Merge branch 'master' into v-benzyd-5358673

2025-05-13 05:47:23 +00:00 · 2021-08-24 22:48:26 +05:30 · 2021-08-24 22:48:26 +05:30 · 93f73639d4
commit 93f73639d4
parent 8fa4270748 1a99ba659b
13 changed files with 42 additions and 218 deletions
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@ -8446,8 +8446,8 @@
      "redirect_document_id": false
    },
    {
-      "source_path": "windows/deploy/upgrade-windows-phone-8-1-to-10.md",
+      "source_path": "windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10",
+      "redirect_url": "/windows/deployment/upgrade/windows-10-edition-upgrades",
      "redirect_document_id": false
    },
    {
@ -18950,16 +18950,6 @@
      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/client-management/windows-10-mobile-and-mdm.md",
      "redirect_url": "/windows/client-management/index",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/application-management/deploy-app-upgrades-windows-10-mobile.md",
      "redirect_url": "/windows/application-management/index",
      "redirect_document_id": false
    }
 	    ]
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@ -817,6 +817,7 @@ The following list shows the supported values:
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
@ -883,6 +884,7 @@ The following list shows the supported values:
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
@ -1440,6 +1442,7 @@ To validate on Desktop, do the following:
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
--- a/windows/deployment/update/change-history-for-update-windows-10.md
+++ b/windows/deployment/update/change-history-for-update-windows-10.md
@ -1,6 +1,6 @@
 ---
 title: Change history for Update Windows 10 (Windows 10)
-description: This topic lists new and updated topics in the Update Windows 10 documentation for Windows 10 and Windows 10 Mobile.
+description: This topic lists new and updated topics in the Update Windows 10 documentation for Windows 10.
 ms.prod: w10
 ms.mktglfcycl: manage
 audience: itpro
--- a/windows/deployment/update/index.md
+++ b/windows/deployment/update/index.md
@ -16,7 +16,6 @@ ms.topic: article
 **Applies to**
 - Windows 10
 - Windows 10 Mobile
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
--- a/windows/deployment/update/waas-configure-wufb.md
+++ b/windows/deployment/update/waas-configure-wufb.md
@ -30,7 +30,6 @@ You can use Group Policy or your mobile device management (MDM) service to confi
 > [!IMPORTANT]
 > Beginning with Windows 10, version 1903, organizations can use Windows Update for Business policies, regardless of the diagnostic data level chosen. If the diagnostic data level is set to **0 (Security)**, Windows Update for Business policies will still be honored. For instructions, see [Configure the operating system diagnostic data level](/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
 Some Windows Update for Business policies are not applicable or behave differently for devices running Windows 10 Mobile Enterprise. Specifically, policies pertaining to Feature Updates will not be applied to Windows 10 Mobile Enterprise. All Windows 10 Mobile updates are recognized as Quality Updates, and can only be deferred or paused using the Quality Update policy settings. Additional information is provided in this topic.
 ## Start by grouping devices
@ -129,9 +128,6 @@ Quality updates are typically published on the second Tuesday of every month, al
 You can set your system to receive updates for other Microsoft products—known as Microsoft updates (such as Microsoft Office, Visual Studio)—along with Windows updates by setting the **AllowMUUpdateService** policy. When you do this, these Microsoft updates will follow the same deferral and pause rules as all other quality updates.
 >[!IMPORTANT]
 >This policy defers both Feature and Quality Updates on Windows 10 Mobile Enterprise.
 **Policy settings for deferring quality updates**
 | Policy | Sets registry key under HKLM\Software |
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@ -158,7 +158,7 @@ In the Group Policy editor, you will see a number of policy settings that pertai
 | Turn off auto-restart for updates during active hours | ![yes](images/checkmark.png) | Use this policy to configure active hours, during which the device will not be restarted. This policy has no effect if the **No auto-restart with logged on users for scheduled automatic updates installations** or **Always automatically restart at the scheduled time** policies are enabled.  |
 | Always automatically restart at the scheduled time | ![yes](images/checkmark.png) | Use this policy to configure a restart timer (between 15 and 180 minutes) that will start immediately after Windows Update installs important updates. This policy has no effect if the **No auto-restart with logged on users for scheduled automatic updates installations** policy is enabled. |
 | Specify deadline before auto-restart for update installation | ![yes](images/checkmark.png)  | Use this policy to specify how many days (between 2 and 14) an automatic restart can be delayed. This policy has no effect if the **No auto-restart with logged on users for scheduled automatic updates installations** or **Always automatically restart at the scheduled time** policies are enabled.  |
-| No auto-restart with logged on users for scheduled automatic updates installations | ![yes](images/checkmark.png) | Use this policy to prevent automatic restart when a user is logged on. This policy applies only when the **Configure Automatic Updates** policy is configured to perform scheduled installations of updates. <br>There is no equivalent MDM policy setting for Windows 10 Mobile. |
+| No auto-restart with logged on users for scheduled automatic updates installations | ![yes](images/checkmark.png) | Use this policy to prevent automatic restart when a user is logged on. This policy applies only when the **Configure Automatic Updates** policy is configured to perform scheduled installations of updates. |
 | Re-prompt for restart with scheduled installations | ![no](images/crossmark.png) |   |
 | Delay Restart for scheduled installations | ![no](images/crossmark.png) |   |
 | Reschedule Automatic Updates scheduled installations | ![no](images/crossmark.png) |   |
--- a/windows/deployment/upgrade/submit-errors.md
+++ b/windows/deployment/upgrade/submit-errors.md
@ -32,7 +32,7 @@ This topic describes how to submit problems with a Windows 10 upgrade to Microso
 The Feedback Hub app lets you tell Microsoft about any problems you run in to while using Windows 10 and send suggestions to help us improve your Windows experience. Previously, you could only use the Feedback Hub if you were in the Windows Insider Program. Now anyone can use this tool.  You can download the Feedback Hub app from the Microsoft Store [here](https://www.microsoft.com/store/p/feedback-hub/9nblggh4r32n?SilentAuth=1&wa=wsignin1.0).
-The Feedback Hub requires Windows 10 or Windows 10 mobile. If you are having problems upgrading from an older version of Windows to Windows 10, you can use the Feedback Hub to submit this information, but you must collect the log files from the legacy operating system and then attach these files to your feedback using a device that is running Windows 10. If you are upgrading to Windows 10 from a previous verion of Windows 10, the Feedback Hub will collect log files automatically.
+The Feedback Hub requires Windows 10. If you are having problems upgrading from an older version of Windows to Windows 10, you can use the Feedback Hub to submit this information, but you must collect the log files from the legacy operating system and then attach these files to your feedback using a device that is running Windows 10. If you are upgrading to Windows 10 from a previous version of Windows 10, the Feedback Hub will collect log files automatically.
 ## Submit feedback
@ -69,7 +69,7 @@ After you click Submit, that's all you need to do. Microsoft will receive your f
 After your feedback is submitted, you can email or post links to it by opening the Feedback Hub, clicking My feedback at the top, clicking the feedback item you submitted, clicking **Share**, then copying the short link that is displayed.
-![share](../images/share.jpg) 
+![share link](../images/share.jpg) 
 ## Related topics
--- a/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md
+++ b/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md
@ -1,110 +0,0 @@
 ---
 title: Upgrade Windows Phone 8.1 to Windows 10 Mobile in an MDM environment (Windows 10)
 ms.reviewer: 
 manager: laurawi
 ms.author: greglin
 description: This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using MDM. 
 keywords: upgrade, update, windows, phone, windows 10, mdm, mobile
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: mdm
 audience: itpro
 author: greg-lindsay
 ms.topic: article
 ---
 # Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management (MDM)
 **Applies to**
 -   Windows 10 Mobile
 ## Summary
 This article describes how system administrators can upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using [Mobile Device Management](/windows/client-management/mdm/) (MDM). 
 >[!IMPORTANT]
 >If you are not a system administrator, see the [Windows 10 Mobile Upgrade & Updates](https://www.microsoft.com/windows/windows-10-mobile-upgrade) page for details about updating your Windows 8.1 Mobile device to Windows 10 Mobile using the [Upgrade Advisor](https://www.microsoft.com/store/p/upgrade-advisor/9nblggh0f5g4).
 ## Upgrading with MDM
 The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. To determine if the device is eligible for an upgrade with MDM, see the [How to determine whether an upgrade is available for a device](#howto-upgrade-available) topic in this article. An eligible device must opt-in to be offered the upgrade. For consumers, the Windows 10 Mobile Upgrade Advisor app is available from the Windows Store to perform the opt-in. For Enterprises, Microsoft is offering a centralized management solution through MDM that can push a management policy to each eligible device to perform the opt-in.
 If you use a list of allowed applications (an app allowlist) with MDM, verify that system applications are allow-listed before you upgrade to Windows 10 Mobile. Also, be aware that there are [known issues](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management) with app allowlists that could adversely affect the device after you upgrade.
 Some enterprises might want to control the availability of the Windows 10 Mobile upgrade to their users. With the opt-in model, the enterprise can block the Upgrade Advisor app to prevent their users from upgrading prematurely. For more information about how to restrict the Upgrade Advisor app, see the [How to restrict the Upgrade Advisor app](#howto-restrict) section in this article. Enterprises that have restricted the Upgrade Advisor app can use the solution described in this article to select the upgrade timing on a per-device basis.
 ## More information
 To provide enterprises with a solution that's independent of the Upgrade Advisor, a new registry key in the registry configuration service provider (CSP) is available. A special GUID key value is defined. When Microsoft Update (MU) detects the presence of the registry key value on a device, any available upgrade will be made available to the device.
 ### Prerequisites
 - Windows Phone 8.1 device with an available upgrade to Windows 10 Mobile.
 - Device connected to Wi-Fi or cellular network to perform scan for upgrade.
 - Device is already enrolled with an MDM session.
 - Device is able to receive the management policy.
 - MDM is capable of pushing the management policy to devices. Minimum version numbers for some popular MDM providers that support this solution are: InTune: 5.0.5565, AirWatch: 8.2, Mobile Iron: 9.0.
 ### Instructions for the MDM server
 The registry CSP is used to push the GUID value to the following registry key for which the Open Mobile Alliance (OMA) Device Management (DM) client has Read/Write access and for which the Device Update service has Read access.
 ```
 [HKLM\Software\Microsoft\Provisioning\OMADM] 
 "EnterpriseUpgrade"="d369c9b6-2379-466d-9162-afc53361e3c2”
 ```
 The complete SyncML command for the solution is as follows. Note: The SyncML may vary, depending on your MDM solution.
 ```
 SyncML xmlns="SYNCML:SYNCML1.1"> 
  <SyncBody>
    <Add>
      <CmdID>250</CmdID>
      <Item>
        <Target>
          <LocURI>./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/EnterpriseUpgrade</LocURI>
        </Target>
        <Meta>
          <Format xmlns=”syncml:metinf”>chr</Format>
        </Meta>
        <Data>d369c9b6-2379-466d-9162-afc53361e3c2</Data>
      </Item>
    </Add>
    <Final/>
  </SyncBody>
 </SyncML>
 ```
 The OMA DM server policy description is provided in the following table:
 |Item |Setting |
 |------|------------|
 | OMA-URI  |./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/EnterpriseUpgrade |
 | Data Type  |String |
 | Value  |d369c9b6-2379-466d-9162-afc53361e3c2 |
 After the device consumes the policy, it will be able to receive an available upgrade.
 To disable the policy, delete the **OMADM** registry key or set the **EnterpriseUpgrade** string value to anything other than the GUID.
 ### How to determine whether an upgrade is available for a device <a id="howto-upgrade-available"></a>
 The Windows 10 Mobile Upgrade Advisor app is not designed or intended for Enterprise customers who want to automate the upgrade process. However, the Windows 10 Mobile Upgrade Advisor app is the best mechanism to determine when an upgrade is available. The app dynamically queries whether the upgrade is released for this device model and associated mobile operator (MO).
 We recommend that enterprises use a pilot device with the Windows 10 Mobile Upgrade Advisor app installed. The pilot device provides the device model and MO used by the enterprise. When you run the app on the pilot device, it will tell you that either an upgrade is available, that the device is eligible for upgrade, or that an upgrade is not available for this device.
 Note: The availability of Windows 10 Mobile as an update for existing Windows Phone 8.1 devices varies by device manufacturer, device model, country or region, mobile operator or service provider, hardware limitations, and other factors. To check for compatibility and other important installation information, see the [Windows 10 Mobile FAQ](https://support.microsoft.com/help/10599/windows-10-mobile-how-to-get) page.
 ### How to restrict the Upgrade Advisor app <a id="howto-restrict"></a>
 Some enterprises may want to block their users from installing the Windows 10 Mobile Upgrade Advisor app. With Windows Phone 8.1, you can allow or deny individual apps by adding specific app publishers or the app globally unique identifier (GUID) from the Window Phone Store to an allow or deny XML list. The GUID for a particular application can be found in the URL for the app in the phone store. For example, the GUID to the Windows 10 Mobile Upgrade Adviser (fbe47e4f-7769-4103-910e-dca8c43e0b07) is displayed in the following URL:
 http://windowsphone.com/s?appid=fbe47e4f-7769-4103-910e-dca8c43e0b07
 For more information about how to do this, see [Try it out: restrict Windows Phone 8.1 apps](/previous-versions/windows/it-pro/windows-phone/cc182269(v=technet.10)).
--- a/windows/deployment/upgrade/windows-10-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md
@ -20,7 +20,6 @@ ms.topic: article
 **Applies to**
 -   Windows 10
 -   Windows 10 Mobile
 With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md). Downgrading the edition of Windows is discussed in the [License expiration](#license-expiration) section on this page.
@ -77,15 +76,12 @@ X = unsupported <BR>
 ## Upgrade using mobile device management (MDM)
 - To upgrade desktop editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithProductKey** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](/windows/client-management/mdm/windowslicensing-csp).
 - To upgrade mobile editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithLicense** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](/windows/client-management/mdm/windowslicensing-csp).
 ## Upgrade using a provisioning package
-Use Windows Configuration Designer to create a provisioning package to upgrade a desktop edition or mobile edition of Windows 10. To get started, [install Windows Configuration Designer from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22).
+Use Windows Configuration Designer to create a provisioning package to upgrade a desktop edition. To get started, [install Windows Configuration Designer from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22).
 - To create a provisioning package for upgrading desktop editions of Windows 10, go to **Runtime settings &gt; EditionUpgrade &gt; UpgradeEditionWithProductKey** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
 - To create a provisioning package for upgrading mobile editions of Windows 10, go to **Runtime settings &gt; EditionUpgrade &gt; UpgradeEditionWithLicense** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
 For more info about Windows Configuration Designer, see these topics:
 - [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package)
 - [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package)
@ -169,7 +165,7 @@ You can move directly from Enterprise to any valid destination edition. In this
        <th>Enterprise</th>
    </tr>
    <tr>
-        <th rowspan="9" nowrap="nowrap" valign="middle">Starting edition</th>
+        <th rowspan="9" valign="middle">Starting edition</th>
    </tr>
    <tr>
        <td>Home</td>
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@ -18,7 +18,6 @@ ms.topic: article
 **Applies to**
 -   Windows 10
 -   Windows 10 Mobile
 ## Upgrade paths
@ -49,11 +48,9 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <th>Windows 10 Pro Education</th>
        <th>Windows 10 Education</th>
        <th>Windows 10 Enterprise</th>
        <th>Windows 10 Mobile</th>
        <th>Windows 10 Mobile Enterprise</th>
    </tr>
    <tr>
-        <th rowspan="7" nowrap="nowrap">Windows 7</th>
+        <th rowspan="7">Windows 7</th>
    </tr>
    <tr>
        <td>Starter</td>
@ -62,8 +59,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td>✔</td>
        <td>✔</td>
        <td></td>
        <td></td>
        <td></td>
    </tr>
    <tr>
        <td>Home Basic</td>
@ -72,8 +67,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td>✔</td>
        <td>✔</td>
        <td></td>
        <td></td>
        <td></td>
    </tr>
    <tr>
        <td>Home Premium</td>
@ -82,8 +75,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td>✔</td>
        <td>✔</td>
        <td></td>
        <td></td>
        <td></td>
    </tr>
    <tr>
        <td>Professional</td>
@ -92,8 +83,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td>✔</td>
        <td>✔</td>
        <td>✔</td>
        <td></td>
        <td></td>
    </tr>
    <tr>
        <td>Ultimate</td>
@ -102,8 +91,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td>✔</td>
        <td>✔</td>
        <td>✔</td>
        <td></td>
        <td></td>
    </tr>
    <tr>
        <td>Enterprise</td>
@ -112,11 +99,9 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td></td>
        <td>✔</td>
        <td>✔</td>
        <td></td>
        <td></td>
    </tr>
    <tr>
-        <th rowspan="10" nowrap="nowrap">Windows 8.1</th>
+        <th rowspan="10">Windows 8.1</th>
    </tr>
    <tr>
        <td>(Core)</td>
@ -125,8 +110,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td>✔</td>
        <td>✔</td>
        <td></td>
        <td></td>
        <td></td>
    </tr>
    <tr>
        <td>Connected</td>
@ -135,8 +118,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td>✔</td>
        <td>✔</td>
        <td></td>
        <td></td>
        <td></td>
    </tr>
    <tr>
        <td>Pro</td>
@ -145,8 +126,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td>✔</td>
        <td>✔</td>
        <td>✔</td>
        <td></td>
        <td></td>
    </tr>
    <tr>
        <td>Pro Student</td>
@ -155,8 +134,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td>✔</td>
        <td>✔</td>
        <td>✔</td>
        <td></td>
        <td></td>
    </tr>
    <tr>
        <td>Pro WMC</td>
@ -165,8 +142,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td>✔</td>
        <td>✔</td>
        <td>✔</td>
        <td></td>
        <td></td>
    </tr>
    <tr>
        <td>Enterprise</td>
@ -175,8 +150,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td></td>
        <td>✔</td>
        <td>✔</td>
        <td></td>
        <td></td>
    </tr>
    <tr>
        <td>Embedded Industry</td>
@ -185,8 +158,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td></td>
        <td></td>
        <td>✔</td>
        <td></td>
        <td></td>
    </tr>
    <tr>
        <td>Windows RT</td>
@ -195,8 +166,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td></td>
        <td></td>
        <td></td>
        <td></td>
        <td></td>
    </tr>
    <tr>
        <td>Windows Phone 8.1</td>
@ -205,11 +174,9 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td></td>
        <td></td>
        <td></td>
        <td></td>
        <td>✔</td>
    </tr>
    <tr>
-        <th rowspan="8" nowrap="nowrap">Windows 10</th>
+        <th rowspan="8">Windows 10</th>
    </tr>
    <tr>
        <td>Home</td>
@ -218,8 +185,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td>✔</td>
        <td>✔</td>
        <td></td>
        <td></td>
        <td></td>
    </tr>
    <tr>
        <td>Pro</td>
@ -228,8 +193,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td>✔</td>
        <td>✔</td>
        <td>✔</td>
        <td></td>
        <td></td>
    </tr>
    <tr>
        <td>Education</td>
@ -238,8 +201,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td></td>
        <td></td>
        <td>D</td>
        <td></td>
        <td></td>
    </tr>
    <tr>
        <td>Enterprise</td>
@ -248,18 +209,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
        <td></td>
        <td>✔</td>
        <td></td>
        <td></td>
        <td></td>
    </tr>
    <tr>
        <td>Mobile</td>
        <td></td>
        <td></td>
        <td></td>
        <td></td>
        <td></td>
        <td></td>
        <td>✔</td>
    </tr>
    </table>
--- a/windows/deployment/windows-adk-scenarios-for-it-pros.md
+++ b/windows/deployment/windows-adk-scenarios-for-it-pros.md
@ -73,7 +73,7 @@ For a list of settings you can change, see [Unattended Windows Setup Reference](
 ### Create a Windows image using Windows ICD
-Introduced in Windows 10, [Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd) streamlines the customizing and provisioning of a Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), Windows 10 Mobile, or Windows 10 IoT Core (IoT Core) image.
+Introduced in Windows 10, [Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd) streamlines the customizing and provisioning of a Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) or Windows 10 IoT Core (IoT Core) image.
 Here are some things you can do with Windows ICD:
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@ -4,6 +4,7 @@ description: View a list of recommended block rules, based on knowledge shared b
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 ms.prod: m365-security
 ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@ -14,8 +15,7 @@ author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
-ms.date: 04/09/2019
+ms.date: 08/23/2021
 ms.technology: mde
 ---
 # Microsoft recommended block rules
@ -23,7 +23,7 @@ ms.technology: mde
 **Applies to:**
 - Windows 10
- Windows Server 2016 and above
+- Windows Server 2016 or later
 Members of the security community<sup>*</sup> continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass Windows Defender Application Control. 
@ -71,38 +71,35 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
 <sup>1</sup> A vulnerability in bginfo.exe has been fixed in the latest version 4.22. If you use BGInfo, for security, make sure to download and run the latest version here [BGInfo 4.22](/sysinternals/downloads/bginfo). Note that BGInfo versions earlier than 4.22 are still vulnerable and should be blocked.
-<sup>2</sup> If you are using your reference system in a development context and use msbuild.exe to build managed applications, we recommend that you allow msbuild.exe in your code integrity policies. However, if your reference system is an end user device that is not being used in a development context, we recommend that you block msbuild.exe.
+<sup>2</sup> If you are using your reference system in a development context and use msbuild.exe to build managed applications, we recommend that you allow msbuild.exe in your code integrity policies. However, if your reference system is an end-user device that is not being used in a development context, we recommend that you block msbuild.exe.
-<sup>*</sup> Microsoft recognizes the efforts of those in the security community who help us protect customers through responsible vulnerability disclosure, and extends thanks to the following people:
+<sup>*</sup> Microsoft recognizes the efforts of people in the security community who help us protect customers through responsible vulnerability disclosure, and extends thanks to the following people:
 <br />
 |Name|Twitter|
 |---|---|
-|Casey Smith |@subTee| 
+| `Alex Ionescu` | `@aionescu`|
-|Matt Graeber | @mattifestation| 
+| `Brock Mammen`| |
-|Matt Nelson | @enigma0x3| 
+| `Casey Smith` | `@subTee` | 
-|Oddvar Moe |@Oddvarmoe|
+| `Jimmy Bayne` | `@bohops` |
-|Alex Ionescu | @aionescu|
+| `Lasse Trolle Borup` | `Langkjaer Cyber Defence` |
-|Lee Christensen|@tifkin_|
+| `Lee Christensen` | `@tifkin_` |
-|Vladas Bulavas | Kaspersky Lab |
+| `Matt Graeber` | `@mattifestation` | 
-|Lasse Trolle Borup | Langkjaer Cyber Defence |
+| `Matt Nelson` | `@enigma0x3` | 
-|Jimmy Bayne | @bohops |
+| `Oddvar Moe` | `@Oddvarmoe` |
-|Philip Tsukerman | @PhilipTsukerman |
+| `Philip Tsukerman` | `@PhilipTsukerman` |
-|Brock Mammen| |
+| `Vladas Bulavas` | `Kaspersky Lab` |
 | `William Easton` | `@Strawgate` |
 <br />
 > [!Note]
 > This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. 
-Certain software applications may allow additional code to run by design. 
+Certain software applications may allow other code to run by design. Such applications should be blocked by your Windows Defender Application Control policy. In addition, when an application version is upgraded to fix a security vulnerability or potential Windows Defender Application Control bypass, you should add *deny* rules to your application control policies for that application’s previous, less secure versions.
 These types of applications should be blocked by your Windows Defender Application Control policy. 
 In addition, when an application version is upgraded to fix a security vulnerability or potential Windows Defender Application Control bypass, you should add deny rules to your WDAC policies for that application’s previous, less secure versions. 
-Microsoft recommends that you install the latest security updates. 
+Microsoft recommends that you install the latest security updates. The June 2017 Windows updates resolve several issues in PowerShell modules that allowed an attacker to bypass Windows Defender Application Control. These modules cannot be blocked by name or version, and therefore must be blocked by their corresponding hashes. 
 The June 2017 Windows updates resolve several issues in PowerShell modules that allowed an attacker to bypass Windows Defender Application Control. 
 These modules cannot be blocked by name or version, and therefore must be blocked by their corresponding hashes. 
 For October 2017, we are announcing an update to system.management.automation.dll in which we are revoking older versions by hash values, instead of version rules.
@ -112,7 +109,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
 - msxml6.dll
 - jscript9.dll
-Pick the correct version of each .dll for the Windows release you plan to support, and remove the other versions. Ensure that you also uncomment them in the signing scenarios section.
+Select the correct version of each .dll for the Windows release you plan to support, and remove the other versions. Ensure that you also uncomment them in the signing scenarios section.
 ```xml
 <?xml version="1.0" encoding="utf-8" ?> 
@ -148,6 +145,7 @@ Pick the correct version of each .dll for the Windows release you plan to suppor
  <Deny ID="ID_DENY_BGINFO" FriendlyName="bginfo.exe" FileName="BGINFO.Exe" MinimumFileVersion="4.21.0.0"/> 
  <Deny ID="ID_DENY_CBD" FriendlyName="cdb.exe" FileName="CDB.Exe" MinimumFileVersion="65535.65535.65535.65535"/>
  <Deny ID="ID_DENY_CSI" FriendlyName="csi.exe" FileName="csi.Exe" MinimumFileVersion="65535.65535.65535.65535"/>
  <Deny ID="ID_DENY_CSCRIPT" FriendlyName="cscript.exe" FileName="cscript.exe" MinimumFileVersion = "65535.65535.65535.65535" />
  <Deny ID="ID_DENY_DBGHOST" FriendlyName="dbghost.exe" FileName="DBGHOST.Exe" MinimumFileVersion="2.3.0.0"/> 
  <Deny ID="ID_DENY_DBGSVC" FriendlyName="dbgsvc.exe" FileName="DBGSVC.Exe" MinimumFileVersion="2.3.0.0"/>
  <Deny ID="ID_DENY_DNX" FriendlyName="dnx.exe" FileName="dnx.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
@ -177,6 +175,7 @@ Pick the correct version of each .dll for the Windows release you plan to suppor
  <Deny ID="ID_DENY_WFC" FriendlyName="WFC.exe" FileName="wfc.exe" MinimumFileVersion="65535.65535.65535.65535" />   
  <Deny ID="ID_DENY_WINDBG" FriendlyName="windbg.exe" FileName="windbg.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
  <Deny ID="ID_DENY_WMIC" FriendlyName="wmic.exe" FileName="wmic.exe" MinimumFileVersion="65535.65535.65535.65535"/>
  <Deny ID="ID_DENY_WSCRIPT" FriendlyName="wscript.exe"  FileName="wscript.exe" MinimumFileVersion = "65535.65535.65535.65535" />
  <Deny ID="ID_DENY_WSL" FriendlyName="wsl.exe" FileName="wsl.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
  <Deny ID="ID_DENY_WSLCONFIG" FriendlyName="wslconfig.exe" FileName="wslconfig.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
  <Deny ID="ID_DENY_WSLHOST" FriendlyName="wslhost.exe" FileName="wslhost.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
@ -888,6 +887,7 @@ Pick the correct version of each .dll for the Windows release you plan to suppor
  <FileRuleRef RuleID="ID_DENY_BGINFO"/> 
  <FileRuleRef RuleID="ID_DENY_CBD"/> 
  <FileRuleRef RuleID="ID_DENY_CSI"/> 
  <FileRuleRef RuleID="ID_DENY_CSCRIPT"/>
  <FileRuleRef RuleID="ID_DENY_DBGHOST"/> 
  <FileRuleRef RuleID="ID_DENY_DBGSVC"/> 
  <FileRuleRef RuleID="ID_DENY_DNX"/> 
@ -916,6 +916,7 @@ Pick the correct version of each .dll for the Windows release you plan to suppor
  <FileRuleRef RuleID="ID_DENY_WFC" /> 
  <FileRuleRef RuleID="ID_DENY_WINDBG"/> 
  <FileRuleRef RuleID="ID_DENY_WMIC"/>
  <FileRuleRef RuleID="ID_DENY_WSCRIPT"/>
  <FileRuleRef RuleID="ID_DENY_WSL"/> 
  <FileRuleRef RuleID="ID_DENY_WSLCONFIG"/> 
  <FileRuleRef RuleID="ID_DENY_WSLHOST"/>