Merge branch 'main' of https://github.com/MicrosoftDocs/windows-docs-pr into fr-mfa-activation

2025-05-15 14:57:23 +00:00 · 2024-02-23 09:19:17 -05:00 · 2024-02-23 09:19:17 -05:00 · 9fdc6f0d6c
commit 9fdc6f0d6c
parent 35f0f6f11d 602edaefa6
19 changed files with 1342 additions and 125 deletions
--- a/.openpublishing.redirection.browsers.json
+++ b/.openpublishing.redirection.browsers.json
--- a/education/docfx.json
+++ b/education/docfx.json
@ -65,7 +65,8 @@
        "v-stsavell",
        "beccarobins",
        "Stacyrch140",
-        "American-Dipper"
+        "American-Dipper",
        "shdyas"
      ]
    },
    "fileMetadata": {
--- a/store-for-business/docfx.json
+++ b/store-for-business/docfx.json
@ -69,7 +69,8 @@
        "v-stsavell",
        "beccarobins",
        "Stacyrch140",
-        "American-Dipper"
+        "American-Dipper",
        "shdyas"
      ]
    },
    "fileMetadata": {},
--- a/windows/application-management/docfx.json
+++ b/windows/application-management/docfx.json
@ -62,9 +62,12 @@
        "beccarobins",
        "Stacyrch140",
        "v-stsavell",
-        "American-Dipper"
+        "American-Dipper",
        "shdyas"
      ],
-      "searchScope": ["Windows 10"]
+      "searchScope": [
        "Windows 10"
      ]
    },
    "fileMetadata": {
      "feedback_system": {
--- a/windows/client-management/docfx.json
+++ b/windows/client-management/docfx.json
@ -69,7 +69,8 @@
        "american-dipper",
        "angelamotherofdragons",
        "v-stsavell",
-        "stacyrch140"
+        "stacyrch140",
        "shdyas"
      ],
      "searchScope": [
        "Windows 10"
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@ -1,7 +1,7 @@
 ---
 title: MixedReality Policy CSP
 description: Learn more about the MixedReality Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 02/20/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -272,6 +272,59 @@ This policy controls if the HoloLens displays will be automatically adjusted for
 <!-- AutomaticDisplayAdjustment-End -->
 <!-- AutoUnlock-Begin -->
 ## AutoUnlock
 <!-- AutoUnlock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ✅ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- AutoUnlock-Applicability-End -->
 <!-- AutoUnlock-OmaUri-Begin -->
 ```User
 ./User/Vendor/MSFT/Policy/Config/MixedReality/AutoUnlock
 ```
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoUnlock
 ```
 <!-- AutoUnlock-OmaUri-End -->
 <!-- AutoUnlock-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy controls whether a signed-in user will be prompted for credentials when returning to the device after the device has entered suspended state. This policy is available both for the device as well as the user scope. When enabled for the device scope, auto unlock will be enabled for all users on the device. When enabled for the user scope, only the specific user will have auto unlock enabled.
 <!-- AutoUnlock-Description-End -->
 <!-- AutoUnlock-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- AutoUnlock-Editable-End -->
 <!-- AutoUnlock-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- AutoUnlock-DFProperties-End -->
 <!-- AutoUnlock-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | User will be prompted for credentials. |
 | 1 | User won't be prompted for credentials. |
 <!-- AutoUnlock-AllowedValues-End -->
 <!-- AutoUnlock-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- AutoUnlock-Examples-End -->
 <!-- AutoUnlock-End -->
 <!-- BrightnessButtonDisabled-Begin -->
 ## BrightnessButtonDisabled
--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@ -66,9 +66,12 @@
        "beccarobins",
        "Stacyrch140",
        "v-stsavell",
-        "American-Dipper"
+        "American-Dipper",
        "shdyas"
      ],
-      "searchScope": ["Windows 10"]
+      "searchScope": [
        "Windows 10"
      ]
    },
    "fileMetadata": {
      "feedback_system": {
@ -113,4 +116,3 @@
    "markdownEngineName": "markdig"
  }
 }
--- a/windows/deployment/do/waas-delivery-optimization-faq.yml
+++ b/windows/deployment/do/waas-delivery-optimization-faq.yml
@ -15,19 +15,66 @@ metadata:
  appliesto: 
    - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
    - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
    - ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019, and later</a>
    - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>	
-  ms.date: 07/31/2023
+  ms.date: 02/16/2024
-title: Delivery Optimization Frequently Asked Questions
+title: Frequently Asked Questions about Delivery Optimization
 summary: |
-  Frequently Asked Questions for Delivery Optimization
+  This article answers frequently asked questions about Delivery Optimization.
  **General questions**:
  - [What Delivery Optimization settings are available?](#what-delivery-optimization-settings-are-available) 
  - [Does Delivery Optimization work with WSUS?](#does-delivery-optimization-work-with-wsus)
  - [How are downloads initiated by Delivery Optimization?](#how-are-downloads-initiated-by-delivery-optimization)
  - [Delivery Optimization is downloading Windows content on my devices directly from an IP Address, is it expected?](#delivery-optimization-is-downloading-windows-content-on-my-devices-directly-from-an-ip-address--is-it-expected)
  - [How do I turn off Delivery Optimization?](#how-do-i-turn-off-delivery-optimization)
  **Network related configuration questions**:
  - [Which ports does Delivery Optimization use?](#which-ports-does-delivery-optimization-use)
  - [What are the requirements if I use a proxy?](#what-are-the-requirements-if-i-use-a-proxy)
  - [What hostnames should I allow through my firewall to support Delivery Optimization?](#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization)
  - [My firewall requires IP addresses and can't process FQDNs. How do I configure it to download content with Delivery Optimization?How do I configure it to download content with Delivery Optimization?](#my-firewall-requires-ip-addresses-and-can-t-process-fqdns--how-do-i-configure-it-to-download-content-with-delivery-optimization)
  - [What is the recommended configuration for Delivery Optimization used with cloud proxies?](#what-is-the-recommended-configuration-for-delivery-optimization-used-with-cloud-proxies)
   **Peer-to-Peer related questions**: 
  - [How does Delivery Optimization determine which content is available for peering?](#how-does-delivery-optimization-determine-which-content-is-available-for-peering)
  - [Does Delivery Optimization use multicast?](#does-delivery-optimization-use-multicast)
  - [How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN?](#how-does-delivery-optimization-deal-with-congestion-on-the-router-from-peer-to-peer-activity-on-the-lan)
  - [How does Delivery Optimization handle VPNs?](#how-does-delivery-optimization-handle-vpns)
  - [How does Delivery Optimization handle networks where a public IP address is used in place of a private IP address?](#how-does-delivery-optimization-handle-networks-where-a-public-ip-address-is-used-in-place-of-a-private-ip-address)
  **Device resources questions**: 
  - [Delivery Optimization is using device resources and I can't tell why?](#delivery-optimization-is-using-device-resources-and-i-can-t-tell-why)
 sections: 
-  - name: Ignored
+  - name: General questions
    questions:
      - question: What Delivery Optimization settings are available?
        answer: |
          There are many different Delivery Optimization [settings](waas-delivery-optimization-reference.md) available. These settings allow you to effectively manage how Delivery Optimization is used within your environment with controls on bandwidth, time of day, etc. 
      - question: Does Delivery Optimization work with WSUS?
-        answer: Yes. Devices obtain the update payloads from the WSUS server, but must also have an internet connection as they communicate with the Delivery Optimization cloud service for coordination.
+        answer: |
         Yes. Devices obtain the update payloads from the WSUS server, but must also have an internet connection as they communicate with the Delivery Optimization cloud service for coordination.
      - question: How are downloads initiated by Delivery Optimization?
        answer: |
          Delivery Optimization only starts when an application or service that's integrated with Delivery Optimization starts a download. For example, the Microsoft Edge browser. For more information about Delivery Optimization callers, see [Types of download content supported by Delivery Optimization](waas-delivery-optimization.md#types-of-download-content-supported-by-delivery-optimization).
      - question: Delivery Optimization is downloading Windows content on my devices directly from an IP address, is it expected? 
        answer: | 
          When Delivery Optimization downloads from a [Microsoft Connected Cache](waas-microsoft-connected-cache.md) server that is hosted by your internet service provider, the download will be pulled directly from the IP address of that server. If the Microsoft Connected cache isn't available, the download will fall back seamlessly to the CDN instead. Delivery Optimization Peers are used in parallel if available. 
      - question: How do I turn off Delivery Optimization?
        answer: |
          Delivery Optimization is an HTTP downloader used by most content providers from Microsoft. When a device is configured to use Delivery Optimization peering (on by default), it does so with the HTTP downloader capabilities to optimize bandwidth usage. 
          If you'd like to disable peer-to-peer capabilities of Delivery Optimization, change the Delivery Optimization [Download mode](waas-delivery-optimization-reference.md#download-mode) setting to '0', which will disable peer-to-peer and provide hash checks. [Download mode](waas-delivery-optimization-reference.md#download-mode) set to '99' should only be used when the device is offline and doesn't have internet access.
          Don't set **Download mode** to '100' (Bypass), which can cause some content to fail to download. Starting in Windows 11, Download mode '100' is deprecated.
          > [!NOTE]
          > Disabling Delivery Optimization won't prevent content from downloading to your devices. If you're looking to pause updates, you need to set policies for the relevant components such as Windows Update, Windows Store or Microsoft Edge browser.  If you're looking to reduce the load on your network, look into using Delivery Optimization Peer-to-Peer, Microsoft Connected Cache or apply the [network throttling policies](waas-delivery-optimization-reference.md#maximum-download-bandwidth) available for Delivery Optimization.
  - name: Network related configuration questions
    questions:
      - question: Which ports does Delivery Optimization use?
        answer: | 
          Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service registers and opens this port on the device. The port must be set to accept inbound traffic through your firewall. If you don't allow inbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data).
@ -35,10 +82,9 @@ sections:
          Delivery Optimization uses Teredo to create peer groups, which include devices across NATs (or any form of internal subnet that uses gateways or firewalls between subnets). To enable this scenario, you must allow inbound TCP/IP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
          Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80.
      - question: What are the requirements if I use a proxy?
-        answer: For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](../do/delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](/windows/deployment/update/windows-update-troubleshooting).
+        answer: |
-
+          For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](../do/delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](/windows/deployment/update/windows-update-troubleshooting).
      - question: What hostnames should I allow through my firewall to support Delivery Optimization?
        answer: | 
          **For communication between clients and the Delivery Optimization cloud service**:
@ -58,29 +104,37 @@ sections:
          - `win1910.ipv6.microsoft.com`
          For more information, see [Endpoints for Delivery Optimization and Microsoft Connected Cache](../do/delivery-optimization-endpoints.md) for a list of all content endpoints needed.
      - question: My firewall requires IP addresses and can't process FQDNs. How do I configure it to download content with Delivery Optimization?
        answer: | 
          Microsoft content, such as Windows updates, are hosted and delivered globally via Content Delivery Networks (CDNs) and [Microsoft Connected Cache](waas-microsoft-connected-cache.md) (MCC) servers, which are hosted within Internet Service Provider (ISP) networks. 
          The network of CDNs and MCCs allows Microsoft to reach the scale required to meet the demand of the Windows user base. Given this delivery infrastructure changes dynamically, providing an exhaustive list of IPs and keeping it up to date isn't feasible.  
-        
+      - question: What is the recommended configuration for Delivery Optimization used with cloud proxies?
      - question: Delivery Optimization is downloading Windows content on my devices directly from an IP Address, is it expected? 
        answer: |
-          When Delivery Optimization downloads from a [Microsoft Connected Cache](waas-microsoft-connected-cache.md) server that is hosted by your Internet Service Provider, the download will be pulled directly from the IP Address of that server. If the Microsoft Connected cache isn't available, the download will fall back seamlessly to the CDN instead. Delivery Optimization Peers are used in parallel if available. 
+          The recommended configuration for Delivery Optimization peer-to-peer to work most efficiently along with cloud proxy solutions (for example, Zscaler) is to allow traffic to the Delivery Optimization services to go directly to the internet and not through the cloud proxy.
          At a minimum, the following FQDN that is used for communication between clients and the Delivery Optimization service should be allowed with direct internet access and bypass the cloud proxy service: 
            - `*.prod.do.dsp.mp.microsoft.com`
          If allowing direct internet access isn't an option, try using Group Download Mode '2' to define the peering group. [Learn more](waas-delivery-optimization-reference.md#select-the-source-of-group-ids) about using Group Download mode.
  - name: Peer-to-Peer related questions
    questions:
      - question: How does Delivery Optimization determine which content is available for peering?
        answer: |
          Delivery Optimization uses the cache content on the device to determine what's available for peering. For the upload source device, there's a limited number (4) of slots for cached content that's available for peering at a given time. Delivery Optimization contains logic that rotates the cached content in those slots.
      - question: Does Delivery Optimization use multicast?
-        answer: No. It relies on the cloud service for peer discovery, resulting in a list of peers and their IP addresses. Client devices then connect to their peers to obtain download files over TCP/IP.
+        answer: |
-          
+         No. It relies on the cloud service for peer discovery, resulting in a list of peers and their IP addresses. Client devices then connect to their peers to obtain download files over TCP/IP.    
      - question: How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN?
-        answer: Starting in Windows 10, version 1903, Delivery Optimization uses LEDBAT to relieve such congestion. For more information, see this post on the [Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-Transport-converges-on-two-Congestion-Providers-Cubic/ba-p/339819).
+        answer: |
-
+         Starting in Windows 10, version 1903, Delivery Optimization uses LEDBAT to relieve such congestion. For more information, see this post on the [Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-Transport-converges-on-two-Congestion-Providers-Cubic/ba-p/339819).
      - question: How does Delivery Optimization handle VPNs?
        answer: |
          Delivery Optimization attempts to identify VPNs by checking the network adapter type and details. A connection is treated as a VPN if the adapter description contains certain keywords, such as "VPN" or "secure."
-          If the connection is identified as a VPN, Delivery Optimization suspends uploads to other peers. However, you can allow uploads over a VPN by using the [Enable Peer Caching while the device connects via VPN](../do/waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy.
+          If the connection is identified as a VPN, Delivery Optimization suspends uploads to other peers. However, you can allow uploads over a VPN by using the [Enable peer caching while the device connects via VPN](../do/waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy.
-          If you have defined a boundary group in Configuration Manager for VPN IP ranges, you can set the [DownloadMode](../do/waas-delivery-optimization-reference.md#download-mode) policy to 0 for that boundary group, to ensure that there's no peer-to-peer activity over the VPN. When the device isn't connected using a VPN, it can still use peer-to-peer with the default of LAN.
+          If you have defined a boundary group in Microsoft Configuration Manager for VPN IP ranges, you can set the [DownloadMode](../do/waas-delivery-optimization-reference.md#download-mode) policy to 0 for that boundary group, to ensure that there's no peer-to-peer activity over the VPN. When the device isn't connected using a VPN, it can still use peer-to-peer with the default of LAN.
          With split tunneling, make sure to allow direct access to these endpoints:
@ -101,7 +155,6 @@ sections:
          - `https://tsfe.trafficshaping.dsp.mp.microsoft.com`
          For more information about remote work if you're using Configuration Manager, see this post on the [Configuration Manager blog](https://techcommunity.microsoft.com/t5/configuration-manager-blog/managing-patch-tuesday-with-configuration-manager-in-a-remote/ba-p/1269444).
      - question: How does Delivery Optimization handle networks where a public IP address is used in place of a private IP address?
        answer: |
          Starting with Windows 10, version 1903 or later, Delivery Optimization no longer restricts connections between LAN peers to those using private IP addresses. If you use public IP addresses instead of private IP addresses, you can use Delivery Optimization in LAN mode.
@ -109,36 +162,8 @@ sections:
          > [!NOTE]
          > If you use public IP addresses instead of private in LAN mode, the bytes downloaded from or uploaded to LAN peers with public IP addresses might be reported as coming from Internet peers.
-      - question: How are downloads initiated by Delivery Optimization?
+  - name: Device resources questions
-        answer: |
+    questions:
          Delivery Optimization only starts when an application or service that's integrated with Delivery Optimization starts a download. For example, the Microsoft Edge browser. For more information about Delivery Optimization callers, see [Types of download content supported by Delivery Optimization](waas-delivery-optimization.md#types-of-download-content-supported-by-delivery-optimization).
      - question: How does Delivery Optimization determine which content is available for peering?
        answer: |
          Delivery Optimization uses the cache content on the device to determine what's available for peering. For the upload source device, there's a limited number (4) of slots for cached content that's available for peering at a given time. Delivery Optimization contains logic that rotates the cached content in those slots.
      - question: What is the recommended configuration for Delivery Optimization used with cloud proxies (for example, Zscaler)?
        answer: |
          The recommended configuration for Delivery Optimization Peer-to-Peer to work most efficiently along with cloud proxy solutions (for example, Zscaler) is to allow traffic to the Delivery Optimization services to go directly to the internet and not through the cloud proxy.
          At a minimum, the following FQDN that is used for communication between clients and the Delivery Optimization service should be allowed with direct Internet access and bypass the cloud proxy service: 
            - `*.prod.do.dsp.mp.microsoft.com`
          If allowing direct Internet access isn't an option, try using Group Download Mode '2' to define the peering group. [Learn more](waas-delivery-optimization-reference.md#select-the-source-of-group-ids) about using Group Download mode.
      - question: How do I turn off Delivery Optimization?
        answer: |
          Delivery Optimization is an HTTP downloader used by most content providers from Microsoft. When a device is configured to use Delivery Optimization peering (on by default), it does so with the HTTP downloader capabilities to optimize bandwidth usage. 
          If you'd like to disable peer-to-peer capabilities of Delivery Optimization, change the Delivery Optimization [Download mode](waas-delivery-optimization-reference.md#download-mode) setting to '0', which will disable peer-to-peer and provide hash checks. [Download mode](waas-delivery-optimization-reference.md#download-mode) set to '99' should only be used when the device is offline and doesn't have internet access.
          Don't set **Download mode** to '100' (Bypass), which can cause some content to fail to download. Starting in Windows 11, Download mode '100' is deprecated.
          > [!NOTE]
          > Disabling Delivery Optimization won't prevent content from downloading to your devices. If you're looking to pause updates, you need to set policies for the relevant components such as Windows Update, Windows Store or Microsoft Edge browser.  If you're looking to reduce the load on your network, look into using Delivery Optimization Peer-to-Peer, Microsoft Connected Cache or apply the [network throttling policies](waas-delivery-optimization-reference.md#maximum-download-bandwidth) available for Delivery Optimization.
      - question: Delivery Optimization is using device resources and I can't tell why?
        answer: |
          Delivery Optimization is used by most content providers from Microsoft. A complete list can be found [here](waas-delivery-optimization.md#types-of-download-content-supported-by-delivery-optimization). Often customers may not realize the vast application of Delivery Optimization and how it's used across different apps. Content providers have the option to run downloads in the foreground or background. It's good to check any apps running in the background to see what is running. Also note that depending on the app, closing the app may not necessarily stop the download.
      - question: What Delivery Optimization settings are available?
        answer: |
          There are many different Delivery Optimization [settings](waas-delivery-optimization-reference.md) available. These settings allow you to effectively manage how Delivery Optimization is used within your environment with control s on bandwidth, time of day, etc. 
--- a/windows/deployment/docfx.json
+++ b/windows/deployment/docfx.json
@ -61,9 +61,12 @@
        "beccarobins",
        "Stacyrch140",
        "v-stsavell",
-        "American-Dipper"
+        "American-Dipper",
        "shdyas"
      ],
-      "searchScope": ["Windows 10"]
+      "searchScope": [
        "Windows 10"
      ]
    },
    "fileMetadata": {},
    "template": [],
--- a/windows/hub/docfx.json
+++ b/windows/hub/docfx.json
@ -64,7 +64,8 @@
        "beccarobins",
        "Stacyrch140",
        "v-stsavell",
-        "American-Dipper"
+        "American-Dipper",
        "shdyas"
      ]
    },
    "fileMetadata": {},
--- a/windows/privacy/docfx.json
+++ b/windows/privacy/docfx.json
@ -59,10 +59,13 @@
        "beccarobins",
        "Stacyrch140",
        "v-stsavell",
-        "American-Dipper"
+        "American-Dipper",
        "shdyas"
      ]
    },
-      "searchScope": ["Windows 10"]
+    "searchScope": [
      "Windows 10"
    ]
  },
  "fileMetadata": {},
  "template": [],
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@ -68,7 +68,8 @@
        "beccarobins",
        "Stacyrch140",
        "v-stsavell",
-        "American-Dipper"
+        "American-Dipper",
        "shdyas"
      ],
      "searchScope": [
        "Windows 10"
--- a/windows/security/hardware-security/images/pluton/pluton-firmware-load.png
+++ b/windows/security/hardware-security/images/pluton/pluton-firmware-load.png
--- a/windows/security/hardware-security/images/pluton/pluton-security-architecture.png
+++ b/windows/security/hardware-security/images/pluton/pluton-security-architecture.png
--- a/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md
+++ b/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md
@ -2,20 +2,20 @@
 title: Microsoft Pluton security processor
 description: Learn more about Microsoft Pluton security processor
 ms.topic: conceptual
-ms.date: 07/31/2023
+ms.date: 02/19/2024
 ---
 # Microsoft Pluton security processor
-Microsoft Pluton security processor is a chip-to-cloud security technology built with [Zero Trust](/security/zero-trust/zero-trust-overview) principles at the core. Microsoft Pluton provides hardware-based root of trust, secure identity, secure attestation, and cryptographic services. Pluton technology is a combination of a secure subsystem which is part of the System on Chip (SoC) and Microsoft authored software that runs on this integrated secure subsystem.
+Microsoft Pluton security processor is a chip-to-cloud security technology built with [Zero Trust](/security/zero-trust/zero-trust-overview) principles at the core. Microsoft Pluton provides hardware-based root of trust, secure identity, secure attestation, and cryptographic services. Pluton technology is a combination of a secure subsystem, which is part of the System on Chip (SoC) and Microsoft authored software that runs on this integrated secure subsystem.
 Microsoft Pluton is currently available on devices with Ryzen 6000 and Qualcomm Snapdragon&reg; 8cx Gen 3 series processors. Microsoft Pluton can be enabled on devices with Pluton capable processors running Windows 11, version 22H2.
 ## What is Microsoft Pluton?
-Designed by Microsoft and built by silicon partners, Microsoft Pluton is a secure crypto-processor built into the CPU for security at the core to ensure code integrity and the latest protection with updates delivered by Microsoft through Windows Update. Pluton protects credentials, identities, personal data and encryption keys. Information is significantly harder to be removed even if an attacker has installed malware or has complete physical possession of the PC.
+Designed by Microsoft and built by silicon partners, Microsoft Pluton is a secure crypto-processor built into the CPU for security at the core to ensure code integrity and the latest protection with updates delivered by Microsoft through Windows Update. Pluton protects credentials, identities, personal data and encryption keys. Information is significantly harder to be removed even if an attacker installs malware or has complete physical possession of the PC.
-Microsoft Pluton is designed to provide the functionality of the Trusted Platform Module as well as deliver other security functionality beyond what is possible with the TPM 2.0 specification, and allows for additional Pluton firmware and OS features to be delivered over time via Windows Update. For more information, see [Microsoft Pluton as TPM](pluton-as-tpm.md).
+Microsoft Pluton is designed to provide the functionality of the Trusted Platform Module (TPM) and deliver other security functionality beyond what is possible with the TPM 2.0 specification, and allows for other Pluton firmware and OS features to be delivered over time via Windows Update. For more information, see [Microsoft Pluton as TPM](pluton-as-tpm.md).
 Pluton is built on proven technology used in Xbox and Azure Sphere, and provides hardened integrated security capabilities to Windows 11 devices in collaboration with leading silicon partners. For more information, see [Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs](https://www.microsoft.com/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs/).
@ -28,17 +28,17 @@ Pluton Security subsystem consists of the following layers:
 | | Description |
 |--|--|
 | **Hardware** | Pluton Security Processor is a secure element tightly integrated into the SoC subsystem. It provides a trusted execution environment while delivering cryptographic services required for protecting sensitive resources and critical items like keys, data, etc. |
-| **Firmware** | Microsoft authorized firmware provides required secure features and functionality, and exposes interfaces that operating system software and applications can use to interact with Pluton. The firmware is stored in the flash storage available on the motherboard. When the system boots, the firmware is loaded as a part of Pluton Hardware initialization. During Windows startup, a copy of this firmware (or the latest firmware obtained from Windows Update, if available) is loaded in the operating system. For additional information, see [Firmware load flow](#firmware-load-flow) |
+| **Firmware** | Microsoft authorized firmware provides required secure features and functionality, and exposes interfaces that operating system software and applications can use to interact with Pluton. The firmware is stored in the flash storage available on the motherboard. When the system boots, the firmware is loaded as a part of Pluton Hardware initialization. During Windows startup, a copy of this firmware (or the latest firmware obtained from Windows Update, if available) is loaded in the operating system. For more information, see [Firmware load flow](#firmware-load-flow) |
 | **Software** | Operating system drivers and applications available to an end user to allow seamless usage of the hardware capabilities provided by the Pluton security subsystem. |
 ## Firmware load flow
-When the system boots, Pluton hardware initialization is performed by loading the Pluton firmware from the Serial Peripheral Interface (SPI) flash storage available on the motherboard. During Windows startup however, the latest version of the Pluton firmware is used by the operating system. If newer firmware is not available, Windows uses the firmware that was loaded during the hardware initialization. The diagram below illustrates this process:
+When the system boots, Pluton hardware initialization is performed by loading the Pluton firmware from the Serial Peripheral Interface (SPI) flash storage available on the motherboard. During Windows startup however, the latest version of the Pluton firmware is used by the operating system. If newer firmware isn't available, Windows uses the firmware that was loaded during the hardware initialization. This diagram illustrates this process:
 ![Diagram showing the Microsoft Pluton Firmware load flow](../images/pluton/pluton-firmware-load.png)
 [!INCLUDE [microsoft-pluton](../../../../includes/licensing/microsoft-pluton.md)]
-## Related topics
+## Related articles
 [Microsoft Pluton as TPM](pluton-as-tpm.md)
--- a/windows/security/hardware-security/pluton/pluton-as-tpm.md
+++ b/windows/security/hardware-security/pluton/pluton-as-tpm.md
@ -2,16 +2,16 @@
 title: Microsoft Pluton as Trusted Platform Module (TPM 2.0)
 description: Learn more about Microsoft Pluton security processor as Trusted Platform Module (TPM 2.0)
 ms.topic: conceptual
-ms.date: 07/31/2023
+ms.date: 02/19/2024
 ---
 # Microsoft Pluton as Trusted Platform Module
 Microsoft Pluton is designed to provide the functionality of the Trusted Platform Module (TPM) thereby establishing the silicon root of trust. Microsoft Pluton supports the TPM 2.0 industry standard allowing customers to immediately benefit from the enhanced security in Windows features that rely on TPM including BitLocker, Windows Hello, and Windows Defender System Guard.
-As with other TPMs, credentials, encryption keys, and other sensitive information cannot be easily extracted from Pluton even if an attacker has installed malware or has complete physical possession of the device. Storing sensitive data like encryption keys securely within the Pluton processor, which is isolated from the rest of the system, helps ensure that emerging attack techniques such as speculative execution cannot access key material.
+As with other TPMs, credentials, encryption keys, and other sensitive information can't be easily extracted from Pluton even if an attacker installs malware or has complete physical possession of the device. Storing sensitive data like encryption keys securely within the Pluton processor, which is isolated from the rest of the system, helps ensure that emerging attack techniques such as speculative execution can't access key material.
-Pluton also solves the major security challenge of keeping its own root-of-trust firmware up to date across the entire PC ecosystem, by delivering firmware updates from Windows Update. Today customers receive updates to their security firmware from a variety of different sources, which may make it difficult for them to apply these updates.
+Pluton also solves the major security challenge of keeping its own root-of-trust firmware up to date across the entire PC ecosystem, by delivering firmware updates from Windows Update. Today customers receive updates to their security firmware from various sources, which can make it difficult for them to apply these updates.
 To learn more about the TPM related scenarios that benefit from Pluton, see [TPM and Windows Features](/windows/security/information-protection/tpm/tpm-recommendations#tpm-and-windows-features).
@ -25,7 +25,7 @@ Pluton is integrated within the SoC subsystem, and provides a flexible, updatabl
 Devices with Ryzen 6000 and Qualcomm Snapdragon&reg; 8cx Gen 3 series processors are Pluton Capable, however enabling and providing an option to enable Pluton is at the discretion of the device manufacturer. Pluton is supported on these devices and can be enabled from the Unified Extensible Firmware Interface (UEFI) setup options for the device.
-UEFI setup options differ from product to product, visit the product website and check for guidance to enable Pluton as TPM.
+UEFI setup options differ from product to product. Visit the product website and check for guidance to enable Pluton as TPM.
 > [!WARNING]
 > If BitLocker is enabled, We recommend disabling BitLocker before changing the TPM configuration to prevent lockouts. After changing TPM configuration, re-enable BitLocker which will then bind the BitLocker keys with the Pluton TPM. Alternatively, save the BitLocker recovery key onto a USB drive.
@ -35,6 +35,6 @@ UEFI setup options differ from product to product, visit the product website and
 > [!TIP]
 > On most Lenovo devices, entering the UEFI options requires pressing Enter key at startup followed by pressing F1. In the UEFI Setup menu, select Security option, then on the Security page, select Security Chip option, to see the TPM configuration options. Under the drop-down list for Security Chip selection, select **MSFT Pluton** and click F10 to Save and Exit.
-## Related topics
+## Related articles
 [Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)
--- a/windows/security/introduction.md
+++ b/windows/security/introduction.md
@ -12,6 +12,7 @@ content_well_notification:
 author: paolomatarazzo
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
 ai-usage: ai-assisted
 ---
 # Introduction to Windows security
--- a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
@ -47,6 +47,10 @@ Enhanced Phishing Protection can be configured via Microsoft Intune, Group Polic
 | Notify Password Reuse | This policy setting determines whether Enhanced Phishing Protection warns your users if they reuse their work or school password.<li> If you enable this policy setting, Enhanced Phishing Protection warns users if they reuse their work, or school password and encourages them to change it.</li><li> If you disable or don't configure this policy setting, Enhanced Phishing Protection doesn't warn users if they reuse their work or school password. |
 | Notify Unsafe App | This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school passwords in Notepad or Microsoft 365 Office Apps.<li> If you enable this policy setting, Enhanced Phishing Protection warns your users if they store their password in Notepad or Microsoft 365 Office Apps.</li><li> If you disable or don't configure this policy setting, Enhanced Phishing Protection doesn't warn users if they store their password in Notepad or Microsoft 365 Office Apps. |
 Enhanced Phishing Protection allows organizations to add their custom identity provider sign-in URL as a recognized URL. Then Enhanced Phishing Protection doesn't consider Microsoft passwords typed into an internal identity provider (IdP) as unknown or password reuse. Without knowledge of an enterprise's custom identity provider URL, SmartScreen might not have enough information about the URL. If you configure warning dialogs for Enhanced Phishing Protection, it might show an unsafe password usage dialog to the user entering their Microsoft password into the URL.
 To add your organization's custom sign-in URL to Enhanced Phishing Protection, configure the `EnableWebSignIn` policy in the [Authentication Policy CSP](/windows/client-management/mdm/policy-csp-authentication#enablewebsignin). For more information, see [Web sign-in for Windows](../../../identity-protection/web-sign-in/index.md).
 Follow these instructions to configure your devices using either Microsoft Intune, GPO or CSP.
 #### [:::image type="icon" source="../../../images/icons/intune.svg"::: **Intune**](#tab/intune)
--- a/windows/whats-new/docfx.json
+++ b/windows/whats-new/docfx.json
@ -61,9 +61,12 @@
        "beccarobins",
        "Stacyrch140",
        "v-stsavell",
-        "American-Dipper"
+        "American-Dipper",
        "shdyas"
      ],
-      "searchScope": ["Windows 10"]
+      "searchScope": [
        "Windows 10"
      ]
    },
    "fileMetadata": {},
    "template": [],