Fix broken links in CSPs

windows/client-management/mdm/policy-csp-admx-windowsexplorer.md

@@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsExplorer Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 02/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -4538,7 +4538,7 @@ The first several links will also be pinned to the Start menu. A total of four l
 
 <!-- TryHarderPinnedOpenSearch-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting allows you to add Internet or intranet sites to the "Search again" links located at the bottom of search results in File Explorer and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. The Internet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, <https://www.example.com/results.aspx?q=>{searchTerms}).
+This policy setting allows you to add Internet or intranet sites to the "Search again" links located at the bottom of search results in File Explorer and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. The Internet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, `https://www.example.com/results.aspx?q={searchTerms}`).
 
 You can add up to five additional links to the "Search again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links.
 

windows/client-management/mdm/policy-csp-audit.md

@@ -4,7 +4,7 @@ description: Learn more about the Audit Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 02/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -1083,7 +1083,7 @@ Volume: Low.
 <!-- AccountManagement_AuditDistributionGroupManagement-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting allows you to audit events generated by changes to distribution groups such as the following Distribution group is created, changed, or deleted. Member is added or removed from a distribution group. Distribution group type is changed. If you configure this policy setting, an audit event is generated when an attempt to change a distribution group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-- If you do not configure this policy setting, no audit event is generated when a distribution group changes
+- If you do not configure this policy setting, no audit event is generated when a distribution group changes.
 
 > [!NOTE]
 > Events in this subcategory are logged only on domain controllers.
@@ -1332,7 +1332,7 @@ Volume: Low.
 
 <!-- DetailedTracking_AuditDPAPIActivity-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see <https://go.microsoft.com/fwlink/?LinkId=121720>. If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests.
+This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see [How to Use Data Protection](/dotnet/standard/security/how-to-use-data-protection). If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests.
 - If you do not configure this policy setting, no audit event is generated when an encryption or decryption request is made to DPAPI.
 <!-- DetailedTracking_AuditDPAPIActivity-Description-End -->
 
@@ -1825,7 +1825,7 @@ Volume: High on domain controllers. None on client computers.
 
 <!-- DSAccess_AuditDirectoryServiceChanges-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted. When possible, events logged in this subcategory indicate the old and new values of the object's properties. Events in this subcategory are logged only on domain controllers, and only objects in AD DS with a matching system access control list (SACL) are logged
+This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted. When possible, events logged in this subcategory indicate the old and new values of the object's properties. Events in this subcategory are logged only on domain controllers, and only objects in AD DS with a matching system access control list (SACL) are logged.
 
 > [!NOTE]
 > Actions on some objects and properties do not cause audit events to be generated due to settings on the object class in the schema. If you configure this policy setting, an audit event is generated when an attempt to change an object in AD DS is made. Success audits record successful attempts, however unsuccessful attempts are NOT recorded.
@@ -2135,7 +2135,7 @@ Volume: Medium or Low on computers running Active Directory Certificate Services
 
 <!-- ObjectAccess_AuditDetailedFileShare-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share. Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access. If you configure this policy setting, an audit event is generated when an attempt is made to access a file or folder on a share. The administrator can specify whether to audit only successes, only failures, or both successes and failures
+This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share. Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access. If you configure this policy setting, an audit event is generated when an attempt is made to access a file or folder on a share. The administrator can specify whether to audit only successes, only failures, or both successes and failures.
 
 > [!NOTE]
 > There are no system access control lists (SACLs) for shared folders.
@@ -2201,7 +2201,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc
 <!-- ObjectAccess_AuditFileShare-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting allows you to audit attempts to access a shared folder. If you configure this policy setting, an audit event is generated when an attempt is made to access a shared folder.
-- If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, or both successes and failures
+- If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, or both successes and failures.
 
 > [!NOTE]
 > There are no system access control lists (SACLs) for shared folders.
@@ -2266,8 +2266,8 @@ Volume: High on a file server or domain controller because of SYSVOL network acc
 
 <!-- ObjectAccess_AuditFileSystem-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the request match the settings in the SACL. For more information about enabling object access auditing, see <https//go.microsoft.com/fwlink/?LinkId=122083>. If you configure this policy setting, an audit event is generated each time an account accesses a file system object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-- If you do not configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL
+This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the request match the settings in the SACL. For more information about enabling object access auditing, see https//go.microsoft.com/fwlink/?LinkId=122083. If you configure this policy setting, an audit event is generated each time an account accesses a file system object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
+- If you do not configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL.
 
 > [!NOTE]
 > You can set a SACL on a file system object using the Security tab in that object's Properties dialog box.
@@ -2455,7 +2455,7 @@ Volume: High.
 <!-- ObjectAccess_AuditHandleManipulation-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events. If you configure this policy setting, an audit event is generated when a handle is manipulated. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-- If you do not configure this policy setting, no audit event is generated when a handle is manipulated
+- If you do not configure this policy setting, no audit event is generated when a handle is manipulated.
 
 > [!NOTE]
 > Events in this subcategory generate events only for object types where the corresponding Object Access subcategory is enabled. For example, if File system object access is enabled, handle manipulation security audit events are generated. If Registry object access is not enabled, handle manipulation security audit events will not be generated.
@@ -2519,7 +2519,7 @@ Volume: Depends on how SACLs are configured.
 
 <!-- ObjectAccess_AuditKernelObject-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy setting allows you to audit attempts to access the kernel, which include mutexes and semaphores. Only kernel objects with a matching system access control list (SACL) generate security audit events
+This policy setting allows you to audit attempts to access the kernel, which include mutexes and semaphores. Only kernel objects with a matching system access control list (SACL) generate security audit events.
 
 > [!NOTE]
 > The Audit Audit the access of global system objects policy setting controls the default SACL of kernel objects.
@@ -2645,7 +2645,7 @@ Volume: Low.
 <!-- ObjectAccess_AuditRegistry-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL. If you configure this policy setting, an audit event is generated each time an account accesses a registry object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-- If you do not configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL
+- If you do not configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL.
 
 > [!NOTE]
 > You can set a SACL on a registry object using the Permissions dialog box.
@@ -2771,10 +2771,10 @@ This policy setting allows you to audit user attempts to access file system obje
 <!-- ObjectAccess_AuditSAM-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects. SAM objects include the following SAM_ALIAS -- A local group. SAM_GROUP -- A group that is not a local group. SAM_USER - A user account. SAM_DOMAIN - A domain. SAM_SERVER - A computer account. If you configure this policy setting, an audit event is generated when an attempt to access a kernel object is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-- If you do not configure this policy setting, no audit event is generated when an attempt to access a kernel object is made
+- If you do not configure this policy setting, no audit event is generated when an attempt to access a kernel object is made.
 
 > [!NOTE]
-> Only the System Access Control List (SACL) for SAM_SERVER can be modified. Volume High on domain controllers. For information about reducing the amount of events generated in this subcategory, see article 841001 in the Microsoft Knowledge Base (<https//go.microsoft.com/fwlink/?LinkId=121698)>.
+> Only the System Access Control List (SACL) for SAM_SERVER can be modified. Volume High on domain controllers. For information about reducing the amount of events generated in this subcategory, see article 841001 in the Microsoft Knowledge Base (https//go.microsoft.com/fwlink/?LinkId=121698).
 <!-- ObjectAccess_AuditSAM-Description-End -->
 
 <!-- ObjectAccess_AuditSAM-Editable-Begin -->
@@ -2836,7 +2836,7 @@ Volume: High on domain controllers. For more information about reducing the numb
 <!-- PolicyChange_AuditAuthenticationPolicyChange-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting allows you to audit events generated by changes to the authentication policy such as the following Creation of forest and domain trusts. Modification of forest and domain trusts. Removal of forest and domain trusts. Changes to Kerberos policy under Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy. Granting of any of the following user rights to a user or group Access This Computer From the Network. Allow Logon Locally. Allow Logon Through Terminal Services. Logon as a Batch Job. Logon a Service. Namespace collision. For example, when a new trust has the same name as an existing namespace name. If you configure this policy setting, an audit event is generated when an attempt to change the authentication policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
-- If you do not configure this policy setting, no audit event is generated when the authentication policy is changed
+- If you do not configure this policy setting, no audit event is generated when the authentication policy is changed.
 
 > [!NOTE]
 > The security audit event is logged when the group policy is applied. It does not occur at the time when the settings are modified.
@@ -3147,7 +3147,7 @@ Volume: Low.
 
 <!-- PolicyChange_AuditPolicyChange-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy setting allows you to audit changes in the security audit policy settings such as the following Settings permissions and audit settings on the Audit Policy object. Changes to the system audit policy. Registration of security event sources. De-registration of security event sources. Changes to the per-user audit settings. Changes to the value of CrashOnAuditFail. Changes to the system access control list on a file system or registry object. Changes to the Special Groups list
+This policy setting allows you to audit changes in the security audit policy settings such as the following Settings permissions and audit settings on the Audit Policy object. Changes to the system audit policy. Registration of security event sources. De-registration of security event sources. Changes to the per-user audit settings. Changes to the value of CrashOnAuditFail. Changes to the system access control list on a file system or registry object. Changes to the Special Groups list.
 
 > [!NOTE]
 > System access control list (SACL) change auditing is done when a SACL for an object changes and the policy change category is enabled. Discretionary access control list (DACL) and ownership changes are audited when object access auditing is enabled and the object's SACL is configured for auditing of DACL/Owner change.

windows/client-management/mdm/policy-csp-browser.md

@@ -1484,7 +1484,7 @@ Supported versions: Microsoft Edge on Windows 10, version 1809
 Default setting: Disabled or not configured
 Related policies:
 - Allows development of Windows Store apps and installing them from an integrated development environment (IDE)
-- Allow all trusted apps to install 
+- Allow all trusted apps to install
 <!-- AllowSideloadingOfExtensions-Description-End -->
 
 <!-- AllowSideloadingOfExtensions-Editable-Begin -->
@@ -3248,7 +3248,7 @@ Related Documents:
 
 - [Find a package family name (PFN) for per-app VPN](/mem/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
 - [How to manage volume purchased apps from the Microsoft Store for Business with Microsoft Intune](/mem/intune/apps/windows-store-for-business)
-- [Assign apps to groups with Microsoft Intune](/mem/intune/apps-deploy)
+- [Assign apps to groups with Microsoft Intune](/mem/intune/apps/apps-deploy)
 - [Manage apps from the Microsoft Store for Business and Education with Configuration Manager](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
 - [Add a Windows line-of-business app to Microsoft Intune](/mem/intune/apps/lob-apps-windows)
 <!-- PreventTurningOffRequiredExtensions-Editable-End -->

windows/client-management/mdm/policy-csp-defender.md

@@ -4,7 +4,7 @@ description: Learn more about the Defender Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 02/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -1164,7 +1164,7 @@ This setting applies to scheduled scans, but it has no effect on scans initiated
 
 <!-- CloudBlockLevel-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. For more information about specific values that are supported, see the Windows Defender Antivirus documentation site
+This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. For more information about specific values that are supported, see [Specify the cloud protection level](/microsoft-365/security/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus).
 
 > [!NOTE]
 > This feature requires the Join Microsoft MAPS setting enabled in order to function.
@@ -1232,7 +1232,7 @@ This policy setting determines how aggressive Windows Defender Antivirus will be
 
 <!-- CloudExtendedTimeout-Description-Begin -->
 <!-- Description-Source-DDF -->
-This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds. For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds
+This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds. For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds.
 
 > [!NOTE]
 > This feature depends on three other MAPS settings the must all be enabled- Configure the 'Block at First Sight' feature; Join Microsoft MAPS; Send file samples when further analysis is required.
@@ -1980,7 +1980,7 @@ Allows an administrator to specify a list of directory paths to ignore during a
 
 <!-- ExcludedProcesses-Description-Begin -->
 <!-- Description-Source-DDF -->
-Allows an administrator to specify a list of files opened by processes to ignore during a scan
+Allows an administrator to specify a list of files opened by processes to ignore during a scan.
 
 > [!IMPORTANT]
 > The process itself is not excluded from the scan, but can be by using the Defender/ExcludedPaths policy to exclude its path. Each file type must be separated by a |. For example, C\Example. exe|C\Example1.exe.

windows/client-management/mdm/uefi-csp.md

@@ -7,7 +7,7 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 10/02/2018
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ---
 
@@ -31,7 +31,7 @@ The UEFI Configuration Service Provider (CSP) interfaces to UEFI's Device Firmwa
 > The UEFI CSP version published in Windows 10, version 1803 is replaced with this one (version 1809).
 
 > [!NOTE]
-> The production UEFI CSP is present in 1809, but it depends upon the [Device Firmware Configuration Interface (DFCI) and UEFI firmware](https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/Dfci_Feature/) to comply with this interface.
+> The production UEFI CSP is present in 1809, but it depends upon the [Device Firmware Configuration Interface (DFCI) and UEFI firmware](https://microsoft.github.io/mu/dyn/mu_feature_dfci/DfciPkg/Docs/Dfci_Feature/) to comply with this interface.
 
 The following shows the UEFI CSP in tree format.
 ```