications should be able to replace NTLM with Negotiate using a one-line change in their `AcquireCredentialsHandle` request to the SSPI. One known exception is for applications that have made hard assumptions about the maximum number of round trips needed to complete authentication. In most cases, Negotiate will add at least one additional round trip. Some scenarios may require additional configuration. For more information, see [Kerberos authentication troubleshooting guidance](/troubleshoot/windows-server/windows-security/kerberos-authentication-troubleshooting-guidance).
 
 Negotiate's built-in fallback to NTLM is preserved to mitigate compatibility issues during this transition. For updates on NTLM deprecation, see [https://aka.ms/ntlm](https://aka.ms/ntlm).
 

From 1421a48ebd9fe93198f04b603110f5d810f01032 Mon Sep 17 00:00:00 2001
From: itsrlyAria <82474610+itsrlyAria@users.noreply.github.com>
Date: Fri, 10 May 2024 17:08:00 -0700
Subject: [PATCH 08/16] Update wufb-wsus.md

Correcting an error.
---
 windows/deployment/update/wufb-wsus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md
index 6062716b60..2cb3016af2 100644
--- a/windows/deployment/update/wufb-wsus.md
+++ b/windows/deployment/update/wufb-wsus.md
@@ -46,7 +46,7 @@ To help you better understand the scan source policy, see the default scan behav
   - On Windows 10: All of your updates will come from WSUS.
   - On Windows 11: All of your updates will still come from WSUS unless you configure the specify scan source policy.
 
-- If you configure a WSUS server and deferral policies: All of your updates will come from Windows Update unless you specify the scan source policy.
+- If you configure a WSUS server and deferral policies on Windows 10: All of your updates will come from Windows Update unless you specify the scan source policy or have disabled dual scan.
 - If you configure a WSUS server and the scan source policy: All of your updates will come from the source chosen in the scan source policy.
 
 > [!TIP]

From 5ac0cc0290d24e4b324a92954da7df496a618261 Mon Sep 17 00:00:00 2001
From: "[cmknox]" <[cmknox@gmail.com]>
Date: Fri, 31 May 2024 20:23:47 -0600
Subject: [PATCH 09/16] Minor updates and add health check

---
 .../do/waas-delivery-optimization-monitor.md         | 12 ++++++------
 windows/deployment/do/whats-new-do.md                |  5 +++--
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/windows/deployment/do/waas-delivery-optimization-monitor.md b/windows/deployment/do/waas-delivery-optimization-monitor.md
index 675851ae42..6c30ab2dc4 100644
--- a/windows/deployment/do/waas-delivery-optimization-monitor.md
+++ b/windows/deployment/do/waas-delivery-optimization-monitor.md
@@ -88,12 +88,12 @@ For details, see [Windows Update for Business Delivery Optimization Report](/win
 | CpuUsagePct | Average CPU usage by the Delivery Optimization process |
 | MemUsageKB | Amount of committed memory currently used by the Delivery Optimization process |
 | NumberOfPeers | Total number of peers found across all files currently in the cache |
-| CacheHostConnections | Number of cache host server connections |
-| CdnConnections | Number of CDN server connections |
-| LanConnections | Number of peer connections over LAN |
-| LinkLocalConnections | Number of peer connections over Link Local |
-| GroupConnections | Number of peer connections over Group |
-| InternetConnections | Number of peer connections over Internet |
+| CacheHostConnections | Number of connections to Microsoft Connected Cache servers |
+| CdnConnections | Number of connections to CDN servers |
+| LanConnections | Number of connections to LAN peers |
+| LinkLocalConnections | Number of connections to Link Local peers |
+| GroupConnections | Number of connections to Group peers|
+| InternetConnections | Number of connections to Internet peers |
 | DownlinkBps | Average download bandwidth usage currently seen across all network adapters |
 | DownlinkUsageBps | Average bandwidth currently used by Delivery Optimization for downloads |
 | UplinkBps | Average upload bandwidth usage currently seen across all network adapters |
diff --git a/windows/deployment/do/whats-new-do.md b/windows/deployment/do/whats-new-do.md
index c9a0382033..0f9840b7ed 100644
--- a/windows/deployment/do/whats-new-do.md
+++ b/windows/deployment/do/whats-new-do.md
@@ -37,8 +37,9 @@ There are two different versions:
 
 [Check out](https://aka.ms/do-fix) the new Delivery Optimization Troubleshooter. This tool provides a device health check to verify the device is set up properly to use Delivery Optimization. To scope the output more specifically, use one of the two switches:
 
-- -p2p: Provides output specific to P2P settings, efficiency, and errors.
-- -mcc: Provides output specific to MCC settings and verifies the client can access the cache server.
+- -HealthCheck: Provides an overall check of the device setup to ensure Delivery Optimization communication is possible on the device.
+- -P2P: Provides output specific to P2P settings, efficiency, and errors.
+- -MCC: Provides output specific to MCC settings and verifies the client can access the cache server.
 
 ### Windows 11 22H2
 

From 7a1fb7ce324b3207ac30fe2a52707697a2002dba Mon Sep 17 00:00:00 2001
From: "[cmknox]" <[cmknox@gmail.com]>
Date: Fri, 31 May 2024 20:28:17 -0600
Subject: [PATCH 10/16] Changing for consistency

---
 windows/deployment/do/waas-delivery-optimization-reference.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/do/waas-delivery-optimization-reference.md b/windows/deployment/do/waas-delivery-optimization-reference.md
index c93596986a..9c90b088c4 100644
--- a/windows/deployment/do/waas-delivery-optimization-reference.md
+++ b/windows/deployment/do/waas-delivery-optimization-reference.md
@@ -42,7 +42,7 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz
 | [Minimum disk size allowed to use peer caching](#minimum-disk-size-allowed-to-use-peer-caching) | DOMinDiskSizeAllowedToPeer | 1703 | Default value is 32 GB. |
 | [Max cache age](#max-cache-age) | DOMaxCacheAge | 1511 | Default value is 259,200 seconds (three days). |
 | [Max cache size](#max-cache-size)  | DOMaxCacheSize | 1511 | Default value is 20%. |
-| [Absolute max cache size (in GBs)](#absolute-max-cache-size) | DOAbsoluteMaxCacheSize | 1607 | Default is not configured.|
+| [Absolute max cache size (in GBs)](#absolute-max-cache-size) | DOAbsoluteMaxCacheSize | 1607 | Default isn't configured.|
 | [Modify cache drive](#modify-cache-drive) | DOModifyCacheDrive | 1607 | Default to the operating system drive through the %SYSTEMDRIVE% environment variable. |
 | [Minimum peer caching content file size](#minimum-peer-caching-content-file-size) | DOMinFileSizeToCache | 1703 | Default file size is 50 MB. |
 | [Monthly upload data cap](#monthly-upload-data-cap) | DOMonthlyUploadDataCap | 1607 | Default value is 20 GB. |

From d40d9fd80b941b141c5bdb675ea89d69f4338e6c Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 3 Jun 2024 05:57:47 -0400
Subject: [PATCH 11/16] updated description for settings catalog policy

---
 education/windows/federated-sign-in.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/education/windows/federated-sign-in.md b/education/windows/federated-sign-in.md
index 9c6425ae8e..090cd46bf2 100644
--- a/education/windows/federated-sign-in.md
+++ b/education/windows/federated-sign-in.md
@@ -1,7 +1,7 @@
 ---
 title: Configure federated sign-in for Windows devices
 description: Learn how federated sign-in in Windows works and how to configure it.
-ms.date: 04/10/2024
+ms.date: 06/03/2024
 ms.topic: how-to
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
@@ -87,7 +87,7 @@ Review the following instructions to configure your devices using either Microso
 |--|--|--|
 | Education | Is Education Environment | Enabled |
 | Federated Authentication | Enable Web Sign In For Primary User | Enabled |
-| Authentication | Configure Web Sign In Allowed Urls | Semicolon separated list of domains, for example: `samlidp.clever.com;clever.com;mobile-redirector.clever.com` |
+| Authentication | Configure Web Sign In Allowed Urls | Enter the list of domains, with each URL in a separate row. For example:<br>- `samlidp.clever.com`<br>- `clever.com`<br>-`mobile-redirector.clever.com` |
 | Authentication | Configure Webcam Access Domain Names | This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com` |
 
 [!INCLUDE [intune-settings-catalog-2](../../includes/configure/intune-settings-catalog-2.md)]
@@ -134,7 +134,7 @@ Review the following instructions to configure your shared devices using either
 | Education | Is Education Environment | Enabled |
 | SharedPC | Enable Shared PC Mode With OneDrive Sync | True |
 | Authentication | Enable Web Sign In | Enabled |
-| Authentication | Configure Web Sign In Allowed Urls | Semicolon separated list of domains, for example: `samlidp.clever.com;clever.com;mobile-redirector.clever.com` |
+| Authentication | Configure Web Sign In Allowed Urls | Enter the list of domains, with each URL in a separate row. For example:<br>- `samlidp.clever.com`<br>- `clever.com`<br>-`mobile-redirector.clever.com` |
 | Authentication | Configure Webcam Access Domain Names | This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com` |
 
 [!INCLUDE [intune-settings-catalog-2](../../includes/configure/intune-settings-catalog-2.md)]

From c35798ff00261504503830e1ed1ac6531e199c84 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 3 Jun 2024 06:42:36 -0400
Subject: [PATCH 12/16] fixed typo

---
 education/windows/federated-sign-in.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/education/windows/federated-sign-in.md b/education/windows/federated-sign-in.md
index 090cd46bf2..aca908bb45 100644
--- a/education/windows/federated-sign-in.md
+++ b/education/windows/federated-sign-in.md
@@ -87,7 +87,7 @@ Review the following instructions to configure your devices using either Microso
 |--|--|--|
 | Education | Is Education Environment | Enabled |
 | Federated Authentication | Enable Web Sign In For Primary User | Enabled |
-| Authentication | Configure Web Sign In Allowed Urls | Enter the list of domains, with each URL in a separate row. For example:<br>- `samlidp.clever.com`<br>- `clever.com`<br>-`mobile-redirector.clever.com` |
+| Authentication | Configure Web Sign In Allowed Urls | Enter the list of domains, with each URL in a separate row. For example:<br>- `samlidp.clever.com`<br>- `clever.com`<br>- `mobile-redirector.clever.com` |
 | Authentication | Configure Webcam Access Domain Names | This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com` |
 
 [!INCLUDE [intune-settings-catalog-2](../../includes/configure/intune-settings-catalog-2.md)]
@@ -134,7 +134,7 @@ Review the following instructions to configure your shared devices using either
 | Education | Is Education Environment | Enabled |
 | SharedPC | Enable Shared PC Mode With OneDrive Sync | True |
 | Authentication | Enable Web Sign In | Enabled |
-| Authentication | Configure Web Sign In Allowed Urls | Enter the list of domains, with each URL in a separate row. For example:<br>- `samlidp.clever.com`<br>- `clever.com`<br>-`mobile-redirector.clever.com` |
+| Authentication | Configure Web Sign In Allowed Urls | Enter the list of domains, with each URL in a separate row. For example:<br>- `samlidp.clever.com`<br>- `clever.com`<br>- `mobile-redirector.clever.com` |
 | Authentication | Configure Webcam Access Domain Names | This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com` |
 
 [!INCLUDE [intune-settings-catalog-2](../../includes/configure/intune-settings-catalog-2.md)]

From 803cf9d8084ee796e3ffdcc35c5b850ee390b198 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 3 Jun 2024 11:43:16 -0400
Subject: [PATCH 13/16] format update

---
 windows/configuration/start/layout.md         | 42 -------------------
 .../taskbar/includes/allow-widgets.md         |  2 +-
 .../includes/configure-start-layout.md        |  4 +-
 .../configures-search-on-the-taskbar.md       |  2 +-
 .../disable-editing-quick-settings.md         |  2 +-
 ...o-not-allow-pinning-items-in-jump-lists.md |  2 +-
 ...t-allow-pinning-programs-to-the-taskbar.md |  2 +-
 ...-allow-pinning-store-app-to-the-taskbar.md |  2 +-
 ...allow-taskbars-on-more-than-one-display.md |  2 +-
 ...ems-in-jump-lists-from-remote-locations.md |  2 +-
 .../taskbar/includes/hide-recent-jumplists.md |  4 +-
 .../includes/hide-the-notification-area.md    |  2 +-
 .../includes/hide-the-taskview-button.md      |  4 +-
 .../includes/lock-all-taskbar-settings.md     |  2 +-
 .../taskbar/includes/lock-the-taskbar.md      |  2 +-
 ...nges-to-taskbar-and-start-menu-settings.md |  2 +-
 .../prevent-grouping-of-taskbar-items.md      |  2 +-
 ...-users-from-adding-or-removing-toolbars.md |  2 +-
 ...taskbar-to-another-screen-dock-location.md |  2 +-
 ...prevent-users-from-rearranging-toolbars.md |  2 +-
 ...prevent-users-from-resizing-the-taskbar.md |  2 +-
 ...ss-to-the-context-menus-for-the-taskbar.md |  2 +-
 ...clock-from-the-system-notification-area.md |  2 +-
 .../remove-notifications-and-action-center.md |  2 +-
 ...remove-pinned-programs-from-the-taskbar.md |  2 +-
 .../taskbar/includes/remove-quick-settings.md |  2 +-
 .../includes/remove-the-battery-meter.md      |  2 +-
 .../includes/remove-the-meet-now-icon.md      |  2 +-
 .../includes/remove-the-networking-icon.md    |  2 +-
 .../remove-the-people-bar-from-the-taskbar.md |  2 +-
 .../remove-the-volume-control-icon.md         |  2 +-
 .../includes/show-additional-calendar.md      |  2 +-
 .../simplify-quick-settings-layout.md         |  2 +-
 ...on-of-notification-icons-to-the-taskbar.md |  2 +-
 .../turn-off-notification-area-cleanup.md     |  2 +-
 windows/configuration/taskbar/pinned-apps.md  |  4 ++
 36 files changed, 41 insertions(+), 79 deletions(-)

diff --git a/windows/configuration/start/layout.md b/windows/configuration/start/layout.md
index 8a771280ae..30baa389a1 100644
--- a/windows/configuration/start/layout.md
+++ b/windows/configuration/start/layout.md
@@ -649,45 +649,3 @@ When you configure the Start layout with policy settings, you overwrite the enti
 [MEM-1]: /mem/intune/configuration/custom-settings-windows-10
 [PS-1]: /powershell/module/startlayout/export-startlayout
 [WIN-1]: /windows/client-management/mdm/policy-csp-start
-
-
-<!--
-## Add image for secondary Microsoft Edge tiles
-
-App tiles are the Start screen tiles that represent and launch an app. A tile that allows a user to go to a specific location in an app is a *secondary tile*. Some examples of secondary tiles include:
-
-- Weather updates for a specific city in a weather app
-- A summary of upcoming events in a calendar app
-- Status and updates from an important contact in a social app
-- A website in Microsoft Edge
-
-By using the PowerShell cmdlet `export-StartLayoutEdgeAssets` and the policy setting `ImportEdgeAssets`, the tiles display the same as they did on the device from which you exported the Start layout.
-
-[!INCLUDE [example-secondary-tiles](includes/example-secondary-tiles.md)]
-
-## Export Start layout and assets
-
-1. If you'd like to change the image for a secondary tile to your own custom image, open the layout.xml file, and look for the images that the tile references.
-   - For example, your layout.xml contains `Square150x150LogoUri="ms-appdata:///local/PinnedTiles/21581260870/hires.png" Wide310x150LogoUri="ms-appx:///"`
-
-   - Open `C:\Users\<username>\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\21581260870\` and replace those images with your customized images.
-
-1. In Windows PowerShell, enter the following command:
-
-    ```powershell
-    Export-StartLayoutEdgeAssets assets.xml
-    ```
-
-[!INCLUDE [example-assets](includes/example-assets.md)]
-
-## Configure policy settings
-
-Prepare the Start layout and Edge assets XML files
-
-The `Export-StartLayout` and **export-StartLayoutEdgeAssets** cmdlets produce XML files. Because Windows Configuration Designer produces a customizations.xml file that contains the configuration settings, adding the Start layout and Edge assets sections to the customizations.xml file directly would result in an XML file embedded in an XML file. Before you add the Start layout and Edge assets sections to the customizations.xml file, you must replace the markup characters in your layout.xml with escape characters.
-
-1. Copy the contents of layout.xml into an online tool that escapes characters.
-1. Copy the contents of assets.xml into an online tool that escapes characters.
-1. When you create a provisioning package, you'll copy the text with the escape characters and paste it in the customizations.xml file for your project.
-
--->
diff --git a/windows/configuration/taskbar/includes/allow-widgets.md b/windows/configuration/taskbar/includes/allow-widgets.md
index 83a0bb12e7..7033aec825 100644
--- a/windows/configuration/taskbar/includes/allow-widgets.md
+++ b/windows/configuration/taskbar/includes/allow-widgets.md
@@ -15,4 +15,4 @@ This policy specifies whether the widgets feature is allowed on the device.
 |  | Path |
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/Policy/Config/NewsAndInterests/`[AllowNewsAndInterests](/windows/client-management/mdm/policy-csp-newsandinterests#allownewsandinterests) |
-| **GPO** | **Computer Configuration**  > **Administrative Templates** > **Windows Components** > **Widgets** |
+| **GPO** | - **Computer Configuration**  > **Administrative Templates** > **Windows Components** > **Widgets** |
diff --git a/windows/configuration/taskbar/includes/configure-start-layout.md b/windows/configuration/taskbar/includes/configure-start-layout.md
index 7edd14def2..ce75e3d6df 100644
--- a/windows/configuration/taskbar/includes/configure-start-layout.md
+++ b/windows/configuration/taskbar/includes/configure-start-layout.md
@@ -13,7 +13,7 @@ This policy setting lets you specify the applications pinned to the taskbar. The
 
 |  | Path |
 |--|--|
-| **CSP** | - `./Device/Vendor/MSFT/Policy/Config/Start/StartLayout`/[Configure start layout](/windows/client-management/mdm/policy-csp-start#startlayout)<br><br>- `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`/[Configure start layout](/windows/client-management/mdm/policy-csp-start#startlayout) |
-| **GPO** | **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br> **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **CSP** | - `./Device/Vendor/MSFT/Policy/Config/Start/StartLayout`/[Configure start layout](/windows/client-management/mdm/policy-csp-start#startlayout)<br>- `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`/[Configure start layout](/windows/client-management/mdm/policy-csp-start#startlayout) |
+| **GPO** | - **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
 
 For more information, see [Customize the taskbar pinned applications](../pinned-apps.md).
diff --git a/windows/configuration/taskbar/includes/configures-search-on-the-taskbar.md b/windows/configuration/taskbar/includes/configures-search-on-the-taskbar.md
index 3382db1ac7..5e009d1125 100644
--- a/windows/configuration/taskbar/includes/configures-search-on-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/configures-search-on-the-taskbar.md
@@ -18,4 +18,4 @@ This policy setting allows you to configure search on the taskbar.
 |  | Path |
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/Policy/Config/Search/`[ConfigureSearchOnTaskbarMode](/windows/client-management/mdm/policy-csp-search#configuresearchontaskbarmode) |
-| **GPO** | **Computer Configuration**  > **Windows Components** > **Search** |
+| **GPO** | - **Computer Configuration**  > **Windows Components** > **Search** |
diff --git a/windows/configuration/taskbar/includes/disable-editing-quick-settings.md b/windows/configuration/taskbar/includes/disable-editing-quick-settings.md
index d1f29ba96d..e57bff141e 100644
--- a/windows/configuration/taskbar/includes/disable-editing-quick-settings.md
+++ b/windows/configuration/taskbar/includes/disable-editing-quick-settings.md
@@ -13,4 +13,4 @@ ms.topic: include
 |  | Path |
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[DisableEditingQuickSettings](/windows/client-management/mdm/policy-csp-start#disableeditingquicksettings)|
-| **GPO** | **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Disable editing quick settings** |
+| **GPO** | - **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Disable editing quick settings** |
diff --git a/windows/configuration/taskbar/includes/do-not-allow-pinning-items-in-jump-lists.md b/windows/configuration/taskbar/includes/do-not-allow-pinning-items-in-jump-lists.md
index 22d26069ab..9813a70d10 100644
--- a/windows/configuration/taskbar/includes/do-not-allow-pinning-items-in-jump-lists.md
+++ b/windows/configuration/taskbar/includes/do-not-allow-pinning-items-in-jump-lists.md
@@ -15,4 +15,4 @@ With this policy setting you control the pinning of items in Jump Lists.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/do-not-allow-pinning-programs-to-the-taskbar.md b/windows/configuration/taskbar/includes/do-not-allow-pinning-programs-to-the-taskbar.md
index 70b4320f49..8017676f8c 100644
--- a/windows/configuration/taskbar/includes/do-not-allow-pinning-programs-to-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/do-not-allow-pinning-programs-to-the-taskbar.md
@@ -15,4 +15,4 @@ This policy setting allows you to control pinning programs to the Taskbar.
 |  | Path |
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[NoPinningToTaskbar](/windows/client-management/mdm/policy-csp-start#nopinningtotaskbar) |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/do-not-allow-pinning-store-app-to-the-taskbar.md b/windows/configuration/taskbar/includes/do-not-allow-pinning-store-app-to-the-taskbar.md
index a394034ed7..bdfd18c8cc 100644
--- a/windows/configuration/taskbar/includes/do-not-allow-pinning-store-app-to-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/do-not-allow-pinning-store-app-to-the-taskbar.md
@@ -15,4 +15,4 @@ This policy setting allows you to control pinning the Store app to the Taskbar.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/do-not-allow-taskbars-on-more-than-one-display.md b/windows/configuration/taskbar/includes/do-not-allow-taskbars-on-more-than-one-display.md
index 7766466c8c..4d42fdee7d 100644
--- a/windows/configuration/taskbar/includes/do-not-allow-taskbars-on-more-than-one-display.md
+++ b/windows/configuration/taskbar/includes/do-not-allow-taskbars-on-more-than-one-display.md
@@ -12,4 +12,4 @@ This policy setting allows you to prevent taskbars from being displayed on more
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/do-not-display-or-track-items-in-jump-lists-from-remote-locations.md b/windows/configuration/taskbar/includes/do-not-display-or-track-items-in-jump-lists-from-remote-locations.md
index fb0d96e2d0..a91be73b37 100644
--- a/windows/configuration/taskbar/includes/do-not-display-or-track-items-in-jump-lists-from-remote-locations.md
+++ b/windows/configuration/taskbar/includes/do-not-display-or-track-items-in-jump-lists-from-remote-locations.md
@@ -18,4 +18,4 @@ This policy setting allows you to control displaying or tracking items in Jump L
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/hide-recent-jumplists.md b/windows/configuration/taskbar/includes/hide-recent-jumplists.md
index 67c433344f..8e4ad2a207 100644
--- a/windows/configuration/taskbar/includes/hide-recent-jumplists.md
+++ b/windows/configuration/taskbar/includes/hide-recent-jumplists.md
@@ -19,5 +19,5 @@ Prevents the operating system and installed programs from creating and displayin
 
 |  | Path |
 |--|--|
-| **CSP** | - `./Device/Vendor/MSFT/Policy/Config/Start/`[HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists)<br><br>- `./User/Vendor/MSFT/Policy/Config/Start/`[HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists) |
-| **GPO** | **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **don't keep history of recently opened documents**<br><br> **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **don't keep history of recently opened documents**|
+| **CSP** | - `./Device/Vendor/MSFT/Policy/Config/Start/`[HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists)<br>- `./User/Vendor/MSFT/Policy/Config/Start/`[HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists) |
+| **GPO** | - **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **don't keep history of recently opened documents**<br>- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **don't keep history of recently opened documents**|
diff --git a/windows/configuration/taskbar/includes/hide-the-notification-area.md b/windows/configuration/taskbar/includes/hide-the-notification-area.md
index 1313ae901b..f7f8b3f04d 100644
--- a/windows/configuration/taskbar/includes/hide-the-notification-area.md
+++ b/windows/configuration/taskbar/includes/hide-the-notification-area.md
@@ -12,4 +12,4 @@ This setting affects the notification area (previously called the "system tray")
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/hide-the-taskview-button.md b/windows/configuration/taskbar/includes/hide-the-taskview-button.md
index aa95d9a03f..567f130a95 100644
--- a/windows/configuration/taskbar/includes/hide-the-taskview-button.md
+++ b/windows/configuration/taskbar/includes/hide-the-taskview-button.md
@@ -11,5 +11,5 @@ This policy setting allows you to hide the TaskView button. If you enable this p
 
 |  | Path |
 |--|--|
-| **CSP** |- `./Device/Vendor/MSFT/Policy/Config/Start/`[HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton) <br><br>- `./User/Vendor/MSFT/Policy/Config/Start/`[HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton) |
-| **GPO** |- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **CSP** |- `./Device/Vendor/MSFT/Policy/Config/Start/`[HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton) <br>- `./User/Vendor/MSFT/Policy/Config/Start/`[HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton) |
+| **GPO** |- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/lock-all-taskbar-settings.md b/windows/configuration/taskbar/includes/lock-all-taskbar-settings.md
index 59e7e89884..981e828059 100644
--- a/windows/configuration/taskbar/includes/lock-all-taskbar-settings.md
+++ b/windows/configuration/taskbar/includes/lock-all-taskbar-settings.md
@@ -15,4 +15,4 @@ With this policy setting you lock all taskbar settings.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/lock-the-taskbar.md b/windows/configuration/taskbar/includes/lock-the-taskbar.md
index 2f5694702d..93986d5626 100644
--- a/windows/configuration/taskbar/includes/lock-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/lock-the-taskbar.md
@@ -12,4 +12,4 @@ This setting affects the taskbar, which is used to switch between running applic
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/prevent-changes-to-taskbar-and-start-menu-settings.md b/windows/configuration/taskbar/includes/prevent-changes-to-taskbar-and-start-menu-settings.md
index a159c12d82..07b9780bb7 100644
--- a/windows/configuration/taskbar/includes/prevent-changes-to-taskbar-and-start-menu-settings.md
+++ b/windows/configuration/taskbar/includes/prevent-changes-to-taskbar-and-start-menu-settings.md
@@ -15,4 +15,4 @@ With this policy setting you prevent changes to taskbar and Start settings.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/prevent-grouping-of-taskbar-items.md b/windows/configuration/taskbar/includes/prevent-grouping-of-taskbar-items.md
index eb97a11ff8..8fdaf1d499 100644
--- a/windows/configuration/taskbar/includes/prevent-grouping-of-taskbar-items.md
+++ b/windows/configuration/taskbar/includes/prevent-grouping-of-taskbar-items.md
@@ -15,4 +15,4 @@ Taskbar grouping consolidates similar applications when there's no room on the t
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/prevent-users-from-adding-or-removing-toolbars.md b/windows/configuration/taskbar/includes/prevent-users-from-adding-or-removing-toolbars.md
index da36dcc670..bfd489e4ba 100644
--- a/windows/configuration/taskbar/includes/prevent-users-from-adding-or-removing-toolbars.md
+++ b/windows/configuration/taskbar/includes/prevent-users-from-adding-or-removing-toolbars.md
@@ -15,4 +15,4 @@ With this policy setting you prevent users from adding or removing toolbars.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/prevent-users-from-moving-taskbar-to-another-screen-dock-location.md b/windows/configuration/taskbar/includes/prevent-users-from-moving-taskbar-to-another-screen-dock-location.md
index 953135ecf3..34d6cbff58 100644
--- a/windows/configuration/taskbar/includes/prevent-users-from-moving-taskbar-to-another-screen-dock-location.md
+++ b/windows/configuration/taskbar/includes/prevent-users-from-moving-taskbar-to-another-screen-dock-location.md
@@ -15,4 +15,4 @@ With this policy setting you prevent users from moving taskbar to another screen
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/prevent-users-from-rearranging-toolbars.md b/windows/configuration/taskbar/includes/prevent-users-from-rearranging-toolbars.md
index 0e64eb8a09..801b804b91 100644
--- a/windows/configuration/taskbar/includes/prevent-users-from-rearranging-toolbars.md
+++ b/windows/configuration/taskbar/includes/prevent-users-from-rearranging-toolbars.md
@@ -15,4 +15,4 @@ With this policy setting you prevent users from rearranging toolbars.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/prevent-users-from-resizing-the-taskbar.md b/windows/configuration/taskbar/includes/prevent-users-from-resizing-the-taskbar.md
index cddb749761..8796175a15 100644
--- a/windows/configuration/taskbar/includes/prevent-users-from-resizing-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/prevent-users-from-resizing-the-taskbar.md
@@ -15,4 +15,4 @@ With this policy setting you prevent users from resizing the taskbar.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/remove-access-to-the-context-menus-for-the-taskbar.md b/windows/configuration/taskbar/includes/remove-access-to-the-context-menus-for-the-taskbar.md
index 5ff72e3932..a79bd60c89 100644
--- a/windows/configuration/taskbar/includes/remove-access-to-the-context-menus-for-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/remove-access-to-the-context-menus-for-the-taskbar.md
@@ -17,4 +17,4 @@ This policy setting doesn't prevent users from using other methods to issue the
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/remove-clock-from-the-system-notification-area.md b/windows/configuration/taskbar/includes/remove-clock-from-the-system-notification-area.md
index 569921f889..ee455afcd7 100644
--- a/windows/configuration/taskbar/includes/remove-clock-from-the-system-notification-area.md
+++ b/windows/configuration/taskbar/includes/remove-clock-from-the-system-notification-area.md
@@ -13,4 +13,4 @@ ms.topic: include
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/remove-notifications-and-action-center.md b/windows/configuration/taskbar/includes/remove-notifications-and-action-center.md
index 850a20179f..d141649c74 100644
--- a/windows/configuration/taskbar/includes/remove-notifications-and-action-center.md
+++ b/windows/configuration/taskbar/includes/remove-notifications-and-action-center.md
@@ -17,4 +17,4 @@ The notification area is located at the far right end of the taskbar, and includ
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/remove-pinned-programs-from-the-taskbar.md b/windows/configuration/taskbar/includes/remove-pinned-programs-from-the-taskbar.md
index 069de94c04..901e8f2402 100644
--- a/windows/configuration/taskbar/includes/remove-pinned-programs-from-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/remove-pinned-programs-from-the-taskbar.md
@@ -15,4 +15,4 @@ This policy setting allows you to remove pinned programs from the taskbar.
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br><br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**<br>- **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/remove-quick-settings.md b/windows/configuration/taskbar/includes/remove-quick-settings.md
index 55eaca637d..58e2e01069 100644
--- a/windows/configuration/taskbar/includes/remove-quick-settings.md
+++ b/windows/configuration/taskbar/includes/remove-quick-settings.md
@@ -17,4 +17,4 @@ If this setting is enabled, Quick Settings isn't displayed in the Quick Settings
 |  | Path |
 |--|--|
 | **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/`[DisableControlCenter](/windows/client-management/mdm/policy-csp-start#disablecontrolcenter) |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/remove-the-battery-meter.md b/windows/configuration/taskbar/includes/remove-the-battery-meter.md
index 445dba6aa5..5eac19f260 100644
--- a/windows/configuration/taskbar/includes/remove-the-battery-meter.md
+++ b/windows/configuration/taskbar/includes/remove-the-battery-meter.md
@@ -15,4 +15,4 @@ With this policy setting you can remove the battery meter from the system contro
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/remove-the-meet-now-icon.md b/windows/configuration/taskbar/includes/remove-the-meet-now-icon.md
index 75cd22365b..e0ed92dcbb 100644
--- a/windows/configuration/taskbar/includes/remove-the-meet-now-icon.md
+++ b/windows/configuration/taskbar/includes/remove-the-meet-now-icon.md
@@ -15,4 +15,4 @@ With this policy setting allows you can remove the Meet Now icon from the system
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/remove-the-networking-icon.md b/windows/configuration/taskbar/includes/remove-the-networking-icon.md
index a1825e5f0e..18f8a0d6ba 100644
--- a/windows/configuration/taskbar/includes/remove-the-networking-icon.md
+++ b/windows/configuration/taskbar/includes/remove-the-networking-icon.md
@@ -15,4 +15,4 @@ With this policy setting you can remove the networking icon from the system cont
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/remove-the-people-bar-from-the-taskbar.md b/windows/configuration/taskbar/includes/remove-the-people-bar-from-the-taskbar.md
index 679df69fde..9a07b3ea06 100644
--- a/windows/configuration/taskbar/includes/remove-the-people-bar-from-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/remove-the-people-bar-from-the-taskbar.md
@@ -12,4 +12,4 @@ With this policy allows you can remove the People Bar from the taskbar and disab
 |  | Path |
 |--|--|
 | **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/`[HidePeopleBar](/windows/client-management/mdm/policy-csp-start#hidepeoplebar) |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/remove-the-volume-control-icon.md b/windows/configuration/taskbar/includes/remove-the-volume-control-icon.md
index 8e34ed3d84..b1c847e81c 100644
--- a/windows/configuration/taskbar/includes/remove-the-volume-control-icon.md
+++ b/windows/configuration/taskbar/includes/remove-the-volume-control-icon.md
@@ -15,4 +15,4 @@ With this policy setting you can remove the volume control icon from the system
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/show-additional-calendar.md b/windows/configuration/taskbar/includes/show-additional-calendar.md
index 39ecd45a89..8198012d72 100644
--- a/windows/configuration/taskbar/includes/show-additional-calendar.md
+++ b/windows/configuration/taskbar/includes/show-additional-calendar.md
@@ -19,4 +19,4 @@ By default, the calendar is set according to the locale of the operating system,
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/simplify-quick-settings-layout.md b/windows/configuration/taskbar/includes/simplify-quick-settings-layout.md
index ea3d57141e..bce9e7ab7d 100644
--- a/windows/configuration/taskbar/includes/simplify-quick-settings-layout.md
+++ b/windows/configuration/taskbar/includes/simplify-quick-settings-layout.md
@@ -13,4 +13,4 @@ ms.topic: include
 |  | Path |
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[SimplifyQuickSettings](/windows/client-management/mdm/policy-csp-start#simplifyquicksettings) |
-| **GPO** | **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/turn-off-automatic-promotion-of-notification-icons-to-the-taskbar.md b/windows/configuration/taskbar/includes/turn-off-automatic-promotion-of-notification-icons-to-the-taskbar.md
index 4e9527beef..9642aecd96 100644
--- a/windows/configuration/taskbar/includes/turn-off-automatic-promotion-of-notification-icons-to-the-taskbar.md
+++ b/windows/configuration/taskbar/includes/turn-off-automatic-promotion-of-notification-icons-to-the-taskbar.md
@@ -15,4 +15,4 @@ With this policy setting you can turn off automatic promotion of notification ic
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/includes/turn-off-notification-area-cleanup.md b/windows/configuration/taskbar/includes/turn-off-notification-area-cleanup.md
index 56f39f1f65..6150f80740 100644
--- a/windows/configuration/taskbar/includes/turn-off-notification-area-cleanup.md
+++ b/windows/configuration/taskbar/includes/turn-off-notification-area-cleanup.md
@@ -18,4 +18,4 @@ This setting determines whether the items are always expanded or always collapse
 |  | Path |
 |--|--|
 | **CSP** | Not available. |
-| **GPO** | **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+| **GPO** | - **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
diff --git a/windows/configuration/taskbar/pinned-apps.md b/windows/configuration/taskbar/pinned-apps.md
index d38c8a7d60..f7cbe59725 100644
--- a/windows/configuration/taskbar/pinned-apps.md
+++ b/windows/configuration/taskbar/pinned-apps.md
@@ -231,3 +231,7 @@ If you apply the taskbar configuration to a clean install or an update, users ca
 Learn more about the options available to configure Start menu settings using the Configuration Service Provider (CSP) and Group Policy (GPO):
 
 - [Taskbar policy settings](policy-settings.md)
+
+---
+[WIN-1]: /windows/client-management/mdm/policy-csp-start
+[MEM-1]: /mem/intune/configuration/custom-settings-windows-10

From 5ec88ce68255f99b4a4b70ce44111b1c7297cf3d Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Mon, 3 Jun 2024 08:54:18 -0700
Subject: [PATCH 14/16] ntlm dep

---
 windows/whats-new/deprecated-features-resources.md | 2 +-
 windows/whats-new/deprecated-features.md           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md
index 96fa6e0a29..3e79887cbe 100644
--- a/windows/whats-new/deprecated-features-resources.md
+++ b/windows/whats-new/deprecated-features-resources.md
@@ -1,7 +1,7 @@
 ---
 title: Resources for deprecated features in the Windows client
 description: Resources and details for deprecated features in the Windows client.
-ms.date: 04/19/2024
+ms.date: 06/03/2024
 ms.service: windows-client
 ms.subservice: itpro-fundamentals
 ms.localizationpriority: medium
diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index 1f929001b1..62fe325980 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -1,7 +1,7 @@
 ---
 title: Deprecated features in the Windows client
 description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11.
-ms.date: 05/30/2024
+ms.date: 06/03/2024
 ms.service: windows-client
 ms.subservice: itpro-fundamentals
 ms.localizationpriority: medium

From 09b0bdcf39467d79a46644bcd01407209d50707f Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Mon, 3 Jun 2024 08:58:23 -0700
Subject: [PATCH 15/16] june rather than may

---
 windows/whats-new/deprecated-features.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index 62fe325980..0a7bbc5918 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -47,7 +47,7 @@ The features in this article are no longer being actively developed, and might b
 
 | Feature | Details and mitigation  | Deprecation announced |
 |---|---|---|
-| NTLM <!--8396018-->| All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | May 2024 |
+| NTLM <!--8396018-->| All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | June 2024 |
 | Driver Verifier GUI (verifiergui.exe) <!--8995057--> | Driver Verifier GUI, verifiergui.exe, is deprecated and will be removed in a future version of Windows. You can use the [Verifier Command Line](/windows-hardware/drivers/devtest/verifier-command-line) (verifier.exe) instead of the Driver Verifier GUI.| May 2024 | 
 | NPLogonNotify and NPPasswordChangeNotify APIs <!--8787264--> | Starting in Windows 11, version 24H2, the inclusion of password payload in MPR notifications is set to disabled by default through group policy in [NPLogonNotify](/windows/win32/api/npapi/nf-npapi-nplogonnotify) and [NPPasswordChangeNotify](/windows/win32/api/npapi/nf-npapi-nppasswordchangenotify) APIs. The APIs may be removed in a future release. The primary reason for disabling this feature is to enhance security. When enabled, these APIs allow the caller to retrieve a user's password, presenting potential risks for password exposure and harvesting by malicious users. To include password payload in MPR notifications, set the [EnableMPRNotifications](/windows/client-management/mdm/policy-csp-windowslogon#enablemprnotifications) policy to `enabled`.| March 2024 |
 | TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits <!--8644149-->| Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see [Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows. </br></br> TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| March 2024|

From 39c02a42eec5320fc3cc6b2cb21c2e7ce7cf3165 Mon Sep 17 00:00:00 2001
From: "[cmknox]" <[cmknox@gmail.com]>
Date: Mon, 3 Jun 2024 10:26:43 -0600
Subject: [PATCH 16/16] Minor update

---
 windows/deployment/do/whats-new-do.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/do/whats-new-do.md b/windows/deployment/do/whats-new-do.md
index 0f9840b7ed..b750903a23 100644
--- a/windows/deployment/do/whats-new-do.md
+++ b/windows/deployment/do/whats-new-do.md
@@ -35,7 +35,7 @@ There are two different versions:
 
 ### General
 
-[Check out](https://aka.ms/do-fix) the new Delivery Optimization Troubleshooter. This tool provides a device health check to verify the device is set up properly to use Delivery Optimization. To scope the output more specifically, use one of the two switches:
+[Check out](https://aka.ms/do-fix) the new Delivery Optimization Troubleshooter. This tool provides a device health check to verify the device is set up properly to use Delivery Optimization. To scope the output more specifically, use one of the available switches:
 
 - -HealthCheck: Provides an overall check of the device setup to ensure Delivery Optimization communication is possible on the device.
 - -P2P: Provides output specific to P2P settings, efficiency, and errors.